wonderfully unique software solutions

JFrog compares AWS CodeArtifact to its own Artifactory

Robust artifact management is key to software delivery cycles at scale, something that developer tool specialist JFrog has been adamant about for years.

“As developers ourselves, we understood the pain of not having a binary manager, so we introduced the industry’s first artifact management solution. This new category of tools became a critical pillar for any development effort,” JFrog’s Avigail Ofer says in a blog post.

Ofer says JFrog’s OSS Artifactory is still the only one that supports some 27 package types in one, including Docker image registry and Helm repository, with other vendors only lately “starting to catch on”.

Ofer compares AWS’s sally into the space – the CodeArtifact service for binary management, an S3-based managed artifact/binary repository, which is “similar in concept” to JFrog’s base-level Artifactory SaaS service offered on the AWS marketplace and on other public clouds.

Both solutions encrypt the stored artifacts and provide fine-grained RBAC for access control and compliance. Both solutions allow users to proxy external repositories.

“However, CodeArtifact only supports proxying of official upstream repos: npm – npm.js, Python – PyPI, Maven – Maven Central, Google Android repository, Gradle plugins repository and CommonsWare Android repository,” Ofer says.

“Furthermore, CodeArtifact has a strong limit of one external remote repository (called ‘external connection’). It is unclear what is the search order between hosted, upstream and external repos and how permissions are propagated.”

At the time of writing, Ofer says, Maven metadata had to be manually uploaded to Code Artifact by clients. Snapshotting can be key to development teams that are building new software concurrently at speed.

AWS CodeArtifact requires integration with AWS’ ECR service and doesn’t support storing and managing of cloud-native components either, says Ofer.

“This creates acute visibility and traceability issues in your release pipeline, since container images are comprised of release packages coming from other repositories, such as npm, golang, or Maven,” Ofer says.

CodeArtifact uses AWS identity and access management (IAM), with a token that’s hardcoded to expire after 12 hours — tokens must be regenerated and package managers reconfigured accordingly.

Artifactory allows for integrations with different identity providers such as Okta, OneLogin, PingOne or GitHub.

Both solutions provide detailed auditing into the status and usage of binaries. Both solutions can integrate with user CI/CD and the devops tools a developer is already using, through extensive CLI and REST APIs, says JFrog’s Ofer.

Pricing could be a positive for the AWS offering, which obviously integrates natively with the AWS ecosystem. CodeArtifact bills according to usage, including the size of artifacts stored, number of requests made, and amount of data transferred out of an AWS region. At the time of writing, the first 2GB of storage and first 100,000 requests per month were free.

“The free capacity may make CodeArtifact desirable for very small teams and SOHO development shops,” Ofer says.

“Artifactory SaaS on AWS is offered in several plans, with a monthly subscription cost that includes usage. Starting at $98/month for binary management, the base-level service includes 2GB of storage and 10GB data transfer. The next subscription level, including security scanning, comes with 20GB of storage and 200GB data transfer.”

Read the full JFrog comparison here.

Recent Articles

Intel targets edge computing and 5G services advances with Red Hat

Edge computing and 5G services are set for a boost from Intel announcements at the virtual iteration of the global Consumer Electronics...

Trojans, backdoor and malicious worm attacks target home workers

The proportion of Trojans as an overall share of malware detected leaped nearly 41% year on year during 2020, according to Kaspersky's...

Why no-code software could be key to the post-Covid business

'No code' software platforms might help businesses adapt as they scramble to emerge from the SARS-CoV-2 crisis this year, according to Smartsheet's...

Multiscans boost threat detection rates and file upload safety, says Opswat

Single anti-malware engines usually detect up to 91.8 % of cyber threats but some only have 80% or even 40% detection rates...

Tough times accelerate development — and creativity — at Paessler

Times are tough for many businesses yet the 'pain zone' itself can be the inspiration for creative solutions, according to Paessler country...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox