What Is 'AWS CodeArtifact'?
A review of the recent artifact repository service by AWS, 'AWS CodeArtifact'. Let's see how it competes with others like Artifactory and Nexus.
Join the DZone community and get the full member experience.
Join For FreeAWS CodeArtifact
Amazon Web Services (AWS) has released its wholly managed software artifact repository service AWS CodeArtifact across multiple AWS regions.
Image source: TheRegister
Introduction
The service allows for the creation of centralized repositories for sharing software packages that have been approved for use across development teams.
With its initial release, CodeArtifact supports three package types as of now: npm, Maven, and pip, which means it works with package managers and builds tools like Maven and Gradle for Java, npm, and yarn for JavaScript, and pip and twine for Python. A single repository can contain packages of a mixture of types, which is a questionable design decision as different package types require different APIs and indexes. Devs can also set up connections to upstream repositories, in effect merging the CodeArtifact repository with another.
Package repository managers are an integral part of today's development process. Developers need libraries in their projects, which requires surprisingly complicated tooling to support a myriad of dependency standards, different metadata, elaborate repository organization, and infrastructure for quality and security gates in the pipeline. AWS CodeArtifact enables easy access to the latest version of a vast number of open-source libraries and some repository organization features, making it a good start.
Market Players and Prediction
The AWS brand name can push this product to many people. Still, the problem might arrive when this solution has to compete with fully-fledged artifact repository managers like Artifactory and Nexus. The list of supported upstream repositories is limited. As of now, AWS CodeArtifact has support limited to Java, JavaScript, and Python. Both Artifactory and Nexus have been doing the job of repository management for more than a decade and learned the hard way the surprising nastiness of the dependency management domain.
Images source: JFrog Artifactory
Artifactory supports 26 languages and many other facts that can make it look like a hard competitor.
Some Irreplaceable Points of Artifactory Are
- Universal solution supporting all major package formats (including Docker, no need to have a separate Docker Registry)
- Integrates with all CI/CD tools
- Custom API-driven automation
- Extensive CLI for uploading and downloading artifacts
- Support for hybrid & multi-cloud environments
- Replication - ensures locality in any network topology
- Immediate (thanks to checksum-based storage) metadata-based promotion between repositories
- Enriched implicit, explicit and custom metadata
- Security vulnerability and license compliance scanning
- Artifactory Query Language
Know more: https://www.jfrog.com/confluence/display/JFROG/JFrog+Artifactory
Image source: Sonatype Nexus
Nexus Repository Features That Make It Different From Others:
- Universal support for all popular build tools
- Repository health checks
- Ability to deploy directly to the desired repository with your choice of build
- SAML/SSO authentication for enhanced security
- Compatible with popular DevOps tools like Eclipse, IntelliJ, Hudson, Jenkins, Puppet, Chef, Docker, and more.
Know more: https://www.sonatype.com/product-nexus-repository
Verdict
AWS might be releasing this solution as part of a product completeness project. By adding CodeArtifact, AWS seems to fill a gap it lacked for years. But, we still need to see if it’s profitable for them to create such an alternative to much more complete artifact managers in the industry today like Artifactory or Nexus. What do you think?
Published at DZone with permission of Pavan Belagatti, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments