Creating a build you can trust

‘The build is broken’ is something I’ve heard too many times in my software development career.  Concepts like continuous delivery and devops make it all that more important to have a build that you can trust.   In the Agile ALM Connect session, Build Trust in Your Build to Deployment Flow ,Yoav Landman, founder of Artifactory, is going to demonstrate some of the techniques for using tools like Maven, Gradle and Artifactory to automate builds that release applications which are fully traceable, managed and trusted!

Yoav has also participated in my Agile ALM Connect speaker Q&A series.  He answers my questions about Artifactory and his company JFrog.

1. You are the founder of the Artifactory open source project.   Why did you decide to create Artifactory?

I started Artifactory in 2006. I was working as a consultant at the time and migrated a couple of large client projects from Ant to Maven 2. I was frustrated by the absence of good options to manage dependencies and hosting artifacts in house. There were a couple of tools out there, but they all lacked basic features such as searching and artifact uploading and were basically very immature, since the whole domain of Binary Repository Managers, didn’t exist yet.
In an effort to fill this gap I decided to go and write my own tool as an open source project and created Artifactory. The quick adoption of Artifactory lead me to create JFrog around it. Actually, the final straw that pushed me to start the project was a complete outage of the Codehaus server for a couple of days, which left some of my clients in the dark as they depended on artifacts from the Codehaus repository which they removed from their local caches.

2. We hear a lot about continuous delivery and devops.   How is this effecting the build process and what issues do you think need to be considered?

We are dealing a lot with continuous delivery in JFrog as part of our Artifactory on the cloud service, Artifactory Online. For us, the main effect on the build process is that artifacts are deployed much more frequently, which makes good binary management critical.

Artifactory, as a repository manager is not just the target to which build results are deployed for usage by dependent builds, but also the source from which applications are deployed to production, and even where RPMs are installed from to newly provisioned machines. We are using the properties feature of Artifactory to tag artifacts that were moved to production so that they can be easily identified. Another important aspect is that snapshots can often be treated as releases, and so traditional staging/release workflows no longer fit the requirements of continuous deployment.

3. If someone wanted to get started with Artifactory where would you suggest they start?

I think the best starting point would be downloading Artifactory from and watching this one-minute setup screencast. For someone who has never used a binary repository and wants to understand the benefits of using a tool like Artifactory, I’d suggest looking at this short intro. Other than that, Artifactory is real easy to set up and get up to speed with, and the online help in the UI makes it really useful to understand how to get around. Finally, there is of course the user guide and the users forum for getting more help.


One thought on “Creating a build you can trust

Comments are closed.