Hi Dunken / Armin,
Artifactory has an integration with Black Duck software, and BD are behind
OpenHub, so that might do you. JFrog have also just come out with version 1.0
of X-Ray, which integrates with Artifactory and seems to be sort of a framework
for matching artifacts against data/rules from various sources and triggering
various notifications.
We've looked into both of them a little. So far it seems like Black Duck's
products have a bigger database of vulnerabilities, does more out of the box,
and probably integrates with more than just Artifactory. On the other hand,
X-Ray is a bit more customisable (it's almost a toolkit) but is still an "early
days" product. Depending on what you want to scan and how, you may find that
one is significantly more expensive than the other.
We also found a couple of non-commercial things but haven't looked into them
much:
https://dependencyci.com/
https://blog.versioneye.com/2016/06/28/versioneye-goes-open-source/
Hope that's useful
Hugh Greene
Senior Software Developer
Toshiba Medical Visualization Systems Europe, Ltd
Bonnington Bond, 2 Anderson Place, Edinburgh EH6 5NP, UK
P 44 (0)131 472 4792 | F + 44 (0) 131 472 4799
E mailto:[email protected] | W http://www.tmvse.com
DISCLAIMER
Unless indicated otherwise, the information contained in this message is
privileged and confidential, and is intended only for the use of the
addressee(s) named above and others who have been specifically authorized to
receive it. If you are not the intended recipient, you are hereby notified that
any dissemination, distribution or copying of this message and/or attachments
is strictly prohibited. The company accepts no liability for any damage caused
by any virus transmitted by this email. Furthermore, the company does not
warrant a proper and complete transmission of this information, nor does it
accept liability for any delays. If you have received this message in error,
please contact the sender and delete the message.
-----Original Message-----
From: Dunken [mailto:[email protected]]
Sent: 17 August 2016 16:04
To: [email protected]
Subject: [Artifactory-users] Open-Hub-like plugin for Artifactory
I'm looking for a plugin for Artifactory which can be used for evaluating,
tracking, and comparing open and closed source code and projects (something
similar to Open Hub). Does something like this already exist? Is Artifactory
even a good place for such plugins?
Many thanks!
--
View this message in context:
http://forums.jfrog.org/Open-Hub-like-plugin-for-Artifactory-tp7581162.html
Sent from the Artifactory - Users mailing list archive at Nabble.com.
------------------------------------------------------------------------------
_______________________________________________
Artifactory-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/artifactory-users
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
------------------------------------------------------------------------------
_______________________________________________
Artifactory-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/artifactory-users
