Sonatype Nexus Repository alternatives and competitors

Previously, we were developing products without built-in security tools, and Artifactory lets us bake in that security process. We purchased the enterprise edition, which gives us three instances we use in different environments to better deliver our software. 

We run one instance in a sensitive area that's siloed off, one on our corporate infrastructure, and another on a public Cloud. It could be a customer using something out in the open or on Edge. Artifactory allows us to securely deploy our software.

We're a growing company that has been doing things in an archaic way. Artifactory has helped us modernize, and that's something that we can't do without. Our development operations are fully automated at each step from the daily development to the security scans that happen. It sped up our development, reducing a month-long process to a couple of days

The integration between Frog Xray and Artifactory is a pleasant surprise. When our developers push through code, we ensure it's secure, and it's all automated. 

Artifactory's support for hybrid cloud and multi-cloud environments is critical because we deploy to a wide array of environments, including those setups.
When we did the trial, we created multiple types of package registries that support different file types and tested each one. We were thrilled with the results. We were also pleased with the overall flexibility Artifactory provides in terms of storage and database option.

We have integrated Artifactory with Jira, allowing us to create Jira tickets for our security team to review when we identify vulnerabilities. There was a lot of overhead at first, but it paid off because we have full insight into what our code looks like from a security and a developer standpoint.

The package registries have been helpful. GitLab, our previous solution, wasn't managing that well. 

The documentation is a bit sparse. That's our only complaint.

We did a 30-day trial before we purchased Artifactory, and we just started using it.

Artifactory has been stable so far, but time will tell. 

Scalability is something we looked for, and Artifactory provides out-of-the-box scalability. It didn't require much work on our end. We have offices all over the country, so we can point new developers to the closest Artifactory location.

I rate JFrog customer support nine out of ten. We met with JFrog on multiple occasions. They brought their engineers to each call and thoroughly answered our questions. 

Positive

Setting up Artifactory is relatively straightforward, but the documentation on their website is outdated. That has been a challenge, but it's nothing we couldn't work past. Two of our staff members worked on the deployment, including me and our Chief Information Officer.

We did it in-house.

We've already seen a significant return on investment, and we look forward to seeing how it performs in the next year. The automation of pushing out and scanning code and packages is a huge help. 

The price is about what we expect for a tool like this. 

We evaluated several other products, including SonarQube and GitLab Ultimate. They're all about the same. 

I rate JFrog Artifactory eight out of ten until they get their documentation game under control. If JFrog's documentation were more consistent and up-to-date, I would probably give them a ten. 

My advice to potential users is to understand the difference between the tiers, so they can make the right decision. We ultimately made the right decision, but we almost bought the lower tier, which would not have done us any good.