Docker taps JFrog Artifactory for developer partnership

A new partnership helps developers access Docker Hub through JFrog Artifactory to simplify how DevOps teams work together.

JFrog and Docker have launched a partnership that allows developers using the JFrog Artifactory repository manager to access software components on Docker Hub and Docker Official Images in order to scale the use of containers in the enterprise.

JFrog's Artifactory is a repository for developers to manage software artifacts, container images and Helm charts. A Helm chart is a collection of files that describe a related set of Kubernetes resources.

"I think this is part of a key bridge for JFrog to make sure they are covered or have a point of entry in cloud-native pipelines," said Thomas Murphy, an analyst at Gartner. "It is important for JFrog to have a single delivery chain that gives you a consistent experience, handles all types of assets and makes it easy to drive secure delivery -- their continuous compliance angle."

Unlimited access to images

The partnership will empower developers building cloud-native applications with the knowledge that their software components are hosted in a proven, secure repository. Overall, this deal exempts cloud users of the JFrog DevOps Platform from Docker Hub's image-pull rate limits, said Stephen Chin, vice president of developer relations at JFrog, in a blog post.

"The impetus is developers today have the benefit of using containers to assemble applications as a result of the container revolution, but one of the concerns that developers have is: Do they know that they are getting quality content?" said Scott Johnston, CEO of Docker, in an interview. "Do they know that nothing has been introduced to put at risk that content? And so this partnership is going to allow developers to quickly understand and assess the quality of the containers that they're using and help them move faster to ship code."

The pact brings together content on Docker Hub and the Docker official images and provides a joint platform that enables the consumption of those container images and safely distributes them throughout an organization. Developers also gain access to content from Docker Verified Publishers.

The objective of this partnership is simple: How can we ensure developers can get the images they want and trust, and make sure they can access them in whatever development process they are using from a centralized platform?
Matt CarterVice president, Docker

"The objective of this partnership is simple: How can we ensure developers can get the images they want and trust, and make sure they can access them in whatever development process they are using from a centralized platform," said Matt Carter, vice president of product and alliance marketing at Docker, in a blog post.

A sound strategy

This approach could resonate with enterprises that have a mix of legacy applications and containerized software assets.

"For JFrog, it provides them an opportunity to say that their platform is built to handle today's enterprise needs," said Krishnan Subramanian, an analyst at Rishidot Research in Redmond, Wash. Meanwhile, it helps Docker reach enterprise customers who are already using Artifactory and opens up monetization opportunity, he added.

"Having said that, Kubernetes has shifted the focus from container registry to storing the Kubernetes artifacts -- including container images that may not be Docker and YAML files -- in [a] Kubernetes registry," Subramanian said. JFrog has already ventured in that direction, he added.

Meanwhile, developers can pull container images on the Docker desktop from JFrog Artifactory to their desktops for easy consumption.

"You need to have to go all the way to where the containers, the images are hosted and created," said Shlomi Ben Haim, CEO of JFrog, in an interview. "And the Docker Hub is the habitat for all developers when they need to use container technology. We basically provide you with an end-to-end system for your containers that not only streamline the containers … but also [gives] you a frictionless business model that works perfectly between two vendors -- both on premises and in the cloud."

The first phase of this partnership is intended to give developers a better way to work with Artifactory and Docker together.

"What we have done on the Artifactory side is that we made it very easy for developers to use Docker Hub in one click," Ben Haim said. "So from the Artifactory UI, whether you are a Salesforce developer using a self-hosted solution or using something else, in one click you will integrate and work perfectly with Docker Hub."

Once the images are hosted in Artifactory, developers can then streamline Docker containers all the way to deployment in a production environment.

Other benefits of the deal include the potential for enhanced security for developers that use the JFrog Xray vulnerability scanning tool, which gives developers continuous scanning of the images they pull from Docker Hub.

Darryl K. Taft covers DevOps, software development tools and developer-related issues from his office in the Baltimore area. He has more than 25 years of experience in the business and is always looking for the next scoop. He has worked at various technology publications including Government Computer News, Computer Systems News (CSN), CRN, The New Stack and eWeek. Taft is a member of the Association for Computing Machinery (ACM) and was named "one of the most active middleware reporters in the world." He also has his own card in the "Who's Who in Enterprise Java" deck.​

Dig Deeper on Software development lifecycle

Cloud Computing
App Architecture