What is an artifact library in a DevOps platform?What's the use?

In DevOps practice, artifact repositories are arguably a crucial component.A reliable artifact library can often help companies solve many security and version control problems in the DevOps process.

Typical software development involves development, construction, testing, deployment, etc.In this process, how to ensure the security of dependent components, how to standardize the management of intermediate products, how to accurately put the deliverables into production, and other issues often become obstacles to the flow of the entire DevOps, we will look at it in stages:

I. Development and construction stage

Due to technical requirements, this stage often "depends on" a large number of external dependent components. At this time, it is time-consuming and laborious to download various external dependent files, and it is necessary to prevent the downloaded open source components from having loopholes, plus some components.There may be authorization pits and legal risks. Therefore, how to deal with dependent libraries has become a big problem in development and construction.

Second, the stage of depositing into the product library

After the construction is completed, the R&D personnel often store the products in the product library for centralized management. At this time, the following problems will occur:

• Developers are unable to know the quality status of Curry products;
• It is difficult for operation and maintenance to determine the version that can be released this time,
• If an untested version goes to production, or an old version overwrites a new version, it's a big accident.

Three, deployment and implementation stage

The final product delivered will have many requirements when deployed and implemented

• The first thing to do is to ensure the reliability and security of the transmission medium
• Also take into account the version management, which version is the latest?Which is the interim version?
• If the product library goes down, on-time production becomes a big problem
• In many cases, enterprise development and production are isolated in different places, so if the product transmission is slow in different places, large-scale deployment can only be done in a hurry
• In terms of authority control, if the product library cannot achieve fine-grained authority control, the authority control is not strict, and the products are tampered with, there will be endless troubles

Speaking of this, you should understand that a reliable product library can often help enterprises solve many security and version control problems in the DevOps process. Then I will introduce you to a commonly used product library tool.:

1) Nexus

Most small and medium R&D teams will choose sonatype's nexus. The free version has no high availability and can meet most basic business scenarios

2) Harbor

VMware's open source image repository, supporting Docker and Helm repositories

3) Jfrog Artifactory

A US-listed Israeli company that provides commercial solutions for product libraries, with an annual subscription fee

4) Core recommendation: Jiawei Blue Whale CPack

Jiawei Blue Whale CPack product management platform is an enterprise-level product management solution. Based on the domestic self-developed technology system, it is committed to building modern product management capabilities for enterprises.

①Multi-type product support: Supports many common types such as Generic, Maven, NPM, PYPI, Docker, Helm, etc., and supports the use of R&D teams in many different languages

② Unified product management: Provides the proxy function, realizes unified management of products in local warehouse, private warehouse and central warehouse by setting multiple proxy sources, creating the only trusted source of the enterprise.

③ Product traceability tracking: Based on product metadata and entry and exit rules, product upgrade is performed, and process data from demand to release is recorded in product dimension to realize demand, coding, construction, and testing, quality and deployment of the entire life cycle process of strong control, to achieve credible traceability and security audit.

④ Product security scanning: Provide custom scanning plans and quality rules to meet the enterprise's detection and control requirements for open source components' vulnerability security and license compliance.

⑤ Guarantee service stability: Support cluster deployment and health monitoring to provide stable performance services for enterprises.

⑥ Reduced operation and maintenance costs: It is deployed in clusters of data centers in multiple locations, supports horizontal multi-node expansion, and uses flexible synchronization strategies to deal with high-concurrency download scenarios.

Jiawei Blue Whale CPack usage scenarios

1. Single environment: private server dependency warehouse + project-isolated product warehouse + product upgrade + deployment release

2. Multi-location center: CI pipeline + multi-node product library + synchronous distribution + application release automation + deployment

3. Private server dependency library: DMZ isolation zone + multi-level proxy