JFrog Artifactory

JFrog Artifactory

DevOps / Build, Test, Deploy / Java Build Tools
Needs advice
on
GitHubGitHub
and
JFrog ArtifactoryJFrog Artifactory

Whenever Qualys scan finds out software vulnerability, say for example Java SDK or any software version that has a potential vulnerability, we search the web to find out the solution and usually install a later version or patch downloading from the web. The problem is, as we are downloading it from web and there are a number of servers where we patch and as an ultimate outcome different people downloads different version and so forth. So I want to create a repository for such binaries so that we use the same patch for all servers.

When I was thinking about the repo, obviously first thought came as GitHub.. But then I realized, it is for code version control and collaboration, not for the packaged software. The other option I am thinking is JFrog Artifactory which stores the binaries and the package software.

What is your recommendation?

READ MORE
6 upvotes·249.3K views
CEO at Scrayos UG (haftungsbeschränkt)·

We use Sonatype Nexus to store our closed-source java libraries to simplify our deployment and dependency-management. While there are many alternatives, most of them are expensive ( GitLab Enterprise ), monilithic ( JFrog Artifactory ) or only offer SaaS-licences. We preferred the on-premise approach of Nexus and therefore decided to use it.

We exclusively use the Maven-capabilities and are glad that the modular design of Nexus allows us to run it very lightweight.

READ MORE
10 upvotes·305.4K views