We compared Sonatype Nexus Repository and JFrog Artifactory based on our user's reviews in several parameters.
In comparing Sonatype Nexus Repository and JFrog Artifactory, both offer reliable artifact management, seamless integration with build tools, and valuable customer support. Sonatype stands out for its robust security and customizable permissions, while JFrog is praised for its high-quality storage capabilities and ease of use. Sonatype offers cost-effective pricing and positive ROI, while JFrog is commended for its efficient efficiency and productivity gains. However, users note room for improvement in Sonatype's UI and setup process, while JFrog users seek enhancements in UI, customization, and performance.
Features: Sonatype Nexus Repository stands out for its robust security, customizable user permissions, and seamless integration with build tools. JFrog Artifactory impresses users with its efficient storage and management capabilities, reliable performance, and intuitive navigation.
Pricing and ROI: The setup cost of Sonatype Nexus Repository has been praised for being reasonable and competitive. Users have found the process straightforward with minimal costs. On the other hand, JFrog Artifactory is appreciated for its affordability and flexible pricing options, with a reasonable setup cost and straightforward licensing terms., Sonatype Nexus Repository has shown positive outcomes in terms of ROI with cost-effectiveness, streamlined development process, improved security, and reduced troubleshooting time. Users appreciate its value and utility. On the other hand, JFrog Artifactory provides enhanced efficiency, improved software development processes, increased productivity, time savings, reduced errors, and a centralized artifact repository. It proves to be a valuable investment, benefiting organizations substantially.
Room for Improvement: Sonatype Nexus Repository users have called for improvements in the user interface, setup process, and documentation. JFrog Artifactory users have suggested enhancements in usability, customization options, performance, and documentation.
Deployment and customer support: Users' reviews indicate that both Sonatype Nexus Repository and JFrog Artifactory require a significant amount of time for deployment and setup. However, the reviews highlight a difference in interpretations, as one Sonatype user suggests the terms refer to separate timeframes, while JFrog users imply they likely represent the same period., Users have praised both Sonatype Nexus Repository and JFrog Artifactory for their customer service and support. Sonatype is known for its knowledgeable and efficient assistance, while JFrog is praised for its prompt and helpful assistance and responsiveness.
The summary above is based on 14 interviews we conducted recently with Sonatype Nexus Repository and JFrog Artifactory users. To access the review's full transcripts, download our report.
"The package registries have been helpful. GitLab, our previous solution, wasn't managing that well."
"The core functionality is most valuable for indexing and metadata of all the artifacts, but within the last year or two, we've been using the Projects feature, which has been very helpful. We can now assign individual admins for different projects and repos so that they can self-manage their own user permissions for their data. My IT DevOps team doesn't have to be the facilitators of that. It's now more of a self-service capability for them."
"HPE was using it for a lot of things, and they certainly had a massive implementation."
"The most valuable feature I have found is the JFrog CLI."
"The most valuable feature right now is that the tool is invisible. I've set it up so that it works in my build process and my release processes, and it just works. I hardly ever need to go into the UI to check up on things or correct anything. By far, the biggest feature for me is that after setup, it just keeps on working."
"The most valuable feature is that it is a centralized repository and that you can open multiple repositories for different types of artifacts."
"The feature that I like is Permission Targets. If I want to give permission to only deploy the cache, I can give that permission to a set of users. Similarly, if I want to overwrite an artifact with the same name from the same pipeline, I can give permission for that as well to particular users."
"The key benefit we get from it is speed to delivery. It has improved our overall time to get new applications out with new code. That's true whether from a platform perspective, where we are quickly deploying up-to-date docker containers, or whether we are looking to deploy new code out to deliver a new application."
"It has very good enterprise integration, so we are able to integrate it with the rest of our infrastructure for authentication, for role management. That is very useful."
"Sonatype Nexus Repository has a valuable internal scanner feature."
"I onboarded .NET, then I onboarded JS. And about six or eight months back, I onboarded Python. And I am about to onboard Docker. The availability of integrations allows me to do this."
"Primarily, the extensive support for a wide range of packages is a crucial factor. The effectiveness of new-age package managers is often determined by the breadth of packages they can handle. In this regard, Nexus Repository Manager 3 stands out for its comprehensive coverage, accommodating a vast array of packages widely utilized across the globe. This inclusivity enables easy access to a diverse range of packages, making it a pivotal aspect of its functionality."
"The searching capability is good... and we are managing multiple central repositories."
"Navigation on the UI is easy and simple to understand."
"If there are any issues in build security, it can pick them up straight away."
"The documentation is a bit sparse. That's our only complaint."
"The latest version that I am using is 7.41. It has been upgraded graphics-wise, but there is a bit of slowness. They can improve the graphical interface for the admin jobs and make it faster."
"I would like to see written technical support instead of having to contact them directly."
"We're looking for something that has additional reporting capabilities on data growth and data aging. This goes back to storage lifecycle management so that the actual Artifactory itself can provide these reports to either the administrators or the users. I don't know if it has those capabilities. That's something we have to look into regarding the self-service dashboard, but the tool itself having those capabilities would be great rather than trying to do it at the underlying storage hardware layer."
"In some of the latest versions of JFrog's SaaS solution, they changed the user interface, the SSO settings, how you interact with them over API, and how you generate tokens. It was very confusing for me. The overall user management is very complicated."
"It's an enterprise product that acts like an enterprise product. In other words, it's not a product where they focus on user experience. I wasn't an administrator, so I primarily worked with the command line tool to upload and download parts of the product. I was not impressed with that because it wasn't well documented. It was challenging to figure out how to get things to work."
"Jira integration is something that I would like to see improved. I have already talked with their support, and there is a development ticket open for that. If there is any Xray-related information that should be shared within the development pipeline for security remediation or license or whatever, then I would like to see a ticket to be created automatically in the right project. That's something that's not working with Jira Cloud at the moment. Hopefully, they will be able to address that."
"They should provide automation for adding container images and artifacts in compliance with security requirements."
"Lacks an end-to-end solution for developers to sign and store an image."
"We've had some challenges around the database they use. We've had some big outages and it's due to the fact that we haven't found the database they use is all that stable... We've had some really positive conversations with Sonatype around that and they've provided us with the support and special services to help us migrate off of that, on to another type of database platform which we have more control over."
"When it comes to uploading NPM libraries, JavaScript dependencies libraries, it is a little bit of a convoluted process. They need to improve uploading libraries for NPM-type repositories."
"They could improve the user interface and REST APIs."
"If your emphasis shifts towards NPM products or NuGet, using Nexus is still feasible but may require more effort. The tool is more centered around Maven, making it a bit challenging to seamlessly integrate with NPM."
"Sonatype Nexus Repository could improve by making the experience working with CI/CD pipelines, such as GitHub Action or GitLab better."
"I would like to see them build in some scanning features out-of-the-box, as opposed to only getting them by buying the add-ons of Nexus IQ Server. I would like to see some level of ability to filter in the tool itself, through scanning the binaries in there."
JFrog Artifactory is ranked 2nd in Repository Managers with 7 reviews while Sonatype Nexus Repository is ranked 1st in Repository Managers with 15 reviews. JFrog Artifactory is rated 7.8, while Sonatype Nexus Repository is rated 8.2. The top reviewer of JFrog Artifactory writes "Stores all our artifacts, allows users to manage permissions for their data, and is very stable". On the other hand, the top reviewer of Sonatype Nexus Repository writes "Feature-rich and seamless integration with our other tools". JFrog Artifactory is most compared with Archiva, Bitbucket Data Center, Inedo ProGet and Cloudsmith, whereas Sonatype Nexus Repository is most compared with Archiva, Bitbucket Data Center, Inedo ProGet, EMCO Remote Installer and EMCO MSI Package Builder. See our JFrog Artifactory vs. Sonatype Nexus Repository report.
See our list of best Repository Managers vendors.
We monitor all Repository Managers reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
