I'm currently evaluating repository firewalls for our self-hosted company, mainly due to concerns with npm. So far, I've considered Sonatype Repository Firewall and JFrog Curation. It seems like JFrog might have more capabilities, but it's also pricier than Sonatype. I'm wondering if anyone uses other tools or has any opinions on these two options?
3 Answers
We're using JFrog Curation with its compliant version feature, and it really helps reduce friction. It works great for us!
I have some experience with the Sonatype Repository Firewall, mainly using it for proxying. The UI has its rough moments, but overall it functions well with various policy options. When we compared it to JFrog, the price difference made sticking with Sonatype an easy choice for us.
I think JFrog is solid. I always check their website for a list of packages affected by npm breaches, and it seems like they do a better job in terms of research and development than Sonatype. I've used their Xray product before, and it was great. However, with recent npm attacks not always being recognized as vulnerabilities by traditional sources like the CVE database, JFrog Curation might be the way to go.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically