DEV Community

Pavan Belagatti
Pavan Belagatti

Posted on • Edited on

Review of the 'AWS CodeArtifact'

AWS CodeArtifact

Amazon Web Services (AWS) has released its wholly managed software artifact repository service AWS CodeArtifact across multiple AWS regions.

AWS CodeArtifact
Image source: TheRegister

Introduction

The service allows for the creation of centralized repositories for sharing software packages that have been approved for use across development teams.

With its initial release, CodeArtifact supports three package types as of now: npm, Maven, and pip, which means it works with package managers and build tools like Maven and Gradle for Java, npm, and yarn for JavaScript, and pip and twine for Python. A single repository can contain packages of a mixture of types, which is a questionable design decision as different package types require different APIs and indexes. Devs can also set up connections to upstream repositories, in effect merging the CodeArtifact repository with another.

Package repository managers are an integral part of today's development process. Developers need libraries in their projects, which requires surprisingly complicated tooling to support a myriad of dependency standards, different metadata, elaborate repository organization, and infrastructure for quality and security gates in the pipeline. AWS CodeArtifact enables easy access to the latest version of a vast number of open-source libraries and some repository organization features, making it a good start.

Market players and prediction

The AWS brand name can push this product to many people. Still, the problem might arrive when this solution has to compete with fully-fledged artifact repository managers like Artifactory and Nexus. The list of supported upstream repositories is limited. As of now, AWS CodeArtifact has support limited to Java, JavaScript, and Python. Both Artifactory and Nexus have been doing the job of repository management for more than a decade and learned the hard way the surprising nastiness of the dependency management domain.

JFrog Artifactory

Package types
Images source: JFrog Artifactory

Artifactory supports 26 languages and many other facts that can make it look like a hard competitor.

Some irreplaceable points of Artifactory are:

  • Universal solution supporting all major package formats (including Docker, no need to have a separate Docker Registry)
  • Integrates with all CI/CD tools
  • Custom API-driven automation
  • Extensive CLI for uploading and downloading artifacts
  • Support for hybrid & multi-cloud environments
  • Replication - ensures locality in any network topology
  • Immediate (thanks to checksum-based storage) metadata-based promotion between repositories
  • Enriched implicit, explicit and custom metadata
  • Security vulnerability and license compliance scanning
  • Artifactory Query Language

Know more: https://www.jfrog.com/confluence/display/JFROG/JFrog+Artifactory

Sonatype Nexus
Image source: Sonatype Nexus

Nexus repository features that make it different from others:

  • Universal support for all popular build tools
  • Repository health checks
  • Ability to deploy directly to a desired repository with your choice of build
  • SAML/SSO authentication for enhanced security
  • Compatible with popular DevOps tools like Eclipse, IntelliJ, Hudson, Jenkins, Puppet, Chef, Docker, and more.

Know more: https://www.sonatype.com/product-nexus-repository

Verdict

AWS might be releasing this solution as part of a product completeness project. By adding CodeArtifact, AWS seems to fill a gap it lacked for years. But, we still need to see if it’s profitable for them to create such an alternative to much more complete artifact managers in the industry today like Artifactory or Nexus. What do you think?

Top comments (0)