The ReleaseTEAM Blog: Here's what you need to know...
Binaries, Artifacts, and Packages – Oh my!
Choosing a Binary Repository Manager
What is a binary repository manager?
Binary repository managers store, manage, and version binaries and artifacts and their metadata. These are different from source code repositories (such as GitHub, GitLab, and BitBucket). JFrog defines artifacts as “the building blocks of software, from your packages and configuration files to the binaries that are the deployable runtime components of your application. Every delivered application is composed of a set of artifacts that connect to each other.”
There are many programming language, platform, and other use case-specific managers, but we’ll be looking at universal binary repository managers (BRM). Each BRM has strengths, so the best one for your projects depends on what types of packages you need to store, what other tools you have in your environment, and possibly vendor preference.
JFrog bills Artifactory as the first universal binary repository manager and supports a wide range of package managers, including Maven, npm, Go Registry, NuGet, PyPI, RubyGems, Conan, RPM, Debian, and Helm. It’s been around since before 2009. A complete list of supported package managers can be found here.
Artifactory capabilities include:
- Repository management that includes build dependencies
- High availability and scalability, including disaster recovery and host replication
- Storage capabilities that include Filestore Sharding and Checksum-based repository management
- Kubernetes and Docker Registry
- Available as cloud or self-hosted
How to try Artifactory: JFrog provides a
30-day trial for self-hosted environments or a free tier for cloud-hosted customers.
Features of the Nexus Repository Manager include:
- Component Management, including artifact building and centralized release control
- Intelligent staging and release to modernize your software quickly
- Scalability and high availability for DevOps tasks, including active clustering
- Complete DevOps lifecycle support from binaries, containers, assemblies, to final products
- Integration with all major code build, review, collaboration, and delivery tools
How to try Nexus: Nexus offers a trial.
GitLab Package Repository
GitLab Packages supports fewer package types than either Nexus or Artifactory. If you’re considering GitLab packages, check that it supports the types you need, or whether the generic package type will work for your requirements.
Although your binaries will be stored separately from your source code, customers may find comfort in leveraging the same vendor as their source code repository. It works seamlessly with GitLab source code management and CI/CD pipelines.
How to try GitLab Package Repository: beginning with version 13.3, Gitlab Package Repository is part of GitLab Free.
GitHub Package Registry launched in 2019. Like GitLab Package manager, GitHub Packages currently supports fewer package formats: npm, RubyGems, Maven, Gradle, NuGet, and Docker. Existing GitHub customers can use their packages in GitHub Packages as dependencies for their source code on GitHub.
Features of the GitHub Package Registry include:
- Details and download statistics for each package
- The entire history of each package
- Integrates with GitHub APIs, GitHub Actions, and webhooks to create an end-to-end DevOps workflow
- Publish packages in a public repository (public packages) to share with all of GitHub or in a private repository (private packages) to share with collaborators or an organization
- Use the same secure GitHub login credentials for your code and packages
- Free for public packages
How to try GitHub Packages: GitHub Packages is free for public repositories. It’s also available in GitHub Free, GitHub Pro, GitHub Free for organizations, GitHub Team, GitHub Enterprise Cloud, GitHub Enterprise Server 3.0 or higher, and GitHub AE.
You can also sign up for a free trial of the Enterprise plan via cloud-hosted or a 45-day trial for Enterprise Server.
|Side by Side comparison of types supported by each repository manager|
|JFrog Artifactory||Sonatype Nexus||GitLab Package||GitHub Packages|
|Go Registry||✔||✔||✔ Alpha|