In my previous company, we used JFrog Artifactory extensively and, in all honesty, it's a damned good tool. I would absolutely use it again. However, in my current company, we do not have a budget to do that. As it stands we're using Harbour for docker but .deb and .rpm files are stored in with the source code.
Is there a nice solution that can role it all into one with the CVE scanning and Cosign? I'd kill to go back to JFrog. I've tried getting Pulp to work, but it's just "not" playing ball. Plus to get a UI, it needs extra steps.
