JFrog has published its Software Artifact State of the Union report, which reveals the packages and binaries most in use by enterprise developers today to deliver software from design to production. Docker and Maven dominate, but there are other interesting insights.

JFrog provides an end-to-end DevOps platform for the software supply chain and has over 7K customers worldwide, including the majority (85%) of the Fortune 100. At the heart of the JFrog Platform is the JFrog Artifactory, described as:

a universal DevOps solution that manages and automates artifacts and binaries from start to finish during the application delivery process. 

This video provides an introduction:

Data for the Software Artifact: State of the Union 2023 was collected directly from usage of the JFrog Artifactory between January 2020 and October 2022.

Overall, the report finds, on average, organizations are using seven package types with more than 100,000 artifacts, with 28% of organizations now storing more than 5PB of artifacts in their repositories.

For the report JFrog ranked 28 Software Technologies in terms of popularity, a measure based on the total number of repositories maintained, from the total of around 4.2 million, together with the number of download/upload actions, which number in the billions.

Docker with 1,330,329 Active Repositories, more than 25% of the total and Maven 1,183,167 Active Repositories ranked in the two top positions and in third position came Npm with 313,992, closely followed by YUM with 307,549. At the bottom of the ranking come a dozen packages with fewer than 20,000 repos. These are the ones that form a solid mass that the bottom of the chart:

Fortunately this is an interactive chart. By clicking on the package type below the x-axis you can toggle the display of each one. You can also click on points on the chart for information. This lets you drill down into packages of interest, as in this comparison of PyPi and Npm:

So what are the main takeaways from this report?

• Containers are king: Use of Docker and Helm Charts has dramatically increased over the last two years, indicating more organizations are taking a cloud-native approach and designing larger, more sophisticated artifacts for use by applications such as the Metaverse, Blockchain, or cryptocurrency. 
• The Old Guard Stands Strong: Over 90 percent of organizations are maintaining a Maven repo, which is most used for indexing software artifacts composed of Java, JavaScript, Python, and C and C++.
• Increasing focus on Memory Safety for Securing the Software Supply Chain: Modern languages, such as Swift, Go, and Rust (Cargo) are designed with built-in safety mechanisms to make the developer aware of any potential issues when coding so they can avoid future detrimental software supply chain attacks. To that end, use of Rust (and its package manager, Cargo) grew 98X since April 2021.
• Preparing for IoT and the Edge: Rust (Cargo), C and C++ – the primary languages used when designing software to run on edge and IoT devices – grew exponentially between January 2020 and October 2022, along with Conan – the decentralized package manager for C/C++ – which grew 5.2X over the same period.
• Terraform: The infrastructure-as-code (IaC) standard: Terraform repositories showed the highest growth trajectory of any package type since May 2022, indicating companies see the benefit of moving IaC files to a full-featured, binary-based, secure management solution.  

The report concludes with some predictions for 2023. From the developer point of view this is the most pertinent:

From a talent standpoint, this might mean you need a few extra developers on your UX, cloud native, or mobile-first design teams. While there are still a few industries where migration to the cloud is slower due to business and/or data location, data privacy/sovereignty, regulatory requirements, etc., the overall shift to the cloud and adoption of K8s will continue to accelerate as the variety, volume, and size of software packages continues to grow. We’ll also likely see increasing hoards of companies take advantage of the dynamic nature of cloud infrastructure with frameworks such as Terraform.

More Information

JFrog

Software Artifact: State of the Union 2023

Related Articles 

Top 25 Languages For DevOps

Most Used and Fastest Growing Languages

Sysdig Exposes The Risk and Cost Of Cloud Usage

Insights Into Successful Software Delivery

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info