JFrogとGitLabの比較

GitLab-JFrog Comparison Infographic

This summary infographic compares JFrog and GitLab across several DevOps Stages and Categories. The methodology used to build this chart can be found here. More detailed comparisons and commentary on strenghts, gaps etc. are in sections below.

GitLab JFrog Comparison Chart

On this page

Summary

JFrog has transitioned from an artifact repository to a DevOps Platform that includes CI and CD capabilities through its acquisition of Shippable in Feb 2019. Recently in March 2020, JFrog announced the launch of its DevOps platform called 'JFrog Platform', a pre-integrated solution with a common UI across JFrog Pipelines, JFrog X-Ray and JFrog Source Composition Analysis products. This solution is backed by a common meta data model that facilitates information integration between these separate product. In addition to three primary products JFrog Artifactory, JFrog Pipelines and JFrog Xray, JFrog also provides other products such as JFrog Distribution, JFrog Mission Control and JFrog Container Registry.

JFrog Artifactory is a tool designed to store the binary output of the build process for use in distribution and deployment. Artifactory provides support for a number of package formats. JFrog Artifactory provides a single source of truth for build artifacts and works with JFrog Distribution to efficiently distribute large artifacts across the enterprise.

JFrog Pipelines is a CI-CD product that works well with its Artifactory repository. JFrog pipelines works through a combination of native steps (a set of higher order steps built on bash) and resources (inputs into or outputs from native steps, can be any type such as a build, integration etc.). JFrog pipelines is a functional CI-CD product, though it lacks several capabilities typically foudn in enterprise class products.

JFrog Xray is the security product that can be built-into various steps within a JFrog pipeline. Xray supports detecting security vulnerabilities in all dependent code and also provides license compliance capabilities.

JFrog Artifactory

Artifactory provides support for a number of package formats such as Maven, Debian, NPM, Helm, Ruby, Python, and Docker. Artifactory also stores a complete map of all the components that went into creating the artifact. This information feeds other products such as JFrog Xray. Artifacts can be efficiently distributed across remote sites using JFrog Distribution.

GitLab also offers the ability to store and distribute packages, but at the moment offers less package type compatibility than Artifactory does - Maven, Docker, NPM. GitLab strengths are in providing a single product for the full DevOps Lifecycle. In addition, GitLab CI-CD and Security Capabilities have better functionality and provide enterprise grade capabilities.

Strengths:

  • Strong market presense as a Artifact repository.
  • Wide support for package formats such as package formats such as Maven, Debian, NPM, Helm, Ruby, Python, and Docker.

JFrog Pipelines

JFrog pipelines, through acquisition of Shippable, is a functional CI-CD product. JFrog Pipelines attempts to make it simpler to do CI-CD by building 'Native Steps'. This is akin to a prebuilt component or step in the CI-CD process that can be described in Yaml, thereby hiding all the low level complexity from the user. Some examples of Native Steps are Docker Build, Docker Push, NPM Build, NPM Publish, and XrayScan. JFrog Pipelines has several strengths and weaknesses. The main impact of its weaknesses are longer build times and lower collaboration.

Strengths:

  • Tight integration with Artifactory.
  • Ability to mix and match Native Steps with Custom Code - which reduces out of the box effort but provides flexibility to customize.
  • Well architected with core concepts of Steps (Native & Custom), Resources, Pipelines which can all be reused.

Gaps:

  • Lacks enterprise grade features such as AutoDevOps - ability to recognize the code and pre-build a pipeline.
  • No concept of a Merge Request or a container like object that enables multiple developers to easily collaborate.
  • Cannot self-optimize builds and pipelines when a queue of submissions are made.
  • Lack of tight integration with testing - i.e. there is no native step that drives tests.
  • Lack of scalability of testing during the build process through innovative use of parent-child pipelines that can run in parallel.

JFrog Xray

JFrog Xray provides static application testing capabilities by scanning the application components for vulnerabilities against the VulnDB vulnerability database. Xray also provides security policy enforcement and capability to monitor for license compliance. Xray integrates with IDEs such as IntelliJ and allows developers to view security issues in the dev environment.

Strengths:

  • Security scanning during development and after binaries are built.
  • Ability to restrict downloads of artifacts deemed not in compliance with license or security policies.

Gaps:

  • Dynamic Application Security Testing. Xray does not extend into the post deployment phase.
  • Cannot detect secrets within code.
  • Developers have to go back and forth from the IDE to Xray UI to manage security.

Note: This chart was developed by comparing the feature categories supported by GitLab and JFrog. For example, the ratio "5/7" for GitLab in Plan stage indicates support for 5 out of 7 feature categories within that DevOps Lifecycle Stage. We then applied certain % thresholds to color code the bars. In keeping with GitLab value of transparency, we applied this scoring methodology both to GitLab and JFrog capabilities, which is the reason you will see in some cases GitLab scores less than perfect scores. If you have questions about the analysis or additional inputs please feel free to submit an issue by clicking the link at the bottom of this page or writing a comment.

機能

* このページの情報は最新ではありません。最新の情報は 本家サイト をご確認ください。

GitLabはGitLab, Inc.の商標です。その他のすべての商標・ロゴマークの権利はそれぞれの所有者に帰属します。

GitLabはオープンコア

GitLabの競合製品のほとんどはソースコードを公開していませんが、GitLabはオープンコア製品です。 GitLabコミュニティエディションは完全なオープンソースで、 GitLabエンタープライズエディションはオープンコア(プロプライエタリ)です。

ソースコードにアクセス

クローズドソースなソフトウェアと異なり、 コミュニティエディションエンタープライズエディションの ソースコードを確認したり、修正することができます。 機能の追加やカスタマイズのために、サーバーのソースコードを修正したり、GitLabのリポジトリをフォークすることができます。 独自に実施した変更はメインのソースコードにフィードバックし、マージされるように挑戦することを推奨します。 それにより、他のユーザーの役に立つ上に、自身のインスタンスのアップデート作業を簡単に保つことができます。

コミュニティからの貢献

GitLabには毎月数百人からの貢献があります。 顧客・ユーザー・GitLab社員のすべてが毎月のリリースに貢献しています。 このことは、簡単に使用できる便利なユーザー管理のような、 組織にとって本当に必要な機能の開発に役立っています。

長期利用に最適

GitLabは、数十万の組織が利用し、頻繁にソフトウェアへ貢献しています。 GitLabには堅牢なコミュニティが存在します。 つまり、GitLabは単一企業のサポートに依存していないので、 長期利用に適しています。

毎月、新しい安定版がリリース

毎月、機能の改善と新機能の追加と不具合の修正のすべてが適用された、 GitLabの新しい安定版がリリースされます。 これにより、GitLabはとても迅速に顧客の要望に応えることができます。

GitLab(有償版)に関するご質問は「クリエーションライン」にお問合せください。

クリエーションラインはGitLabの国内初の正規代理店で、GitLabのサポートを得意としています。

Gitlab x icon svg