First of all, let’s start by defining what an “artifact” actually is in relation to software development. An artifact is documentation or any deliverable associated with a project and is usually stored in the form of a large binary package. The artifact helps to describe the function, architecture, and design of the software being developed. Source code, meeting notes, workflow diagrams, data models, risk assessments, use cases, prototypes, and the compiled application can all be considered artifacts.
During the SDLC, there is typically a list drawn up during the planning stages that covers all of the required artifacts that must be produced. Once produced, these artifacts are then shared with the rest of the team in a shared drive or artifact repository.
An artifact repository, which can also be called an artifacts management tool, is an application designed to store, version, and deploy artifacts for builds. There are three types of artifact repositories, which are listed below:
Local: A physical and locally-managed repository that artifacts be deployed into.
Remote: A caching proxy for a repository that is managed at a remote URL. You can remove artifacts from a remote repository, but you can’t deploy new artifacts into it.
Virtual: An aggregated repository that combines local and remote repositories under a common URL.
Theoretically, you could use a source control management (SCM) system to store artifacts, but it would be extremely inefficient because source control systems are designed to handle text-based files. Artifact repositories, on the other hand, are designed to store many types of files. This can include anything from binary files to docker containers.
Lastly, there are now universal package repository managers (UPMs) that try to standardize the way enterprises treat all package types by giving users the ability to apply security and compliance metrics across all artifact types.
Artifacts management tools, also known as artifact repositories, are used to store, organize and distribute artifacts (that is, binary files plus their metadata) in a single centralized location. This reduces the amount of time spent downloading dependencies from a public place. Artifact management tools also prevent inconsistencies by allowing development teams to find the right version of an artifact easily.
The main features that artifacts management tools must have are:
1. Versioning support: properly store metadata, such as when the artifact was built, what its version number is, etc.
2. Retention: allows you to set up criteria to retain important artifacts while automatically deleting irrelevant ones.
3. User permissions: with this feature, you can control who can publish and download artifacts.
4. Promotion: allows you to not only promote artifacts to specific channels, but also to move artifacts between them.
5. License filtering: due to licensing and legal issues surrounding third party artifacts, license filtering is necessary to restrict artifacts so that only approved artifacts can be deployed.
6. High availability: any downtime can significantly encumber development, so it’s important to have a redundant set of repository managers to maintain stability and performance.
Artifact repositories are essential for rapid releases, particularly in DevOps environments. Some of the advantages of using an artifact repository are:
1. Dependency management: a version-controlled common library can be shared by all development teams, bringing a new level of collaboration to the table.
2. Efficient builds: artifacts are easier to access, which saves developer time. Instead of having to download artifacts from public repositories, artifacts can be cached locally once downloaded.
3. Release stability: binary artifacts and metadata don’t change after being published to a release repository, which helps to ensure predictable and repeatable builds.
4. Audit: repositories can track versions, which is useful when standardizing software libraries and auditing the licenses of third-party components.
MyGet is a Universal Cloud Package Manager. MyGet provides private, cloud-based package management for NuGet, npm, Maven, Python and Ruby packages (with more on the way!) so that software teams can manage all their dependencies in one place and focus on shipping great software. Proxy upstream packages or upload your own internal builds, integrate with build pipelines, scan for vulnerabilities and license compliance, and more.Visit Website
CloudRepo is a cloud-native artifact repository manager offering both public and private repositories, for Python and Maven repositories. CloudRepo allows high-performance software development teams to securely store and share artifacts for use in other builds and development processes.
They describe their typical client as a leader or member of a small to medium team that can’t afford to spend time and resources installing, maintaining, or configuring their repository manager (ie. Artifactory or Nexus) and other build tools.Visit Website
The Python Package Index (PyPI) is the official third-party public software repository for the Python programming language. PyPI helps users find, install, and distribute software developed and shared by the Python community. Pip, the Python package installation tool, is used to install files from PyPI.
PyPI is maintained by an independent group of developers known as the Python Packaging Authority (PyPA), and is supported by the Python Packaging Working Group (PackagingWG).Visit Website
Bower is a browser package manager that manages frameworks, libraries, assets, and utilities, installs them, and makes sure they are up to date. It is a command line utility that must be installed with npm. Traditionally, web development projects would use npm to manage back-end dependencies and Bower to manage front-end dependencies. Bower runs over Git and is package-agnostic, meaning that packaged components can be made up of any type of asset.Visit Website
Quay is a hosted private container registry that stores, builds, and deploys container images. Quay also includes features for building and scanning images. It can scan Docker images for security vulnerabilities, identifying potential issues so that you can mitigate security risks. For an example, it can put a layer of indirection between the Docker image ID and the actual image storage that is specific to the repository to which it is associated.Visit Website
Nexus by Sonatype is a repository manager that organizes, stores and distributes artifacts needed for development. With Nexus, developers can completely control access to, and deployment of, every artifact in an organization from a single location, making it easier to distribute software. It is most commonly used for hosting Apache Maven. Currently it supports Maven/Java, npm, NuGet, RubyGems, Docker, P2, OBR, APT and YUM and more.Visit Website
Apache Archiva is a build artifact repository manager from the Apache Software Foundation. It is used with build tools such as Maven, Jenkins, Continuum, and ANT. With Archiva, developers can share artifacts with each other and manage the associated security required, aggregate (proxy) content from remote artifact repositories, visualize artifact utilization with search, browse and reporting, and perform routine maintenance on repositories.
The key function of Archiva is to provide on-demand mirroring of Maven’s central repository. This eliminates the need to download Maven libraries, thereby minimizing long-distance network communication and allowing you to put all project dependency libraries in a centralized location.Visit Website
NuGet is a free, open source package manager designed for sharing code on the Microsoft development platform, specifically .NET. NuGet defines how packages for .NET are created, hosted, and consumed, and provides the tools for each of those roles. Those tools include NuGet CLI and DotNet CLI for creating and consuming of packages, as well as Package Manager Console and Package Manager UI for installing and managing packages in Visual Studio projects.
As public host, NuGet maintains a central repository of unique packages, but also enables developers to host packages privately in the cloud, on a private network, or on a local file system.Visit Website
JFrog Artifactory is a binary repository manager that supports a number of software package formats, including Maven, Debian, npm, Helm, Ruby, Python, and Docker. Features include high availability, replication, disaster recovery, and scalability. Artifactory caches remote artifacts locally for reuse, supports large load bursts with high concurrency, and can automate all aspects of artifact management using Artifactory REST API.
Docker is a software container platform. Originally released in 2013 as an open source Docker Engine, it has grown enormously in popularity and now has an integral place in most DevOps toolchains. It enables developers to easily pack, ship, and run any application as a lightweight, portable, self-sufficient container, which can run almost anywhere. This eliminates “works on my machine” problems when collaborating on code, ensuring that applications work seamlessly in any environment.
Docker containers are the preferred replacement for Virtual Machines (VMs), given that they boot faster, perform better, and consume less memory resources. Docker Containers are also able to share a single kernel and share application libraries.