JFrog

1. Summary

JFrog’s focus is on the management and security of the artifacts created by CI, and of the pipeline stages that surround them. It can be seen, therefore, as a key element of any response to the challenges caused by inefficient creation, management, and deployment of software artifacts.

Market positioning: JFrog sets its stall around removing friction from the software development and deployment process – an aspiration it calls ‘liquid software.’ The JFrog Platform offers the following capabilities:

• Artifactory – software artifact management
• Pipelines – CI/CD pipeline automation and optimization
• Xray – security and compliance scanning of binary artifacts and container images

While the JFrog Platform includes CI as a core capability, it can work with other CI tools (e.g. Jenkins and Circle CI). Artifactory is agnostic to the composite units of delivery (e.g. binaries, container images) it manages. It does not replace a version control tool such as Git: its focus is on managing dependencies within and between these units of delivery.

Meanwhile, Pipelines comes with workflow automation capabilities and can orchestrate the DevOps toolchain. It therefore automates the delivery process and visibility of the places where artifacts are being deployed. This requires repositories to be kept in alignment: JFrog recommends that repository names and promotion policies mirror environments in the pipeline (e.g. development, testing, production).

A major plus in the market is that (via Xray) security scanning is seen as an inherent part of the pipeline. JFrog tends to work with larger organizations that historically have followed manual processes and are now looking to relieve this burden, while reducing risk by adding security, repeatability, and trace-ability.

Deployment Model: JFrog products can be deployed on-premise, in the cloud, or in a hybrid model. In addition, the vendor offers SaaS subscription plans on AWS, GCP and Azure platforms.