
JFrog S-1 - kressaty
https://www.sec.gov/Archives/edgar/data/1800667/000119312520228195/d841831ds1.htm
======
jsiepkes
Though Artifactory is currently still listed as being OSS on their site (
[https://jfrog.com/open-source/](https://jfrog.com/open-source/) ) they
stopped publishing the source code after the 7.0 release of Artifactory
(somewhere beginning this year). I guess this could be the reason. Having an
OSS product is not something investors get thrilled about...

Usually JFrog is pretty responsive on StackOverflow though for this particular
question they seem a bit evasive (
[https://stackoverflow.com/questions/43481238/where-is-the-
ar...](https://stackoverflow.com/questions/43481238/where-is-the-artifactory-
oss-source-code-located#comment108875520_43488742) ).

~~~
paxys
Rightly so, considering the next step for a lot of such OSS projects is AWS
offering it as paid hosted service with zero benefit to the maintainers. So
then they have to couple it with a restrictive license which devalues the
"open" part.

~~~
chrisseaton
> So then they have to...

Why do they _have_ to?

~~~
paxys
To make money

~~~
chrisseaton
Can they not compete with Amazon? The developers know the product best.

~~~
acdha
ElasticSearch or Redis seem like a good example of the challenges with that
approach. Managing contracts is tedious and there's a substantial convenience
factor for the difference between “click and it's running on your existing
bill” and “go somewhere else, get setup with a license, take over O&M for your
own servers”.

If it's really critical, you'll do that but a company has to be really
dependent on a piece of software (or unusually cognizant of the open source
maintainership problem) to go the second route. Built-in defaults carry a lot
of weight.

~~~
dtech
Jfrog is available on AWS marketplace, so at least they have the same
convenience even if papa Jeff still takes a cut.

~~~
acdha
Partially - the AWS Marketplace can avoid a procurement (which can be huge)
but then you’re running EC2 servers. The popularity of services like RDS
suggests there’s a good percentage of the market which will choose managed
options, which is great for them but doesn’t help the upstream developers
unless a cloud provider supports that development.

------
thesimon
I guess I've not worked in big enough corporates to use this.

Can any user here provide some context what JFrog does? The website doesn't
really say much, the example pipeline files for JFrog pipelines seem more
complex than GitLab CI.

~~~
awinder
For me JFrog is synonymous with Artifactory -- I think that was their earliest
/ bread & butter product? That may just be my interaction. It's an on-
premise/cloud hybrid source artifact repository. The nice thing about it is
that it is one product that can act as a maven/npm/pip/etc. repo. If you're in
a polyglot org (big enterprise) and you have security needs/historical baggage
to host on-premise (big enterprise) then you can do a lot worse picking a
solution. Also has nice API & CLI components for integration, it is far from
my least favorite of the enterprise-y sorts of things you can run into at a
big company :)

~~~
foxdev
What is an artifact in this context?

~~~
stingraycharles
A package, typically. Like a Maven package for java, a wheel/egg package for
Python, a gem package for Ruby, etc.

~~~
mey
Docker Containers

~~~
stingraycharles
I think you mean an image, not a container?

~~~
mey
That's correct, my apologies

------
djhaskin987
For those of you looking for an open source alternative to the otherwise
fantastic Artifactory product, have a look at Pulp, a Red Hat project that has
been rapidly maturing and gaining features over the past two years:
[https://pulpproject.org/](https://pulpproject.org/)

~~~
perlgeek
Does Pulp have proper support for Debian packages by now?

Last I looked, it didn't supported signing repositories (and these days, it's
basically impossible to get an unsigned repo into a Debian system).

~~~
Conan_Kudo
Pulp supports signing Debian repositories just fine with Pulp 3.

------
xfour
Three S-1's in one day, and the AirBNB prep last week. Is there just light
shining, or are these companies worried about the future prospects of the IPO
market?

~~~
ttul
In addition to what others have said, I think Amazon's Elastic Container
Registry is a huge threat to JFrog's prospects. Perhaps they need to IPO now
to gain access to the deep pools of capital they'll require to face down the
threat from Amazon. Or maybe this is one of those IPOs like SendGrid that is
fairly quickly followed by an acquisition.

~~~
ebabani
Both ECR and CodeArtifact are competition from AWS. If you're already using
AWS it's difficult to justify the switch to Artifactory, considering you also
lose integrations with things like instance roles when you switch.

