Skip to content

Artifactory

Artifactory is a binary repository manager software by JFrog designed to store the binary output of the build process for use in distribution and deployment. Artifactory provides support for a number of package formats such as Maven, Conan, Debian, NPM, Helm, Ruby, Python, and Docker. Artifactory offers high availability, multi-site replication, disaster recovery and scalability. (source)

Artifactory is a full-featured artifact repository.

  • Allows for interaction automatically with API
  • High-availability and scaling
  • Dependency management
  • Enterprise-level access control
  • Supports many package managers Maven, NuGet, NPM, Docker

What is an artifact?

An artifact is a finished product after a build process.

Artifacts are the items that get deployed to environments. Do not store artifacts in source control; they should be stored in an artifact repository.

  • Java .jar, .war, .ear
  • .NET .exe, .dll, .nupkg
  • NPM packages
  • Docker images
  • Packaged objects
  • Manifests
  • Zip files

Artifact repository

An artifact needs to be stored in an artifact repository for future use.

  • Provides one place for artifacts to be stored
  • Deduplicates where applications need to be downloaded from
  • Secured and owned by the company - no outside packages are uploaded
  • Features to manage artifact storage and automatic maintenance.

Artifacts should be published only through an automated build pipeline. Avoid manual publishing, which would decrease the quality of the artifact. A pipeline will have proper testing and quality gates before publishing an artifact.

Central dependency manager

Stored, versioned artifacts should be used for dependencies across the organization.

  • Pull dependencies for your application from Artifactory
  • Mirror public repositories for security and reliability (Maven Central, NPM)
  • Will be used for local and CI builds
  • One central location for the enterprise and enables repeatability, resiliency, reliability, and auditability

Immutable artifacts

Build once, deploy anywhere.
- Principals from 12 Factor App

An artifact is more reliable when it cannot be changed since it will be verified thoroughly. Immutability increases reliability due to testing the artifact at a known state. Artifacts should not be altered after going through build process. Immutable artifacts are versioned:

  • Necessary for dependency management to work
  • Versions should never change
  • Never re-publish versions
  • Do not alter already public artifacts
  • If something is wrong then it should be fixed in code and rebuilt as a new version