Artifactory manages a number of different objects including artifacts, packages, builds, and release bundles. Understanding these different objects, and how Artifactory handles each is crucial to using search and finding objects.
Artifactory works with the following primary object types:
Artifact: Any stand alone file in Artifactory identified by a unique checksum. When searching for an artifact, there are additional details that should be noted. For more information see Understanding how to Search for Artifacts and Packages
Package: The name of a package as defined in package metadata (such as the package.json for NPM or manifest.json for Docker). When searching for a package, there are additional details that should be noted. For more information see Understanding how to Search for Artifacts and Packages
Build: An output that represents the build step of the CI. It details about the method and dependencies involved in building the package
Release Bundle: An immutable context of content (a package) that represent a release candidate. RBv2 is an object that is promoted and distributed via Release Lifecycle Management. Release Bundles v1 is an older concept and used for distribution only
Xray: A resource scanned by Xray. This includes packages, builds, Release Bundles or artifacts that have been scanned for vulnerabilities by Xray. For more information, see Searching for Scanned Resources
Relationship between Artifacts and Packages
A package can contain a single artifact, or it can contain multiple artifacts (a multi-artifact package). Its important to keep this in mind when working with packages, particularly in the Artifacts tree. Artifacts that are part of multi-artifact packages are tracked as such in Artifactory. Manually dragging and dropping an artifact from a multi-artifact package can cause problems in Artifactory, removing the context of the greater package, which can result in trouble working with that package.
Anatomy of a single artifact package
This example is of an NPM package which shows a single artifact file. It contains the artifact metadata in the package.json file that lists the package name and its details. Artifactory parses its content listing including the package name and other details from the information in the package.json metadata file.
Anatomy of a multi-artifact package
The following example shows a multi-artifact package, in this case, a Docker image. The package metadata in the manifest.json file lists all the layers in the package. Artifactory then parses each layer as a separate artifact.