• Article
  • Feb.1.2018

JFrog, Atlassian and Valiantys: A DevOps Alliance

  • Feb.1.2018
  • Reading time mins

The following guest blog was written by Rami Honig, Content Marketing Manager at JFrog.

Atlassian is a household word in any software development organization that is beyond the “garage” phase and has moved on to managing teams at the enterprise level. The company’s diversified product suite has been tried and tested around the world, and they offer solutions for software organizations who require visibility over their DevOps processes.

JFrog has been offering products that complement some of those in the Atlassian suite for several years now. An earlier post on this blog described how Valiantys discovered and started to use JFrog Artifactory to provision its Maven components both internally and to its customers worldwide. This lead to a partnership between JFrog and Valiantys who now offers its expertise to help software organizations continue their journey into DevOps with JFrog’s products.

JFrog offers a full suite of products that accelerate the development and distribution process to help companies release software faster. This post gives an overview of JFrog’s product suite and how it integrates with the Atlassian ecosystem.

JFrog Artifactory, Universal Repository Manager

As a universal artifact repository, Artifactory is where you would manage all the binaries used in your organization – whether they are builds created by your developers or your CI/CD (like Atlassian Bamboo) or remote artifacts downloaded from public repositories on the web. If you are completely unfamiliar with a binary repository, you might like to check out this short 2-minute video that introduces you to the concept.

As a universal artifact repository, Artifactory fits into virtually any development ecosystem.

Here are just a few reasons why you might want to try Artifactory:

It’s universal: It supports every major development technology in common use today as well as popular build tools such as Maven, Gradle and MSBuild, and all major CI servers including Atlassian Bamboo. You can see a comprehensive list of technologies supported by Artifactory on our website.

It’s automated: Artifactory is fully open for automation through a rich REST API that provides access to virtually all features or using JFrog CLI.

It’s enterprise-ready: Artifactory offers enterprise features such as high availability, massively scalable storage, multi-push and event-based pull replication to facilitate global operations and DR, not to mention unbeatable, SLA-based 24/7 support.

It’s a Docker champion: Artifactory provides comprehensive and full support for Docker images, supporting multiple Docker registries per instance with detailed metadata and searchable properties. And by promoting Docker images through repositories representing stages in your development cycle, you can take Docker to production with confidence.

JFrog Xray, Universal Component Analysis

Xray works with Artifactory to analyze software components and reveal a variety of vulnerabilities at any stage of the software application lifecycle. It’s this connection to Artifactory that gives Xray an exclusive edge of combining any number of vulnerability data feeds with the exhaustive metadata stored within Artifactory to detect different vulnerabilities without needing access to source code.

So, while you’re trying out Artifactory, you may also want to give Xray a try. Here are a few reasons why:

It’s also universal: Xray supports most of the package formats supported by Artifactory.

It exposes vulnerabilities at any level: Xray performs a deep scan, recursively going through dependencies at any level.

It shows the impact of a vulnerability: Upon detecting a vulnerability, Xray does an impact analysis and shows you all the components in your software that contain the infected component.

It’s open for integration: In addition to its own database of software components and vulnerabilities, Xray comes built-in with integration to tools such as WhiteSource, Aqua and Blackduck hub. In addition, using Xray’s open API, you can integrate Xray with your own systems and data feeds.

It alerts you about different issues: Xray goes beyond detecting security vulnerabilities. You can define watches based on component type, open source licenses it uses, and even custom properties.

It scans continuously: Xray is present, providing security and other alerts during development, at build time, and even after your software components reach your production systems.

JFrog Bintray, Universal Distribution Platform

Once you’ve developed your components, and scanned them for security vulnerabilities and other issues with Xray, you’re ready to distribute them out to your customers – both internal and external. This is JFrog Bintray’s role in your ecosystem. As a cloud platform, you can get started without any setup right away, and here are a few reasons why you should:

It’s universal: You’re seeing the pattern already. This is JFrog – universal. Bintray offers native support for major package formats, which allows you to work seamlessly with industry standard development, build and deployment tools.

It’s enterprise-ready: Sound familiar too? Yes, Bintray is the only software distribution platform that meets enterprise standards for security, scalability and robustness, and REST API for automation, and support. There’s also a Pro plan and a free OSS plan.

It’s business-oriented: Bintray provides billable usage reports and detailed statistics and audit logs give you advanced download stats.

It’s tightly integrated with Artifactory: Working seamlessly together out-of-the-box, Artifactory and Bintray form the only software delivery pipeline that is fully automated from development to distribution.

JFrog Mission Control

As a company grows, adding more Artifactory and Xray services to cater to its growing number of developer and DevOps teams, configuring and managing these multiple services in a consistent and scalable manner can become complicated. JFrog Mission Control makes it easy. It gives you a birds-eye view of all your global Artifactory and Xray services letting you manage and monitor them all through a single pane of glass.

So once you have a few instances of Artifactory and Xray set up in your enterprise here is why you should try Mission Control:

It gives complete centralized control: With Mission Control, you can configure any aspect of all your JFrog services.

It increases speed, efficiency and consistency: Mission Control uses reusable scripts to configure services and perform a variety of actions. Using scripts helps you can maintain consistency among your services and configure them more quickly and accurately.

It optimizes resource allocation: By providing a series of usage graphs across your organization, Mission Control provides valuable insights on how best to allocate your resources.

It protects you through the worst disasters: With a global view of all your Artifactory and Xray services, Mission Control is in a perfect position to implement disaster recovery at the flick of a switch.

The JFrog-Atlassian Ecosystem

Now that you have an overview of JFrog’s product suite, it’s time to see how we interact with an Atlassian ecosystem. The diagram below shows the full JFrog suite working with Atlassian Bamboo and Bitbucket.

Here’s how the ecosystem flows:

Step 1: A developer runs a build that needs some new dependencies.

Steps 2 and 3: The build tool resolves those dependencies from local and remote repositories in Artifactory.

Step 4: Once the developer is satisfied with his local build, he commits his code to version control, Atlassian Bitbucket in this case.

Step 5: This triggers the CI server, Atlassian Bamboo, to run a build. Bamboo is tightly integrated with Artifactory through the Bamboo Artifactory Plugin.

Step 6: The CI server runs the build.

Step 7: It too resolves dependencies from Artifactory. Note that any dependencies that originate from remote resources are available locally since Artifactory will have cached them previously when the developer ran his build.

Step 8: Once the build is successful, Bamboo deploys the build to Artifactory along with exhaustive build information that enables you to fully reproduce the build at any time.

Step 9: When the build is uploaded to Artifactory, QA can annotate it with custom properties as needed. For example, these could indicate its stage in the pipeline, or the quality of the build. In addition, whenever a component is uploaded to Artifactory this triggers a scan by JFrog Xray. Xray will scan the build and alert the administrator if any issues or vulnerabilities were discovered in the build, or any of its dependencies, according to Watches that were defined for Xray.

Step 10: If the build is approved for distribution, it can be placed in Artifactory’s Distribution Repository for direct upload to JFrog Bintray from which it can be distributed to end users. Using the JFrog Bitbucket addon, you can monitor the complete Bitbucket → Bamboo → Artifactory → Bintray pipeline

The whole time, JFrog Mission Control monitors and manages all of the Artifactory and Xray services participating in this ecosystem.

This is just one example of how you might build your software ecosystem. While your company’s ecosystem may be different, the flexibility and universal nature of JFrog’s solution enables it to fit in and empower your DevOps journey with Atlassian.

Interested in integrating JFrog into your Atlassian ecosystem? You can download this booklet to see the full benefits the JFrog suite can bring to your organization. You can likewise to discuss your project directly.

Contact Valiantys

Check out the other side of the story in a sister post co-published on JFrog’s blog.

Related resources

View all resources