What is JFrog Artifactory?
Who uses JFrog Artifactory?
Here are some stack decisions, common use cases and reviews by companies and developers who chose JFrog Artifactory in their tech stack.
We use Sonatype Nexus to store our closed-source java libraries to simplify our deployment and dependency-management. While there are many alternatives, most of them are expensive ( GitLab Enterprise ), monilithic ( JFrog Artifactory ) or only offer SaaS-licences. We preferred the on-premise approach of Nexus and therefore decided to use it.
We exclusively use the Maven-capabilities and are glad that the modular design of Nexus allows us to run it very lightweight.
Whenever Qualys scan finds out software vulnerability, say for example Java SDK or any software version that has a potential vulnerability, we search the web to find out the solution and usually install a later version or patch downloading from the web. The problem is, as we are downloading it from web and there are a number of servers where we patch and as an ultimate outcome different people downloads different version and so forth. So I want to create a repository for such binaries so that we use the same patch for all servers.
When I was thinking about the repo, obviously first thought came as GitHub.. But then I realized, it is for code version control and collaboration, not for the packaged software. The other option I am thinking is JFrog Artifactory which stores the binaries and the package software.
What is your recommendation?