Package Caching and Proxying Using Remote Repositories Use Case

Package Caching and Proxying Using Remote Repositories Use Case

Products
JFrog Artifactory
Content Type
Use Case
ft:sourceType
Paligo

A central feature of Artifactory is the ability to manage packages to ensure an efficient release lifecycle. This use case describes how remote repositories enable Artifactory users to address many of the key challenges of managing packages from remote public registries.

Challenges

Organizations face multiple challenges when managing access to remote packages on public registries, including:

  • Public registries may be unavailable at times or suffer from latency issues

  • Administrators lack an efficient method to moderate developer access to public registries without impacting productivity

  • Particular package versions may become unavailable on the public registry

  • Network overuse, which leads to reduced speed and increased cost

  • Multiple users keep copies of the same files, which overloads the local storage system

  • Inconsistent package versions among developers

The Artifactory Solution – Remote Repositories

To address these challenges, Artifactory offers remote repositories, which can cache and proxy packages from a remote public or private registry. Remote repositories provide multiple benefits to developers and DevOps engineers, including fast, convenient, and secure access to remote resources.

For more details about these benefits, see:

Benefits of Remote Repositories for Developers

Developers working in an integrated development environment (IDE) need to be able to call packages easily and insert them into their code. Packages must always be available to avoid delays or other issues when compiling a build.

Remote repositories offer the following benefits for developers:

  • Builds become much faster because the required dependencies are cached and available for use

  • Cached dependencies are available even when public registries are down or experiencing latency

Imagine the following scenario:

Anne is a developer and early riser who begins work early and starts running builds. When she requires a new dependency, Artifactory pulls it from a public registry and caches it for later use.

When other developers on the team begin work later that morning, they soon discover that their build times have improved greatly because the dependencies they require are cached and available in the remote repository.

Later that day, a sudden storm causes intermittent outages in the company’s connection to the outside world. However, the development team can continue their work without interruption secure in the knowledge that the dependencies they require are available for use in the remote repository.

Benefits of Remote Repositories for DevOps Engineers

DevOps engineers build the integrations that enable the rest of the organization to operate. They set up integrations between applications, build automation and pipelines, and keep things running.

Remote repositories enable DevOps engineers to ensure that the developers in their organization download from a particular public registry via the Artifactory remote repository. (Direct downloads from the public registry can be blocked at the network level.)

Remote repositories make downloads:

  • Moderated (using include/exclude patterns, regular expressions, security filters, domain filters, and so on)

  • Traceable

  • Subject to security scans to ensure license compliance and block (or send alerts regarding) malicious software and other vulnerabilities

Additional benefits for DevOps engineers include:

  • Improved performance thanks to caching

  • Reduced storage costs due to storage optimization (thanks to checksum-based storage, only one instance of each binary is held, regardless of the number of requests from different developers)Checksum-Based Storage Implementation

  • Reduced bandwidth and consumption

Imagine the following scenario:

Terry is a DevOps engineer who faces a situation where developers download software from public registries in an uncontrolled manner and without moderation. As a result, multiple versions of the same dependencies exist, and in some cases, security vulnerabilities are introduced into the organization’s software.

To correct this situation, Terry sets up a remote repository to serve as a proxy for the public registry. At the same time, he blocks direct developer access to the registry, ensuring that everyone must use the remote repository to download the software they require. Using a remote repository, the DevOps engineer can track what is being downloaded and by whom.

To keep the organization secure and compliant, he can also use JFrog Curation to limit which packages on remote registries can be accessed by developers. After permitted packages are brought into the remote repository, he can use JFrog Xray to scan all packages for possible vulnerabilities. These multiple layers of security help prevent vulnerabilities and possible malware from being introduced into the organization.JFrog Curation OverviewJFrog Xray