wonderfully unique software solutions

JFrog compares AWS CodeArtifact to its own Artifactory

Robust artifact management is key to software delivery cycles at scale, something that developer tool specialist JFrog has been adamant about for years.

“As developers ourselves, we understood the pain of not having a binary manager, so we introduced the industry’s first artifact management solution. This new category of tools became a critical pillar for any development effort,” JFrog’s Avigail Ofer says in a blog post.

Ofer says JFrog’s OSS Artifactory is still the only one that supports some 27 package types in one, including Docker image registry and Helm repository, with other vendors only lately “starting to catch on”.

Ofer compares AWS’s sally into the space – the CodeArtifact service for binary management, an S3-based managed artifact/binary repository, which is “similar in concept” to JFrog’s base-level Artifactory SaaS service offered on the AWS marketplace and on other public clouds.

Both solutions encrypt the stored artifacts and provide fine-grained RBAC for access control and compliance. Both solutions allow users to proxy external repositories.

“However, CodeArtifact only supports proxying of official upstream repos: npm – npm.js, Python – PyPI, Maven – Maven Central, Google Android repository, Gradle plugins repository and CommonsWare Android repository,” Ofer says.

“Furthermore, CodeArtifact has a strong limit of one external remote repository (called ‘external connection’). It is unclear what is the search order between hosted, upstream and external repos and how permissions are propagated.”

At the time of writing, Ofer says, Maven metadata had to be manually uploaded to Code Artifact by clients. Snapshotting can be key to development teams that are building new software concurrently at speed.

AWS CodeArtifact requires integration with AWS’ ECR service and doesn’t support storing and managing of cloud-native components either, says Ofer.

“This creates acute visibility and traceability issues in your release pipeline, since container images are comprised of release packages coming from other repositories, such as npm, golang, or Maven,” Ofer says.

CodeArtifact uses AWS identity and access management (IAM), with a token that’s hardcoded to expire after 12 hours — tokens must be regenerated and package managers reconfigured accordingly.

Artifactory allows for integrations with different identity providers such as Okta, OneLogin, PingOne or GitHub.

Both solutions provide detailed auditing into the status and usage of binaries. Both solutions can integrate with user CI/CD and the devops tools a developer is already using, through extensive CLI and REST APIs, says JFrog’s Ofer.

Pricing could be a positive for the AWS offering, which obviously integrates natively with the AWS ecosystem. CodeArtifact bills according to usage, including the size of artifacts stored, number of requests made, and amount of data transferred out of an AWS region. At the time of writing, the first 2GB of storage and first 100,000 requests per month were free.

“The free capacity may make CodeArtifact desirable for very small teams and SOHO development shops,” Ofer says.

“Artifactory SaaS on AWS is offered in several plans, with a monthly subscription cost that includes usage. Starting at $98/month for binary management, the base-level service includes 2GB of storage and 10GB data transfer. The next subscription level, including security scanning, comes with 20GB of storage and 200GB data transfer.”

Read the full JFrog comparison here.

Recent Articles

Access to edtech one of four keys to schooling success

A survey by learning management system (LMS) vendor Instructure has confirmed four socio-economic factors as critical when it comes to the learning...

People still rely on myths about password security, warns Keeper

Popular misconceptions around passwords and their security could be holding workers back from achieving correct password hygiene for a solid cybersecurity posture,...

Stormshield partners deliver cybersecurity with sovereignty for ministry of defence

A decade of a national defence ministry's collaboration with Europe-based cybersecurity provider Stormshield has delivered cybersecurity improvements, without adding risk of information...

Octopus Deploy deprecates Server authentication, certifies with HashiCorp

Devops-focused config management company Octopus Deploy has rounded off November with a trio of updates -- affecting Octopus Server developers, HashiCorp Vault...

SolarWinds and HCL expand enterprise AI for IT ops partnership

Infrastructure applications vendor SolarWinds and HCL Software are expanding their work together delivering enterprise AI and ITops management offerings.

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox