We compared Sonatype Nexus Repository and JFrog Artifactory based on our user's reviews in several parameters.
In comparing Sonatype Nexus Repository and JFrog Artifactory, both offer reliable artifact management, seamless integration with build tools, and valuable customer support. Sonatype stands out for its robust security and customizable permissions, while JFrog is praised for its high-quality storage capabilities and ease of use. Sonatype offers cost-effective pricing and positive ROI, while JFrog is commended for its efficient efficiency and productivity gains. However, users note room for improvement in Sonatype's UI and setup process, while JFrog users seek enhancements in UI, customization, and performance.
Features: Sonatype Nexus Repository stands out for its robust security, customizable user permissions, and seamless integration with build tools. JFrog Artifactory impresses users with its efficient storage and management capabilities, reliable performance, and intuitive navigation.
Pricing and ROI: The setup cost of Sonatype Nexus Repository has been praised for being reasonable and competitive. Users have found the process straightforward with minimal costs. On the other hand, JFrog Artifactory is appreciated for its affordability and flexible pricing options, with a reasonable setup cost and straightforward licensing terms., Sonatype Nexus Repository has shown positive outcomes in terms of ROI with cost-effectiveness, streamlined development process, improved security, and reduced troubleshooting time. Users appreciate its value and utility. On the other hand, JFrog Artifactory provides enhanced efficiency, improved software development processes, increased productivity, time savings, reduced errors, and a centralized artifact repository. It proves to be a valuable investment, benefiting organizations substantially.
Room for Improvement: Sonatype Nexus Repository users have called for improvements in the user interface, setup process, and documentation. JFrog Artifactory users have suggested enhancements in usability, customization options, performance, and documentation.
Deployment and customer support: Users' reviews indicate that both Sonatype Nexus Repository and JFrog Artifactory require a significant amount of time for deployment and setup. However, the reviews highlight a difference in interpretations, as one Sonatype user suggests the terms refer to separate timeframes, while JFrog users imply they likely represent the same period., Users have praised both Sonatype Nexus Repository and JFrog Artifactory for their customer service and support. Sonatype is known for its knowledgeable and efficient assistance, while JFrog is praised for its prompt and helpful assistance and responsiveness.
The summary above is based on 14 interviews we conducted recently with Sonatype Nexus Repository and JFrog Artifactory users. To access the review's full transcripts, download our report.
"The most valuable feature is that it is a centralized repository and that you can open multiple repositories for different types of artifacts."
"The feature that I like is Permission Targets. If I want to give permission to only deploy the cache, I can give that permission to a set of users. Similarly, if I want to overwrite an artifact with the same name from the same pipeline, I can give permission for that as well to particular users."
"The core functionality is most valuable for indexing and metadata of all the artifacts, but within the last year or two, we've been using the Projects feature, which has been very helpful. We can now assign individual admins for different projects and repos so that they can self-manage their own user permissions for their data. My IT DevOps team doesn't have to be the facilitators of that. It's now more of a self-service capability for them."
"The package registries have been helpful. GitLab, our previous solution, wasn't managing that well."
"HPE was using it for a lot of things, and they certainly had a massive implementation."
"The most valuable feature right now is that the tool is invisible. I've set it up so that it works in my build process and my release processes, and it just works. I hardly ever need to go into the UI to check up on things or correct anything. By far, the biggest feature for me is that after setup, it just keeps on working."
"The most valuable feature I have found is the JFrog CLI."
"It has very good enterprise integration, so we are able to integrate it with the rest of our infrastructure for authentication, for role management. That is very useful."
"If there are any issues in build security, it can pick them up straight away."
"Navigation on the UI is easy and simple to understand."
"The most important feature of Nexus Repository Manager is the storing and sharing of components. For Nexus IQ, it's the scanning of projects and the rating of vulnerabilities and license violations that we may have in our products."
"The core features are the most important: We can host libraries, upload them, and they can be used across multiple teams."
"I have found managing the artifact features very useful."
"While there aren't many features, they're all useful, particularly the ability to store and retrieve content, and to proxy all of the features that an enterprise repository manager should have."
"The customer service and support are good ."
"We're looking for something that has additional reporting capabilities on data growth and data aging. This goes back to storage lifecycle management so that the actual Artifactory itself can provide these reports to either the administrators or the users. I don't know if it has those capabilities. That's something we have to look into regarding the self-service dashboard, but the tool itself having those capabilities would be great rather than trying to do it at the underlying storage hardware layer."
"The latest version that I am using is 7.41. It has been upgraded graphics-wise, but there is a bit of slowness. They can improve the graphical interface for the admin jobs and make it faster."
"I would like to see written technical support instead of having to contact them directly."
"It's an enterprise product that acts like an enterprise product. In other words, it's not a product where they focus on user experience. I wasn't an administrator, so I primarily worked with the command line tool to upload and download parts of the product. I was not impressed with that because it wasn't well documented. It was challenging to figure out how to get things to work."
"The documentation is a bit sparse. That's our only complaint."
"In some of the latest versions of JFrog's SaaS solution, they changed the user interface, the SSO settings, how you interact with them over API, and how you generate tokens. It was very confusing for me. The overall user management is very complicated."
"Jira integration is something that I would like to see improved. I have already talked with their support, and there is a development ticket open for that. If there is any Xray-related information that should be shared within the development pipeline for security remediation or license or whatever, then I would like to see a ticket to be created automatically in the right project. That's something that's not working with Jira Cloud at the moment. Hopefully, they will be able to address that."
"[A] main feature that is missing in Nexus IQ is the ability to explore the history of the different reports that have been generated for a given product. For the time being, in the Nexus IQ UI, we are only able to browse the latest reports that have been generated for a given product. It would be really useful for us to be able to go back in time by browsing through the reports and to have a tool that would give us the evolution of the metrics."
"The only thing that I would like to see is multifactor authentication. This is a critical feature that must be included."
"They should have the ability to support multiple data centers. That is actual scalability and, in effect, high-availability."
"I would like to see them build in some scanning features out-of-the-box, as opposed to only getting them by buying the add-ons of Nexus IQ Server. I would like to see some level of ability to filter in the tool itself, through scanning the binaries in there."
"I'm waiting for hot publication between several Nexus instances. That's more important for me right now because in our company we have several locations distributed all over the world, and each location is producing its own artifacts, sometimes for the same project. I really would appreciate a scenario where the developers could provide their data to the local repository and it would be hot-replicated to the other repository instances."
"When it comes to uploading NPM libraries, JavaScript dependencies libraries, it is a little bit of a convoluted process. They need to improve uploading libraries for NPM-type repositories."
"They could improve the user interface and REST APIs."
"If your emphasis shifts towards NPM products or NuGet, using Nexus is still feasible but may require more effort. The tool is more centered around Maven, making it a bit challenging to seamlessly integrate with NPM."
JFrog Artifactory is ranked 2nd in Repository Managers with 7 reviews while Sonatype Nexus Repository is ranked 1st in Repository Managers with 15 reviews. JFrog Artifactory is rated 7.8, while Sonatype Nexus Repository is rated 8.2. The top reviewer of JFrog Artifactory writes "Stores all our artifacts, allows users to manage permissions for their data, and is very stable". On the other hand, the top reviewer of Sonatype Nexus Repository writes "Vastly improved our whole release cycle; automated processes help to deliver code". JFrog Artifactory is most compared with Archiva, Bitbucket Data Center, Inedo ProGet and Cloudsmith, whereas Sonatype Nexus Repository is most compared with Archiva, Bitbucket Data Center, Inedo ProGet, EMCO Remote Installer and EMCO MSI Package Builder. See our JFrog Artifactory vs. Sonatype Nexus Repository report.
See our list of best Repository Managers vendors.
We monitor all Repository Managers reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.