Summary

JFrog has grown its enterprise business with its flagship artifact management software, called Artifactory, as well as additional, integrated components centered on software distribution, security and large-scale DevOps implementation. Nearing 10 years in business, the software artifact and release process automator has built an impressive stable of large enterprise customers, including two-thirds of Fortune 500 companies.

JFrog integrates with a broad range of other software components and infrastructure, helping it stay in step with the trends of containers, microservices, DevOps, hybrid cloud and IoT. The company also reports growing traction based on digital transformation efforts among large enterprises and service providers.


The 451 Take

JFrog has grown significantly and rapidly in nearly 10 years of business, thanks largely to a broad software portfolio that is well timed with growing enterprise adoption and implementation of DevOps technology and methodology. One of its strongest traits is the ability to integrate with a wide array of software and infrastructure involved in DevOps implementations – which are more like toolboxes with many different options, rather than traditional software toolchains. JFrog does a good job of stitching together these sometimes disparate tools in a meaningful way to promote speed, automation and efficiency. The company's software also generally integrates well with software release processes and existing efforts of automation within enterprise organizations. Its artifact management and security in development is something large enterprises are willing to pay for, as evidenced by JFrog's impressive growth in recent years. While it does face some pressure and competition from other vendors similarly growing their DevOps footprint, JFrog benefits from its close partnerships with the hyperscaler public cloud providers.

Context

Founded in 2008 as a more modern DevOps-era tool for managing software artifacts and automating releases, JFrog has grown to thousands of paying subscribers, including large enterprises in financial services, technology, retail, social media and other verticals. JFrog has more than 260 employees, and has raised a total of $62m in venture funding from investors including Battery Ventures, Dell Technologies Capital, Gemini Israel Ventures, Qumra Capital, Sapphire Ventures, Scale Venture Partners, Vintage Investment Partners and VMware. 451 Research estimates JFrog's annual revenue at between $70m and $90m.

Products

JFrog's four main products are its flagship Artifactory software artifact management, JFrog Bintray universal distribution platform, JFrog Xray continuous security and Universal Artifact Analysis tool, and JFrog Mission Control software for end-to-end DevOps management at scale.

Artifactory's artifact management and automation has been the main engine of JFrog's growth, with its focus on scalability, security, high-availability (HA) and replication. Scalability features of Artifactory include active/active clustering and multi-site replication for large-scale DevOps deployments. Artifactory also integrates with existing environments, and allows users to choose their own tools yet still bring together continuous integration and continuous delivery to improve developer productivity.

Additionally, Artifactory is centered on automation for faster releases and automated pipelines through RESTful APIs. The software provides a consistent model and experience across on-premises, public, private and hybrid cloud infrastructures with multi-site replication to support zero downtime for both developers and IT operations teams. Artifactory use cases typically center on accelerating development workflows by curating software libraries and making them available to developers, as well as managing full software artifact lifecycles with visibility and control, including in regulated environments.

Previous-release highlights of Artifactory, which began largely as a Maven build automation, include replication to facilitate developer collaboration across multiple sites (Artifactory 2.0) and HA to support production deployments with zero downtime (Artifactory 3.0). Version 4.0 moved well beyond Maven and Java repository management and automation to include what JFrog describes as a 'universal story': support and integration with source control systems such as Git and Perforce; build and package managers such as Jenkins, Bamboo and CircleCI; CI/CD tools such as Gradle, Ruby, Docker and Microsoft Team Foundation Server); binary management of various languages; and deployment tools such as Chef, Puppet, Vagrant and Kubernetes.

With the more recent 5.0 release, the focus was on supporting cloud-native software initiatives, such as the use of Docker containers and Kubernetes container management and orchestration, as well as support for hybrid clouds and portability of artifacts and binaries. It also supported IoT use cases where software sits on the edge. In the latest release, version 5.5, JFrog added event-based pull replication. Artifactory integrates with JFrog's other main products to provide an end-to-end offering for automated workflows.

JFrog Bintray is a distribution platform for software artifacts and binaries to provide access for developers and teams on a reliable, scalable and secure platform. Bintray supports all software packaging formats and is natively integrated with Artifactory. Its users can grant and restrict access, including application of advanced geo-restriction rules, to specific repositories, packages and versions. The platform also features billable usage reports to chargeback internal users. Other Bintray highlights include access to download and storage statistics via APIs or Bintray UI, software release provisioning with notes, EULA and download tracking, and fine-grained authorization for access control.

To support what it calls continuous security and the ongoing shift left of security in DevOps scenarios, JFrog offers Xray, which supports the continuous governance and auditing of all software artifacts in a release pipeline. Xray also supports all major packaging formats, and features recursive scanning for insight into the workflow and impacts on software artifacts. It integrates natively with Artifactory, and allows users to discover, query and enhance components with metadata, allowing enforcement of policies to align components with business logic rules. Xray covers the full software supply chain including development, build and production phases via IDE and CI/CD integration and REST APIs. The company touts Xray as a set of security capabilities that customers are typically willing to pay for, given their critical nature.

The company's other main product, JFrog Mission Control, is centered on data-driven DevOps and serves as a single access point and dashboard for administrators and IT operations professionals managing multiple services and insights. Created in part through integration of JFrog's acquired CloudMunch technology, the Mission Control dashboard displays Artifactory and Xray services, and allows users to configure and view services regardless of whether they are on-site or at a remote site. Mission Control is intended to allow organizations to manage all aspects of the other JFrog products, and offers monitoring and visibility into customer sites and dependencies.

 

Partners

Consistent with our research on growing enterprise adoption of hybrid cloud infrastructure, JFrog says the software components that developers consume and the software release processes they produce must both be supported, as they are in Artifactory, across on-premises and public cloud infrastructure. For that reason, leading public cloud providers AWS, Google and Microsoft are among JFrog's key technical collaborators and partners.

Beyond these cloud providers, JFrog also partners with a variety of other vendors in runtime environments (Docker, Rancher, VMware and Kubernetes), metadata and analysis (Black Duck, SumoLogic, WhiteSource), deployment and distribution (Akamai, Chef, HashiCorp, NetApp and Puppet) and automated build and delivery (Atlassian, CircleCI and Jenkins supporters). JFrog also recently joined the Cloud Native Computing Foundation – home of the Kubernetes container management and orchestration project – as a gold member.

 

Customers

JFrog reports more than 4,000 paying customers, and highlights that all of its revenue comes from software subscriptions rather than support or professional services. Key enterprise verticals for the company include financial services, technology, retail and social media. Common use cases for JFrog center on micro-datacenters whereby customers' stores, locations and other resources each become individual datacenters. JFrog also indicates that multi- and hybrid-cloud implementations are a growing area of interest among customers.

 

Competition

JFrog competes primarily with other suppliers of repository management and automation software. This includes Sonatype, which is similarly focused on adding security to automation and DevOps releases. Another competitor is Docker with its Docker Trusted Registry that frequently accompanies Docker container applications. NPM Enterprise also represents a degree of competition for JFrog, given fairly broad use in CI/CD pipelines.

JFrog may also face increasing competition from other vendors that are expanding their footprint in DevOps, despite the company's integration with them. These include infrastructure automation vendors Chef, Puppet, Red Hat with Ansible and SaltStack, all of which have expanded more broadly into CI/CD. Others, such as test and process automation players, include Electric Cloud, Plutora, Skytap and XebiaLabs.


Jay Lyman
Principal Analyst, Cloud Native and DevOps Development

Jay Lyman is a Principal Analyst with 451 Research’s Applied Infrastructure & DevOps Channel. He covers infrastructure software, primarily private cloud platforms, cloud management and enterprise use cases that center on orchestration, the confluence of software development and IT operations known as DevOps, Docker and containers.

Jeremy Korn
Research Associate

Jeremy Korn is a Research Associate at 451 Research. He graduated from Brown University with a BA in Biology and East Asian Studies and received a MA in East Asian Studies from Harvard University, where he employed quantitative and qualitative methodologies to study the Chinese film industry.

Aaron Sherrill
Senior Analyst

Aaron Sherrill is a Senior Analyst for 451 Research covering emerging trends, innovation and disruption in the Managed Services and Managed Security Services sectors. Aaron has 20+ years of experience across several industries including serving in IT management for the Federal Bureau of Investigation.

Want to read more? Request a trial now.