~~~
lovehashbrowns
We have tried to switch over to CodeArtifact but it doesn't support as many
repo types as Artifactory. :( We use generic type repos a lot.

------
aphextron
Has anyone else had nothing but trouble with Artifactory? We are furiously
migrating away from it to Github packages for our internal NPM repository.
Their uptime has been abysmal.

~~~
dtech
We've been using their SaaS version for about 4 years now. Maybe a couple of
hours of downtime during that.

Unfortunately GitHub has been going down for multiple days this year, they've
definitely outpaced our Artifactory instance in terms of downtime.

------
malkia
Anyone has comparisons of this to NuGet?

~~~
liversage
Artifactory provides NuGet feeds. We even get the public packages
([https://nuget.org/](https://nuget.org/)) from an Artifactory feed. (Our
build servers don't have internet access.)

------
foxdev
Some interest snippets from Risk Factors[0]:

"Our business and operations have experienced rapid growth, and if we do not
appropriately manage future growth, if any, or are unable to improve our
systems, processes and controls, our business, financial condition, results of
operations, and prospects will be adversely affected."

"Our recent rapid growth may not be indicative of our future growth, and we
may not be able to sustain our revenue growth rate in the future. Our rapid
growth also makes it difficult to evaluate our future prospects and may
increase the risk that we will not be successful."

"We have a history of losses and may not be able to achieve profitability on a
consistent basis. If we cannot achieve profitability, our business, financial
condition, and results of operations may suffer."

"The markets for our products are new, unproven, and evolving and may develop
more slowly or differently than we expect. Our future success depends on the
growth and expansion of these markets and our ability to adapt and respond
effectively to evolving markets."

"Our results of operations are likely to fluctuate from quarter to quarter,
which could adversely affect the trading price of our ordinary shares."

"If we are not able to keep pace with technological and competitive
developments or fail to integrate our products with a variety of technologies
that are developed by others, our products may become less marketable, less
competitive, or obsolete, and our results of operations may be adversely
affected."

"A limited-functionality version of JFrog Artifactory is licensed under an
open source license, which could negatively affect our ability to monetize our
products and protect our intellectual property rights."

"The market for our products is nascent and highly fragmented, and we may not
be able to compete successfully against current and future competitors, some
of whom have greater financial, technical, and other resources than we do. If
we do not compete successfully our business, financial condition, and results
of operations could be harmed."

"JFrog Artifactory is at the core of our business and any decline in demand
for JFrog Artifactory occasioned by malfunction, inferior performance,
increased competition or otherwise, will impact our business, results of
operations and financial condition."

"If we are unable to increase sales of our subscriptions to new customers,
sell additional subscriptions to our existing customers, or expand the value
of our existing customers’ subscriptions, our future revenue and results of
operations will be harmed."

[0]
[https://www.sec.gov/Archives/edgar/data/1800667/000119312520...](https://www.sec.gov/Archives/edgar/data/1800667/000119312520228195/d841831ds1.htm#rom841831_4)

~~~
tempsy
this is very standard language. the goal with this section is just to cover
your tracks so no investor can sue you for omitting something, regardless of
the likelihood any of these risks ever come true.

~~~
Kiro
Interesting. Everyone was giving Uber a lot of heat on HN for writing similar
stuff in their S-1.

~~~
ttul
Yet, it's commonplace.

------
chromedev
With Helm, there is no need for Artifactory. You get Harbor, Verdaccio, etc.
It is silly to pay a company 100k+ when all this stuff is easily managed using
official or far more powerful tools.

~~~
anunnymouse
What about things that arn't built on top of Kubernetes?

~~~
chromedev
Those tools aren't built on Kubernetes, just easier to deploy in a production
manner using the official Helm charts.

~~~
oblio
What if I want to hook up my Maven builds to Artifactory, how does Helm help
me?

~~~
chromedev
There is a plugin for Helm to interface with Maven.

~~~
oblio
Umm... let me rephrase that.

Can I upload my Maven binaries to Helm? Does Helm store them? If I have a jar
or war, can Helm store them? Does Helm resolve Maven dependencies if I connect
to it and run mvn clean install locally?

