I personally would probably recommend it. For me, it did what it did well, or at least that was my feeling from it. So, I would recommend it. Overall, I would rate it an eight out of ten.
We don't have a retention policy on our data. All the data that's stored in there is either kept forever or we manually purge it on a regular basis. We are working on a project to implement a self-service retention capability for the developers because we can't keep all of our data forever. It's just not manageable, and we don't need to. Certain data doesn't need to be kept forever. It has a shorter retention policy. So, we are working on building a custom dashboard that integrates with the APIs so the developers can then set their own retention policy on the different datasets. We don't utilize the integration between JFrog Xray and Artifactory. We experimented and played with Xray about two years ago. There were some challenges there. I believe it wasn't able to scan docker images at that time. It may have that capability now. A lot of the data was binaries in docker, and it couldn't scan some of those types of objects, so it wasn't as useful to us at that time. So, at the moment, we're not using Xray. We may look at it again if there are additional new capabilities and features beyond what it had a few years ago, which it probably does. I just haven't had time to do that. The reason that I would give to C-suite executives to continue to invest in Artifactory is that it's like a library. If we're creating all this data and storing all this data for the software, we need to put it into a library. We need to have an index. Some of it is kept forever, and some of it is kept for six months. There are different retention policies on different types of data that goes in there. So, it's essential to have the ability to store this data long-term but also be able to pull it up and find it immediately if we need to address a bug or create a patch on an older revision of a release. For day-to-day work, the software development engineers have to have a place where they upload their merge requests, their final releases, and things like that. So, it's essential. Overall, I would rate it a nine out of ten.
I would advise properly analyzing the needs of your environment and the number of licenses required before buying it. You should also analyze the deployment model that you are going to use. Cloud is advisable. I have been using it on the cloud, and it never went down. Globally, if you want to make JFrog available at any time, cloud deployment is the best option. There are many products available in the market, such as Nexus, but in an enterprise environment, there should be a standard tool that is accessible from anywhere and from any system. If I want to create a new application from the existing bundle, it should be downloadable from a common point. It should be user-friendly and available throughout the environment. It should also be secure. The security of each and every code component is important. JFrog has the token method and the secret value method. So, security and availability are important factors when considering investing in such a tool. JFrog is the best tool in these aspects. I would rate it a 10 out of 10. There isn't much to improve. Overall, the features that they provide in the latest versions are very good. They observe how people are using the product, and they keep on updating their product.
I would definitely recommend it. If you're looking for a solution to host binaries, then Artifactory is definitely the one that you should consider. I would advise going bit by bit. So, use Artifactory first with the repos, and after that, you can use it with Xray and then pipelines, or you can first go with pipelines and then Xray. It depends on what is the biggest value gain for a specific person, company, or group. You should go at it in chunks and make up the bits that are important for you or your company from the solution. Based on that, determine what feature set you should evaluate first and then build your plan around that. That would be my advice. Marvelution is a one-man shop. I'm both the developer and every C-suite or C-chair person that you can think of, but if I were talking to another C-suite exec, then probably the reason that I would give to continue investing in Artifactory is the fact that it's such a transparent tool. It has such a large set of capabilities, including artifact hosting and lifecycle management, and with the whole security with Xray, it just becomes a one-stop shop for everything that is related to your binaries. That would be the reason to continually invest in Artifactory. At the moment, I don't utilize the integration between JFrog Xray and Artifactory. I am looking into using it. Right now, Xray is limited to what I use on my development machine, but I have plans to adopt Xray in my build and release cycles early next year. In terms of Artifact's effect on fixing the Log4j issue, I don't use Log4j. I use Logback, which is a different implementation altogether, but I did utilize the tool in order to see if it was included in any of my release binaries as dead code. In that regard, I didn't get the most value out of it because I'm not using Log4j as such, but I was able to get value from Xray for verifying that it wasn't secretly included in places. It hasn't yet helped to consolidate tools, integrations, or custom scripts because I'm looking into adopting their pipeline implementation for build and deployments. That will likely become relevant once I adopt that. I would rate it a nine out of ten. Jira integration is not there at the moment, so that could possibly bump it. Scoring anything a 10 means perfect. It means that I don't need to look stuff up, and every time I go to the tool, everything just works by magic the way I want to use it. That's nearly impossible to get. If you're building a product for one person, it's nearly possible, but if you're building a product for millions of people, then it's absolutely impossible to gain that. I hardly ever go for 10 because that would mean that it's perfect in every way possible. Software is built by people, and people aren't the definition of perfect. Nine is a good score.
Senior Solutions Architect at a outsourcing company with 51-200 employees
Real User
2022-07-11T20:14:00Z
Jul 11, 2022
I rate JFrog Artifactory eight out of ten until they get their documentation game under control. If JFrog's documentation were more consistent and up-to-date, I would probably give them a ten. My advice to potential users is to understand the difference between the tiers, so they can make the right decision. We ultimately made the right decision, but we almost bought the lower tier, which would not have done us any good.
JFrog Artifactory is a powerful enterprise product designed for storing and managing different types of binaries, including artifacts, Dockery majors, and builds created as part of the CI process. It offers end-to-end binary management capabilities, integration with different environments and cloud providers, and a centralized repository with multiple repositories for different artifacts.
Artifactory has helped organizations modernize and automate their development operations, reducing...
I personally would probably recommend it. For me, it did what it did well, or at least that was my feeling from it. So, I would recommend it. Overall, I would rate it an eight out of ten.
We don't have a retention policy on our data. All the data that's stored in there is either kept forever or we manually purge it on a regular basis. We are working on a project to implement a self-service retention capability for the developers because we can't keep all of our data forever. It's just not manageable, and we don't need to. Certain data doesn't need to be kept forever. It has a shorter retention policy. So, we are working on building a custom dashboard that integrates with the APIs so the developers can then set their own retention policy on the different datasets. We don't utilize the integration between JFrog Xray and Artifactory. We experimented and played with Xray about two years ago. There were some challenges there. I believe it wasn't able to scan docker images at that time. It may have that capability now. A lot of the data was binaries in docker, and it couldn't scan some of those types of objects, so it wasn't as useful to us at that time. So, at the moment, we're not using Xray. We may look at it again if there are additional new capabilities and features beyond what it had a few years ago, which it probably does. I just haven't had time to do that. The reason that I would give to C-suite executives to continue to invest in Artifactory is that it's like a library. If we're creating all this data and storing all this data for the software, we need to put it into a library. We need to have an index. Some of it is kept forever, and some of it is kept for six months. There are different retention policies on different types of data that goes in there. So, it's essential to have the ability to store this data long-term but also be able to pull it up and find it immediately if we need to address a bug or create a patch on an older revision of a release. For day-to-day work, the software development engineers have to have a place where they upload their merge requests, their final releases, and things like that. So, it's essential. Overall, I would rate it a nine out of ten.
I would advise properly analyzing the needs of your environment and the number of licenses required before buying it. You should also analyze the deployment model that you are going to use. Cloud is advisable. I have been using it on the cloud, and it never went down. Globally, if you want to make JFrog available at any time, cloud deployment is the best option. There are many products available in the market, such as Nexus, but in an enterprise environment, there should be a standard tool that is accessible from anywhere and from any system. If I want to create a new application from the existing bundle, it should be downloadable from a common point. It should be user-friendly and available throughout the environment. It should also be secure. The security of each and every code component is important. JFrog has the token method and the secret value method. So, security and availability are important factors when considering investing in such a tool. JFrog is the best tool in these aspects. I would rate it a 10 out of 10. There isn't much to improve. Overall, the features that they provide in the latest versions are very good. They observe how people are using the product, and they keep on updating their product.
I would rate JFrog Artifactory a seven out of ten.
I rate JFrog Artifactory four out of 10.
I would definitely recommend it. If you're looking for a solution to host binaries, then Artifactory is definitely the one that you should consider. I would advise going bit by bit. So, use Artifactory first with the repos, and after that, you can use it with Xray and then pipelines, or you can first go with pipelines and then Xray. It depends on what is the biggest value gain for a specific person, company, or group. You should go at it in chunks and make up the bits that are important for you or your company from the solution. Based on that, determine what feature set you should evaluate first and then build your plan around that. That would be my advice. Marvelution is a one-man shop. I'm both the developer and every C-suite or C-chair person that you can think of, but if I were talking to another C-suite exec, then probably the reason that I would give to continue investing in Artifactory is the fact that it's such a transparent tool. It has such a large set of capabilities, including artifact hosting and lifecycle management, and with the whole security with Xray, it just becomes a one-stop shop for everything that is related to your binaries. That would be the reason to continually invest in Artifactory. At the moment, I don't utilize the integration between JFrog Xray and Artifactory. I am looking into using it. Right now, Xray is limited to what I use on my development machine, but I have plans to adopt Xray in my build and release cycles early next year. In terms of Artifact's effect on fixing the Log4j issue, I don't use Log4j. I use Logback, which is a different implementation altogether, but I did utilize the tool in order to see if it was included in any of my release binaries as dead code. In that regard, I didn't get the most value out of it because I'm not using Log4j as such, but I was able to get value from Xray for verifying that it wasn't secretly included in places. It hasn't yet helped to consolidate tools, integrations, or custom scripts because I'm looking into adopting their pipeline implementation for build and deployments. That will likely become relevant once I adopt that. I would rate it a nine out of ten. Jira integration is not there at the moment, so that could possibly bump it. Scoring anything a 10 means perfect. It means that I don't need to look stuff up, and every time I go to the tool, everything just works by magic the way I want to use it. That's nearly impossible to get. If you're building a product for one person, it's nearly possible, but if you're building a product for millions of people, then it's absolutely impossible to gain that. I hardly ever go for 10 because that would mean that it's perfect in every way possible. Software is built by people, and people aren't the definition of perfect. Nine is a good score.
I rate JFrog Artifactory eight out of ten until they get their documentation game under control. If JFrog's documentation were more consistent and up-to-date, I would probably give them a ten. My advice to potential users is to understand the difference between the tiers, so they can make the right decision. We ultimately made the right decision, but we almost bought the lower tier, which would not have done us any good.