When setting up an enterprise CI/CD, we have to setup an artifact management platform in addition to the standard CI/CD tools like Jenkins, TeamCity, Gitlab CI etc. Unfortunately, unlike the CI/CD tools where there are a veriety of options; the artifact repository options are insanely limited, esp. if you add the additional constraint of open source.
Note that the repositories have to be private for most enterprises which rules out SaaS providers
- Artifactory (paid)
- Nexus (OSS)
- Harbor (OSS)
- Artifact Hub (OSS)
- Chart Museum (OSS)
Artifactory is by far the most feature rich, stable and widely used tool; however it is cost prohibitive. If we had a budget we would go with Artifactory hands down. Nexus, on the other hand is a pain to setup and configure, and offers a poor user experience; however, it does support many different types of repositories like docker, mvn, npm etc. ArtifactHub is under the CNCF umbrella and now appears to the standard repo for helm charts. Chart Musuem on the other hand is the traditional helm repository for private hosting solution. But both Chart Musuem and Artifact Hub are helm repo sitories only. Harbor is a suite of tools for artifact management much like Nexus and Artifactory in that they offer both helm (internally uses Chart Musuem) and docker registry (supported by Quay) in addition to scanning respositories for vulnerabilities; and finally a Notary Service for signing docker images.
Given that our cloud platform is exclusively Docker and Kubernetes, we only really need docker and helm repositories. Our choice is Harbor.