GitLab Commit Virtual is here. Register Now for our 24 hour immersive DevOps experience.
Gitlab hero border pattern left svg Gitlab hero border pattern right svg

JFrog vs. GitLab

GitLab-JFrog Comparison Infographic

This summary infographic compares JFrog and GitLab across several DevOps Stages and Categories. The methodology used to build this chart can be found here. More detailed comparisons and commentary on strenghts, gaps etc. are in sections below.

GitLab JFrog Comparison Chart

On this page

Summary

JFrog has transitioned from an artifact repository to a DevOps Platform that includes CI and CD capabilities through its acquisition of Shippable in Feb 2019. Recently in March 2020, JFrog announced the launch of its DevOps platform called 'JFrog Platform', a pre-integrated solution with a common UI across JFrog Pipelines, JFrog X-Ray and JFrog Source Composition Analysis products. This solution is backed by a common meta data model that facilitates information integration between these separate product. In addition to three primary products JFrog Artifactory, JFrog Pipelines and JFrog Xray, JFrog also provides other products such as JFrog Distribution, JFrog Mission Control and JFrog Container Registry.

JFrog Artifactory is a tool designed to store the binary output of the build process for use in distribution and deployment. Artifactory provides support for a number of package formats. JFrog Artifactory provides a single source of truth for build artifacts and works with JFrog Distribution to efficiently distribute large artifacts across the enterprise.

JFrog Pipelines is a CI-CD product that works well with its Artifactory repository. JFrog pipelines works through a combination of native steps (a set of higher order steps built on bash) and resources (inputs into or outputs from native steps, can be any type such as a build, integration etc.). JFrog pipelines is a functional CI-CD product, though it lacks several capabilities typically foudn in enterprise class products.

JFrog Xray is the security product that can be built-into various steps within a JFrog pipeline. Xray supports detecting security vulnerabilities in all dependent code and also provides license compliance capabilities.

JFrog Artifactory

Artifactory provides support for a number of package formats such as Maven, Debian, NPM, Helm, Ruby, Python, and Docker. Artifactory also stores a complete map of all the components that went into creating the artifact. This information feeds other products such as JFrog Xray. Artifacts can be efficiently distributed across remote sites using JFrog Distribution.

GitLab also offers the ability to store and distribute packages, but at the moment offers less package type compatibility than Artifactory does - Maven, Docker, NPM. GitLab strengths are in providing a single product for the full DevOps Lifecycle. In addition, GitLab CI-CD and Security Capabilities have better functionality and provide enterprise grade capabilities.

Strengths:

  • Strong market presense as a Artifact repository.
  • Wide support for package formats such as package formats such as Maven, Debian, NPM, Helm, Ruby, Python, and Docker.

JFrog Pipelines

JFrog pipelines, through acquisition of Shippable, is a functional CI-CD product. JFrog Pipelines attempts to make it simpler to do CI-CD by building 'Native Steps'. This is akin to a prebuilt component or step in the CI-CD process that can be described in Yaml, thereby hiding all the low level complexity from the user. Some examples of Native Steps are Docker Build, Docker Push, NPM Build, NPM Publish, and XrayScan. JFrog Pipelines has several strengths and weaknesses. The main impact of its weaknesses are longer build times and lower collaboration.

Strengths:

  • Tight integration with Artifactory.
  • Ability to mix and match Native Steps with Custom Code - which reduces out of the box effort but provides flexibility to customize.
  • Well architected with core concepts of Steps (Native & Custom), Resources, Pipelines which can all be reused.

Gaps:

  • Lacks enterprise grade features such as AutoDevOps - ability to recognize the code and pre-build a pipeline.
  • No concept of a Merge Request or a container like object that enables multiple developers to easily collaborate.
  • Cannot self-optimize builds and pipelines when a queue of submissions are made.
  • Lack of tight integration with testing - i.e. there is no native step that drives tests.
  • Lack of scalability of testing during the build process through innovative use of parent-child pipelines that can run in parallel.

JFrog Xray

JFrog Xray provides static application testing capabilities by scanning the application components for vulnerabilities against the VulnDB vulnerability database. Xray also provides security policy enforcement and capability to monitor for license compliance. Xray integrates with IDEs such as IntelliJ and allows developers to view security issues in the dev environment.

Strengths:

  • Security scanning during development and after binaries are built.
  • Ability to restrict downloads of artifacts deemed not in compliance with license or security policies.

Gaps:

  • Dynamic Application Security Testing. Xray does not extend into the post deployment phase.
  • Cannot detect secrets within code.
  • Developers have to go back and forth from the IDE to Xray UI to manage security.

Note: This chart was developed by comparing the feature categories supported by GitLab and JFrog. For example, the ratio "5/7" for GitLab in Plan stage indicates support for 5 out of 7 feature categories within that DevOps Lifecycle Stage. We then applied certain % thresholds to color code the bars. In keeping with GitLab value of transparency, we applied this scoring methodology both to GitLab and JFrog capabilities, which is the reason you will see in some cases GitLab scores less than perfect scores. If you have questions about the analysis or additional inputs please feel free to submit an issue by clicking the link at the bottom of this page or writing a comment.

FEATURES

If you feel there are inaccurate statements in this comparison or a tool missing, please edit this page or propose edits by opening an issue. You can also send an email to devopstools@gitlab.com with your suggested edits if you're unable to open an issue or edit this page.

We strive for technical accuracy and will review and update this post for inaccuracies as quickly as possible.

GitLab is the trademark of GitLab, Inc. All other logos and trademarks are the logos and trademarks of their respective owners.

Try GitLab Ultimate risk-free for 30 days.

No credit card required. Have questions? Contact us.

Try GitLab risk-free for 30 days.

No credit card required. Have questions? Contact us.

Gitlab x icon svg