Make Your Software Flow


Why Next Gen. DevOps Requires Strategic Thinking

We live in an era where in order to survive, every type of company must transform itself into a technology company. Those who have not realized this yet have already lost the game.
So, you’re one of those who survived the digital transformation?
Congratulations, but that’s not enough.
You still need to be better than your competitors. The question is, “How?”
The answer is…


Respond faster to market demands, quickly adapt to changes, be the first to offer the next disruptive functionality.

One of the key elements of this agility you need to have is releasing software faster than your competitors. The only way you can do that is by making sure that the software you build flows freely, like water, from the developer’s notebook until it reaches its final destination, be it a cloud datacenter, an IoT device, a retail store or a cruise ship somewhere in the middle of the ocean.

How do you do that? Here are some guidelines you should follow.

Make sure everybody gets the tools they need in order to get things done

One of the first steps to getting software flowing through your organization, is giving everyone in your team the right tools. In a fast-moving organization, where new teams or projects are created all the time, you must be able to rapidly answer their needs. Add to that, the fact that everyone wants to have a lean IT team, and you are facing a real challenge.

One of the main challenges, is that those teams depend on a large variety of technologies. It’s difficult to respond quickly to their needs if you have to  evaluate new tools each time a new technology is embraced. The answer is to use a universal tool such as Artifactory.

During 2016, we expanded Artifactory’s universe by supporting even more technologies such as PHP Composer, Bower, CocoaPods and Conan. Yes, finally C and C++ get a real package manager with a state-of-the-art-repository manager. With the recent release of Artifactory 5.1, we added even more, this time aiming for DevOps engineers with support for Chef and Puppet.


Make sure nothing is blocking you from scaling automatically

As your business, and correspondingly, your software organization, grows, you want to make sure that nothing is blocking you from adding new repositories or from scaling existing ones. Not only that, you want to fully automate all those tasks and never have to worry about the underlying infrastructure. In other words, you want your repository manager to be cloud native.

With Artifactory 5.0 we made some major improvements to the infrastructure so Artifactory clusters can scale more easily than ever before. We completely removed the dependency on an NFS for HA setups, so you can now use cloud native storage solutions (such as S3 and GCS) without worrying about your NFS filer running out of space (and don’t worry. You can continue using an NFS until you’re ready to migrate your storage to the cloud). In addition we removed the need to have sticky sessions configured for Artifactory clusters and also added cluster license management which automatically takes care of providing new cluster nodes with licenses.

Artifactory NFS or Cloud Native


Like the plague, avoid surprises on release day

One of the things that can really block software from flowing is unplanned surprises. For example, imagine that five minutes before a release, someone important asks if you’re compliant with the terms of the GPLv3 license attached to that new component you are using.

A few months ago we introduced JFrog Xray, which keeps surprises like this out of your organization, both before and after you release.

Natively integrated with Artifactory, Xray performs deep scans on the software components you consume and produce looking for security vulnerabilities and licensing issues. In fact, the flexible way in which Xray was built allows it to hook into any feed of information about software allowing you, for example, to feed it with information about known bugs or performance issues.

While Xray comes with its own, built-in database of vulnerabilities and licenses, it is also open to integration with other products. We think that you should be able to choose the databases you trust the most and use them seamlessly with Xray’s  internal database. Now, not only do you want to detect different vulnerabilities in your software, you want to catch them as early as possible in the development process. To support early detection, Xray has been integrated with the Jenkins Artifactory Plugin so you can configure your Jenkins pipeline to scan builds and fail them if any threats are identified in your build artifacts or their dependencies.

Xray impact path

But different surprises lurk around every corner. For example you could run out of disk space just when you need to deploy a bunch of big Docker images. Well, we have a solution for that too.

With the new JFrog Mission Control graphs and notifications, you can track how Artifactory uses storage and use predictive analysis to stay two steps ahead and predict when storage might become scarce. You can also set up automatic notifications if certain repository or instance storage thresholds are crossed.

Mission Control Graphs


Take it all the way to distribution

Once you have finished coding, building, testing and scanning, an important part of releasing software is distributing it to its end target. This can be a data center where you provision an application, a download center where customers can download the software, or a device to which you’re pushing an update somewhere in the world. While you can email the software to the person responsible for distribution, put it on a shared file system or use some other improvised solution, there is a much better way of distributing your software.

Earlier last year we created the link between the people who build the software and the ones responsible for distribution. With the introduction of distribution repositories, you can make your artifacts automatically flow between Artifactory and Bintray while fully controlling the process. All you need to do is configure some rules (or use the default ones) and promote your artifacts to distribution. The rest is done automatically. Once you are done, your customers can start downloading your software and the journey reaches its final step. But just before it gets there you might want to trigger some final actions such as sending your user an email.

Distribution Repositories

With Bintray’s Firehose Events API, you can respond to events such as software downloads or user logins and automate activities such as sending engagement emails, auditing and more.

The JFrog CLI, released last year, can consume an event feed directly from Bintray and make your life and automation even easier with features such as automatic reconnect and event filtering.

At this point your software has completed its flow and you can continue the flow with the next releases.

During 2017 we at JFrog are going to focus even more on making your software liquid, flowing in a fully automatic manner all the way to its final destination. Be prepared for seamless integration between all the pieces of the puzzle, a better user experience and new features which will make your software distribution faster and safer than ever before.