JFrog Artifactory vs Sonatype Nexus: What are the differences?
What is JFrog Artifactory? Enterprise Universal Repository Manager. It integrates with your existing ecosystem supporting end-to-end binary management that overcomes the complexity of working with different software package management systems, and provides consistency to your CI/CD workflow.
What is Sonatype Nexus? The world's best way to organize, store, and distribute software components. Deliver better, safer software even faster with software supply chain automation.
JFrog Artifactory can be classified as a tool in the "Code Collaboration & Version Control" category, while Sonatype Nexus is grouped under "Java Build Tools".
Sonatype Nexus is an open source tool with 527 GitHub stars and 237 GitHub forks. Here's a link to Sonatype Nexus's open source repository on GitHub.
According to the StackShare community, Sonatype Nexus has a broader approval, being mentioned in 49 company stacks & 16 developers stacks; compared to JFrog Artifactory, which is listed in 16 company stacks and 11 developer stacks.
Whenever Qualys scan finds out software vulnerability, say for example Java SDK or any software version that has a potential vulnerability, we search the web to find out the solution and usually install a later version or patch downloading from the web. The problem is, as we are downloading it from web and there are a number of servers where we patch and as an ultimate outcome different people downloads different version and so forth. So I want to create a repository for such binaries so that we use the same patch for all servers.
When I was thinking about the repo, obviously first thought came as GitHub.. But then I realized, it is for code version control and collaboration, not for the packaged software. The other option I am thinking is JFrog Artifactory which stores the binaries and the package software.
What is your recommendation?