Analyst: Jay Lyman 21 Dec, 2017
JFrog has grown its enterprise business with its flagship artifact management software, called Artifactory, as well as additional, integrated components centered on software distribution, security and large-scale DevOps implementation. Nearing 10 years in business, the software artifact and release process automator has built an impressive stable of large enterprise customers, including two-thirds of Fortune 500 companies.
JFrog integrates with a broad range of other software components and infrastructure, helping it stay in step with the trends of containers, microservices, DevOps, hybrid cloud and IoT. The company also reports growing traction based on digital transformation efforts among large enterprises and service providers.
The 451 Take
JFrog has grown significantly and rapidly in nearly 10 years of business, thanks largely to a broad software portfolio that is well timed with growing enterprise adoption and implementation of DevOps technology and methodology. One of its strongest traits is the ability to integrate with a wide array of software and infrastructure involved in DevOps implementations – which are more like toolboxes with many different options, rather than traditional software toolchains. JFrog does a good job of stitching together these sometimes disparate tools in a meaningful way to promote speed, automation and efficiency. The company’s software also generally integrates well with software release processes and existing efforts of automation within enterprise organizations. Its artifact management and security in development is something large enterprises are willing to pay for, as evidenced by JFrog’s impressive growth in recent years. While it does face some pressure and competition from other vendors similarly growing their DevOps footprint, JFrog benefits from its close partnerships with the hyperscaler public cloud providers.
Founded in 2008 as a more modern DevOps-era tool for managing software artifacts and automating releases, JFrog has grown to thousands of paying subscribers, including large enterprises in financial services, technology, retail, social media and other verticals. JFrog has more than 260 employees, and has raised a total of $62m in venture funding from investors including Battery Ventures, Dell Technologies Capital, Gemini Israel Ventures, Qumra Capital, Sapphire Ventures, Scale Venture Partners, Vintage Investment Partners and VMware. 451 Research estimates JFrog’s annual revenue at between $70m and $90m.
JFrog’s four main products are its flagship Artifactory software artifact management, JFrog Bintray universal distribution platform, JFrog Xray continuous security and Universal Artifact Analysis tool, and JFrog Mission Control software for end-to-end DevOps management at scale.
Artifactory’s artifact management and automation has been the main engine of JFrog’s growth, with its focus on scalability, security, high-availability (HA) and replication. Scalability features of Artifactory include active/active clustering and multi-site replication for large-scale DevOps deployments. Artifactory also integrates with existing environments, and allows users to choose their own tools yet still bring together continuous integration and continuous delivery to improve developer productivity.
Additionally, Artifactory is centered on automation for faster releases and automated pipelines through RESTful APIs. The software provides a consistent model and experience across on-premises, public, private and hybrid cloud infrastructures with multi-site replication to support zero down me for both developers and IT operations teams. Artifactory use cases typically center on accelerating development workflows by curating software libraries and making them available to developers, as well as managing full software artifact lifecycles with visibility and control, including in regulated environments.
Previous-release highlights of Artifactory, which began largely as a Maven build automation, include replication to facilitate developer collaboration across multiple sites (Artifactory 2.0) and HA to support production deployments with zero downtime (Artifactory 3.0). Version 4.0 moved well beyond Maven and Java repository management and automation to include what JFrog describes as a ‘universal story’: support and integration with source control systems such as Git and Perforce; build and package managers such as Jenkins, Bamboo and CircleCI; CI/CD tools such as Gradle, Ruby, Docker and Microsoft Team Foundation Server); binary management of various languages; and deployment tools such as Chef, Puppet, Vagrant and Kubernetes.
With the more recent 5.0 release, the focus was on supporting cloud-native software initiatives, such as the use of Docker containers and Kubernetes container management and orchestration, as well as support for hybrid clouds and portability of artifacts and binaries. It also supported IoT use cases where software sits on the edge. In the latest release, version 5.5, JFrog added event-based pull replication. Artifactory integrates with JFrog’s other main products to provide an end-to-end offering for automated workflows.
JFrog Bintray is a distribution platform for software artifacts and binaries to provide access for developers and teams on a reliable, scalable and secure platform. Bintray supports all software packaging formats and is natively integrated with Artifactory. Its users can grant and restrict access, including application of advanced geo-restriction rules, to specific repositories, packages and versions. The platform also features billable usage reports to chargeback internal users. Other Bintray highlights include access to download and storage statistics via APIs or Bintray UI, software release provisioning with notes, EULA and download tracking, and fine-grained authorization for access control.
To support what it calls continuous security and the ongoing shift left of security in DevOps scenarios, JFrog offers Xray, which supports the continuous governance and auditing of all software artifacts in a release pipeline. Xray also supports all major packaging formats, and features recursive scanning for insight into the workflow and impacts on software artifacts. It integrates natively with Artifactory, and allows users to discover, query and enhance components with metadata, allowing enforcement of policies to align components with business logic rules. Xray covers the full software supply chain including development, build and production phases via IDE and CI/CD integration and REST APIs. The company touts Xray as a set of security capabilities that customers are typically willing to pay for, given their critical nature.
The company’s other main product, JFrog Mission Control, is centered on data-driven DevOps and serves as a single access point and dashboard for administrators and IT operations professionals managing multiple services and insights. Created in part through integration of JFrog’s acquired CloudMunch technology, the Mission Control dashboard displays Artifactory and Xray services, and allows users to configure and view services regardless of whether they are on-site or at a remote site. Mission Control is intended to allow organizations to manage all aspects of the other JFrog products, and offers monitoring and visibility into customer sites and dependencies.
Consistent with our research on growing enterprise adoption of hybrid cloud infrastructure, JFrog says the software components that developers consume and the software release processes they produce must both be supported, as they are in Artifactory, across on-premises and public cloud infrastructure. For that reason, leading public cloud providers AWS, Google and Microsoft are among JFrog’s key technical collaborators and partners.
Beyond these cloud providers, JFrog also partners with a variety of other vendors in runtime environments (Docker, Rancher, VMware and Kubernetes), metadata and analysis (Black Duck, SumoLogic, WhiteSource), deployment and distribution (Akamai, Chef, HashiCorp, NetApp and Puppet) and automated build and delivery (Atlassian, CircleCI and Jenkins supporters). JFrog also recently joined the Cloud Native Computing Foundation – home of the Kubernetes container management and orchestration project – as a gold member.
JFrog reports more than 4,000 paying customers, and highlights that all of its revenue comes from software subscriptions rather than support or professional services. Key enterprise verticals for the company include financial services, technology, retail and social media. Common use cases for JFrog center on micro-datacenters whereby customers’ stores, locations and other resources each become individual datacenters. JFrog also indicates that multi- and hybrid-cloud implementations are a growing area of interest among customers.
JFrog competes primarily with other suppliers of repository management and automation software. This includes Sonatype, which is similarly focused on adding security to automation and DevOps releases. Another competitor is Docker with its Docker Trusted Registry that frequently accompanies Docker container applications. NPM Enterprise also represents a degree of competition for JFrog, given fairly broad use in CI/CD pipelines.
JFrog may also face increasing competition from other vendors that are expanding their footprint in DevOps, despite the company’s integration with them. These include infrastructure automation vendors Chef, Puppet, Red Hat with Ansible and SaltStack, all of which have expanded more broadly into CI/CD. Others, such as test and process automation players, include Electric Cloud, Plutora, Skytap and XebiaLabs.
Its integration with the array of software components and infrastructures involved in DevOps, as well as with customers’ existing efforts toward automated releases, position JFrog well for enterprise customers.
While its enterprise profile is growing, JFrog may not appeal to enterprises unfamiliar with the company, or those that are focused on automating workflows and releases on their own.
Continued growth of DevOps in the enterprise, as well as containers, microservices, hybrid cloud and IoT, all bode well for JFrog’s continued, rapid growth.
Public cloud providers with features and capabilities, such as functions as a service or serverless, may become more competitive to JFrog over time despite existing integrations and partnerships.