wonderfully unique software solutions

JFrog compares AWS CodeArtifact to its own Artifactory

Robust artifact management is key to software delivery cycles at scale, something that developer tool specialist JFrog has been adamant about for years.

“As developers ourselves, we understood the pain of not having a binary manager, so we introduced the industry’s first artifact management solution. This new category of tools became a critical pillar for any development effort,” JFrog’s Avigail Ofer says in a blog post.

Ofer says JFrog’s OSS Artifactory is still the only one that supports some 27 package types in one, including Docker image registry and Helm repository, with other vendors only lately “starting to catch on”.

Ofer compares AWS’s sally into the space – the CodeArtifact service for binary management, an S3-based managed artifact/binary repository, which is “similar in concept” to JFrog’s base-level Artifactory SaaS service offered on the AWS marketplace and on other public clouds.

Both solutions encrypt the stored artifacts and provide fine-grained RBAC for access control and compliance. Both solutions allow users to proxy external repositories.

“However, CodeArtifact only supports proxying of official upstream repos: npm – npm.js, Python – PyPI, Maven – Maven Central, Google Android repository, Gradle plugins repository and CommonsWare Android repository,” Ofer says.

“Furthermore, CodeArtifact has a strong limit of one external remote repository (called ‘external connection’). It is unclear what is the search order between hosted, upstream and external repos and how permissions are propagated.”

At the time of writing, Ofer says, Maven metadata had to be manually uploaded to Code Artifact by clients. Snapshotting can be key to development teams that are building new software concurrently at speed.

AWS CodeArtifact requires integration with AWS’ ECR service and doesn’t support storing and managing of cloud-native components either, says Ofer.

“This creates acute visibility and traceability issues in your release pipeline, since container images are comprised of release packages coming from other repositories, such as npm, golang, or Maven,” Ofer says.

CodeArtifact uses AWS identity and access management (IAM), with a token that’s hardcoded to expire after 12 hours — tokens must be regenerated and package managers reconfigured accordingly.

Artifactory allows for integrations with different identity providers such as Okta, OneLogin, PingOne or GitHub.

Both solutions provide detailed auditing into the status and usage of binaries. Both solutions can integrate with user CI/CD and the devops tools a developer is already using, through extensive CLI and REST APIs, says JFrog’s Ofer.

Pricing could be a positive for the AWS offering, which obviously integrates natively with the AWS ecosystem. CodeArtifact bills according to usage, including the size of artifacts stored, number of requests made, and amount of data transferred out of an AWS region. At the time of writing, the first 2GB of storage and first 100,000 requests per month were free.

“The free capacity may make CodeArtifact desirable for very small teams and SOHO development shops,” Ofer says.

“Artifactory SaaS on AWS is offered in several plans, with a monthly subscription cost that includes usage. Starting at $98/month for binary management, the base-level service includes 2GB of storage and 10GB data transfer. The next subscription level, including security scanning, comes with 20GB of storage and 200GB data transfer.”

Read the full JFrog comparison here.

Recent Articles

Stormshield and partners warn of cybersecurity risks to Paris 2024

Giant global events -- such as the Paris 2024 Olympic Games -- can expect to continue to be targeted by cyber criminals...

Usecure builds security awareness focus, adds platform functionalities

MSP-focused security vendor Usecure is continuing to expand the capabilities of its human risk management focused software for partners.

Phishing attacks still plague common file types, Hornetsecurity warns

Phishing via archive, HTML, Excel or PDF files remain the leading email-based cyber attack on organisations, according to cybersecurity specialists at Hornetsecurity.

How TechSmith video-based learning can boost diversity and inclusion

When Hillsborough Community College in the USA wanted to create a remote-learning platform to assist students who use sign language, it turned...

Opswat uprates security for AWS partners in the cloud

Operations tech (OT) and industrial cybersecurity vendor Opswat, maker of MetaDefender, has been expanding and deepening its relationships with Amazon Web Services...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox