CI/CD / DevOps / Sponsored

JFrog Pipelines: Easier, Unified Software Delivery

21 Jun 2019 10:00am, by

JFrog sponsored this post, which was written independently for The New Stack.

A blog post that then-Shippable CEO and founder Avi Cavale wrote two years ago seems prescient after the company’s acquisition and integrations with the technology of DevOps tool provider JFrog:

“ … teams have a variety of tools they can use to automate their activities, but the end-to-end connected CI/CD [continuous integration/continuous delivery] workflow across the organization has taken a back seat to silo-ed automation. Most organizations are thus left with ‘Islands of Automation.’ ”

That’s a problem JFrog aimed to correct by its debut this week of Pipelines. Pipelines, a technology preview in its JFrog Enterprise+ package of development tools, can be used to automate every phase of development — from build time to production deployment. The package is a unified platform consisting of the Shippable technology and its core products, including Artifactory, a repository for managing software binaries; the Xray security scanning and compliance tool; Bintray, which supports scalability as a native repository for update distribution; and the dashboard Mission Control; Insight and Distribution.

At its annual swampUP user conference this week in San Francisco, JFrog Chief Technology Officer Yoav Landman announced a beta version of a new unified experience between its products, which includes unified permissions; a metadata microservice delivering package and security data in one place, and more.

It has made the platform more cloud native — it joined the Continuous Delivery Foundation — created a service mesh to communicate between services and master node Artifactory HA is optional now. To beef up security, in partnership with Risk-Based Security, announced earlier this year, its XRay tool includes integration with the VulnDB vulnerability database at no added cost.

“We went searching for the best CD engine, and that ended up being Shippable,” Landman said during Tuesday’s keynotes at the conference.

‘Native Steps’

Though JFrog already could be integrated with many continuous delivery platforms, the company wanted greater consistency between its products and to provide consistent visibility into internal JFrog processes.

A lot of that work already was in progress when it acquired Shippable earlier this year. Integrating Shippable between the March 1 acquisition close and swampUP posed a huge challenge, with a code close date by mid-May, Cavale explained.

JFrog had multiple, completely different products, and administration of them he called “a nightmare.”

“A lot of that foundational stuff was moving. We came in as an acquisition and had to work with that. It was a challenge to find a stable thing you could build on,” he said.

“So we’ve gotten those things worked out and will have a GA launch in a couple of months. Getting all the scale, the stress testing, we’re getting all that taken care of. We know the technology works, but we just want to make sure it scales and there are no bottlenecks” for enterprises, he said.

Before the acquisition, Shippable had started working on what it called “native steps” in continuous delivery.

“Companies are writing a lot of automation code to try to streamline their software delivery. … [but] you end up reaching this tipping point where the amount of automation you code becomes the bottleneck for you being able to innovate,” he said. “It’s just software, right? You start accumulating technical debt, you start having challenges with maintaining it. There’s a lot of tribal knowledge, whether you can reuse it.

“We realized we don’t understand why people have to do the same code again and again and again. Deploying to Kubernetes has been standardized, and we don’t understand why 10 different teams have to write automation code to deploy to Kubernetes 10 different ways. So we started building these native steps.”

He said that with Artifactory, JFrog had control valves. What it didn’t have was the plumbing of those control valves and was relying on customers to be able to plumb everything together.

“So we took the concepts we had developed as part of Shippable — we had a platform that was scaling to enterprise-grade and volume — and we added a bunch of native steps that are focused on the JFrog platform — package, bundle, distribute, promote, all of these things… That immediately caused a lot of excitement with customers because they realized they had been doing it bespoke and we were giving it to them out-of-the-box. It’s part of the platform, so they can just plug and play all these things and it’s just part of the CD workflows,” he said.

He described native steps in terms of Lego blocks.

“With the JFrog CLI, can do Docker build, Mavin build, Gradle build — a lot of build tools. We allow JFrog CLI to abstract those things and allow you to use Artifactory as the backbone. What we’ve done is made it declarative, so they don’t need to write any code, just say “configure” the build package, and we are doing all the heavy lifting,” he said.

“It’s the same thing with the release bundle. We expect people to do a lot of querying and stuff like that to build a release bundle, which we use to annotate and find it. Then we use that same release bundle to release to edge nodes.

‘Super DevOps’

There are benefits for developers beyond being freed from writing the same code over and over. He pointed to, co-founder and CEO Shlomi Ben Haim’s keynote on the concept of “super DevOps.”

“Ten years ago, you could find a person who would say, ‘I’m a Java developer’ or ‘I’m a .NET developer.’ These days, you can’t just be a Java developer. You’ve got to be a full-stack developer. You’ve got to know the networking stack. You’ve got to know the virtualization stack. Everything is getting into the hands of the developer in terms of how they configure… Before they’d just build an app and how to run it was somebody else’s problem,” Cavale said.

“What that means is that a lot of developers are doing things that they’re not as passionate about as building features. So what we’re doing is enabling them to simplify all the plumbing they have to do, so they can spend more time on the features that they’re actually passionate about building.”

“Super DevOps” involves a small team in an enterprise focused on building the pipeline, not the application or its features. Once it’s created, the rest of the organization can leverage it, he said. Another concept is for a native steps development kit — how to extend the platform beyond what JFrog has built.

JFrog will be working with about 16 large enterprises in a beta program over the next few months on feedback for the GA.

The company also is focused on collecting metadata on its processes in an effort to provide insights to customers, using machine learning and analytics, in areas such as developer velocity, potential hot areas within your source code where a patch might cause other interruptions, he said.

Platforms that offer “end-to-end” capabilities for a particular business function, such as DevOps, can be extremely valuable, noted Paige Bartley, senior analyst – Data, AI & Analytics at 451 Research.

They provide a collaborative ecosystem where all tasks related to that function can be carried out, managed, and monitored in one place without toggling between loosely-integrated products or applications: an especially valuable quality for business needs such as data governance and security. JFrog’s announcements of a unified UI experience and unified metadata collection and management further centralize control and management of the DevOps process, allowing developers to work faster and rapidly deliver business value, she said.

But as platforms expand and become more multi-functional, there are challenges as well, not unique to JFrog. There’s a greater likelihood of overlapping functionality with existing IT and software investments. Expanded platform functionality also has the tendency to encroach on the capabilities of the software provider’s existing technology partners, potentially creating “frenemy” situations.

“So for JFrog, the challenge is now to demonstrate the value of their platform as more than the sum of its parts, and to ensure enterprise adoption beyond the flagship JFrog Artifactory offering while still allowing flexibility for integration with other tools,” she said.

Jeffrey Hammond, vice president and principal analyst at Forrester Research, who attended the conference, called pipelines a “hot thing” in the industry.

“I’ve seen a few DevOps vendors working to improve automation and integration of delivery, and it sure beats having to build all that infrastructure from scratch like we used to when I was running dev teams,” he said.

Shippable, more than any of JFrog’s other acquisitions have moved the company off its traditional strength as an artifact repository and provided a broader value to clients, he said.

“That’s good for JFrog and the clients, but it does come with some risk of increased ‘coopetition’ with some of their partners, so it will be interesting to see how the evolves over time.”

And there are still important pieces of the continuous delivery pipeline that require that integration and partnering approach, he said, like test execution.

Feature image via Pixabay.

A newsletter digest of the week’s most important stories & analyses.

View / Add Comments

Please stay on topic and be respectful of others. Review our Terms of Use.