CAST Highlight vs. JFrog Artifactory

I think CAST is a great tool to give insight into your applications. The tool can be met with resistance from team members as the tool is going to expose defects that should be addressed. Out of the box, it may need some tailoring to focus on certain areas so that you are not overwhelmed with defects the first time you scan your code. But ultimately, you will want to eliminate all defects in the code and have all violations turned on.

Incentivized

It works at scale and a large number of accessible pipelines for searching, repository updates and indexing will become easier. JFrog provides end-to-end solutions for all DevOps needs. With this, Jfrog Artifactory specifically implements the management of highly available repositories, with a smooth interface and integration with all the main CI tools on the market.

Incentivized

• Identifies common coding vulnerabilities.
• Compares code to industry best practices.
• Assesses the code for data privacy compliance.

Incentivized

• Artifactory Management acting as a repository manager of docker images, application and component dependencies
• Automate pipelines and thereby releasing changes faster
• Supports high availability and scalability with multi site replication

Incentivized

• Code scans could be faster. A large application may need to be broken down into smaller sub-applications in order to facilitate faster code scans.
• We spent a lot of time trying to figure out how to best structure our code base in the application for ultimate performance.

Incentivized

• We can always use support for more different types of packages in Artifactory.
• We also would like to see the Artifactory X-Ray produce continue to mature.

Incentivized

The main problem that seems intractable is getting the checksum of the artifact. Managing container artifacts is a game changer for us during project execution, as the container artifact type exposes all base image and Docker file steps. This makes debugging or analysis easier. Jfrog Artifactory provides promotion feature and can automated from one environment repo to another environment repo before the deployment occurs.

Incentivized

Tech support and pro services are top-notch.

Incentivized

Support tickets take days to respond. The most basic of questions that should be knocked out in a few hours don't get answers for days. Tickets are also closed without resolution.

These other tools only do a part of what CAST does. CAST gives a comprehensive view into the code looking at all aspects, code quality, security, maintainability, vulnerability, privacy, reuse, etc. These other tools only focus on one or two dimensions.

Incentivized

JFrog Artifactory has a much more friendly GUI, making package exploration less of a chore to do. Other than that, their features are pretty much comparable to each other. Both support multiple types of packages; both have API that can integrate well with CI/CD pipelines.

Incentivized

• I believe once we had the tool working for our code base, we immediately saw positive ROI.
• We spent some time getting to where our code code be scanned efficiently but some of that was trying to do things ourselves instead of fully utilizing Cast Professional Services. I highly recommend to do an engagement with CAST to have them help setup the tool in your environment or to run it in the cloud for you.

Incentivized

• So many times it happens at the time of dependency resolution some of the servers are down e.g NPM, Maven central, PiPy in that cause our builds starts failing. By proxying these repositories with JFrog this is never happened again.
• It reduced the additional cost of container image registry and management effort.
• Support of integration with Build, Monitoring, and CI tools resulted in smooth automation and management.

Incentivized