Package Management in Artifactory is the range of functionality involved in working as a central package repository while operating as an intermediary between you, members of your organization, and a public package registry such as NPM, Docker and many others.
Artifactory’s Role in Package Management
Artifactory, in its simplest form, is a repository for packages and other artifacts that allows your organization to centrally store and manage these items in a single location. It allows your development team to download and access packages and artifacts from a central location.
This provides stability, dependability, traceability, consistency, and security as part of the CI/CD process, as well as supports the software development and release lifecycles. When working with a registry-provided package manager like NPM or Docker, you use the registry’s package manager client on your local machine to connect to their registry, which then allows you to directly download packages from that repository and use them in your code.
By setting up an Artifactory repository and performing configuration changes on your package manager client, all package activity is directed through Artifactory, which then operates as the proxy between your package registry, yourself and your colleagues, transforming into your organization’s single source of truth for packages. Artifactory downloads, screens, tracks, and distributes packages, and offers additional functionality to help your company better manage its Software Development Lifecycle.
This provides your organization control and oversight over packages used in your code, building package management into the CI/CD, and adding layers of security into the process. It provides transparency into the content of a build, enables building a Software Bill of Materials (SBOM), and orchestrates the release lifecycle.