Sold by: abyo software
Deployed on AWS
FerroRepo is a Rust-native universal artifact repository that runs as a single self-contained binary and speaks the wire protocols of Sonatype Nexus Repository 3 and JFrog Artifactory, so existing Maven, npm, pip, cargo, docker, and helm clients work unchanged.
Overview
FerroRepo is a Rust-native universal artifact repository - a single self-contained server that stores and serves software packages across the major ecosystems and speaks the on-the-wire HTTP protocols of Sonatype Nexus Repository 3 and JFrog Artifactory, so existing build tools work unchanged. It runs as one process with no JVM and no external database to operate, persisting metadata to an embedded SQLite database and blobs to a local volume or to object storage, and it boots in well under a second on a small instance. A classic Nexus or Artifactory deployment needs a JVM, gigabytes of heap, and an external database before it serves a single artifact; FerroRepo's single-binary mode replaces that with one hardened binary that ships as a self-contained AMI.
What FerroRepo does today (v0.1.0): it serves 12 of 18 package protocols fully wired with in-tree conformance tests - Maven, npm, OCI / Docker Registry v2, PyPI (PEP 503 family), Cargo (sparse index), Go module proxy, Raw/Generic, NuGet v3, RubyGems (Compact Index), Helm (classic + OCI), APT, and YUM/DNF - plus a Nexus REST v1 and Artifactory-compatible admin surface. Storage is tiered (hot/warm/cold) with content-addressed blob de-duplication and pluggable S3 / GCS / Azure / MinIO blob backends via object_store. Authentication is on by default with a secure-by-default posture: anonymous reads are allowed (public-mirror friendly) while every write and admin action requires an authenticated principal with the right scope; built-in users, or federation to an external OIDC issuer, are supported, and a unique random admin password is generated on first boot. The supply-chain stack is real: SPDX and CycloneDX SBOMs, cosign keyless signing, and SLSA provenance are produced for releases.
Security and engineering posture is verifiable: every crate uses #![forbid(unsafe_code)], clippy runs clean at -D warnings (CI-enforced workspace-wide), there are zero unwrap() in production code, an SBOM is produced in CI, and continuous fuzzing runs against the parsers. The first-boot admin credential is newly generated and unique per instance (never a default or shared password) and is published to AWS Systems Manager Parameter Store as a SecureString by the provided CloudFormation / Terraform quick starts; the metadata volume is retained and encrypted at launch.
Honest scope: the supported topology is single-node (single-binary) with SQLite metadata on a durable EBS volume and the blob tier on S3; six rarer protocols (Conan, Conda, CRAN, Hex, CocoaPods, Bazel) are scope-declared and return 501 today; a horizontally scaled multi-node / Postgres-metadata topology is on the roadmap and is not yet supported - multi-node configurations are not deployed by the quick starts. This listing sells a hardened, scanned, supported distribution built from the Apache-2.0 source at a pinned release version; the code itself remains Apache-2.0. The AMI is metered automatically by AWS per running instance-hour, with no metering code in the product.
Highlights
- One self-contained binary, no JVM and no external database to operate: FerroRepo persists metadata to embedded SQLite and blobs to a local volume or S3, and boots in under a second - it ships as a hardened, AWS-scanned AMI that runs on a small instance.
- Drop-in wire compatibility: FerroRepo speaks the Nexus Repository 3 and Artifactory HTTP protocols and serves 12 of 18 package ecosystems today - Maven, npm, OCI/Docker, PyPI, Cargo, Go, Raw, NuGet, RubyGems, Helm, APT and YUM/DNF - so mvn, npm, pip, cargo, docker, helm and apt/yum clients work unchanged.
- Hardened and supported: every crate uses #![forbid(unsafe_code)], clippy is clean at -D warnings, SPDX/CycloneDX SBOMs plus cosign and SLSA provenance are produced in CI, auth is on by default with a random per-instance admin password, and a paid support SLA is included.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (Arm) Amazon Machine Image (AMI)
Latest version
Operating system
AmazonLinux 2023
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
c7g.large Recommended | $0.05 |
c7g.2xlarge | $0.15 |
c7g.xlarge | $0.10 |
t4g.medium | $0.03 |
c7g.4xlarge | $0.20 |
c7g.medium | $0.03 |
m7g.xlarge | $0.10 |
t4g.large | $0.05 |
m7g.large | $0.05 |
r7g.large | $0.05 |
Vendor refund policy
FerroRepo software charges are metered by AWS Marketplace per running instance-hour; stop or terminate the instance to stop hourly charges. Annual upfront subscriptions are non-refundable except as required by applicable law. For billing or product questions contact aws-support@abyo.net .
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (Arm) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
FerroRepo v0.1.0 - Rust-native universal artifact repository. Single self-contained binary; speaks the Nexus Repository 3 and Artifactory HTTP protocols. 12 of 18 package ecosystems fully wired (Maven, npm, OCI/Docker, PyPI, Cargo, Go, Raw, NuGet, RubyGems, Helm, APT, YUM/DNF). SQLite metadata + S3/local blob tier; auth on by default (anonymous read, authenticated write) with a random per-instance admin password. #![forbid(unsafe_code)], clippy clean, SBOM + cosign + SLSA in CI. Honest scope: supported topology is single-node single-binary; Conan/Conda/CRAN/Hex/CocoaPods/Bazel are scope-declared 501s; multi-node/Postgres is roadmap. Metered automatically by AWS per instance-hour (no metering code).
Additional details
Usage instructions
Launch the self-contained FerroRepo AMI on EC2 (Graviton/arm64) using the provided CloudFormation or Terraform quick start (marketplace/cloudformation/quickstart.yaml or marketplace/terraform), ideally behind an Application Load Balancer with TLS terminated at the ALB; do not expose the service port (8080) directly to the internet. The quick start attaches a retained, encrypted EBS metadata volume, generates a random admin password and stores it in AWS Systems Manager Parameter Store as a SecureString at /ferrorepo/<stack>/admin-password, and creates an S3 bucket for the blob tier. Retrieve the admin password with: aws ssm get-parameter --name /ferrorepo/<stack>/admin-password --with-decryption. Anonymous reads are allowed by default; every write and admin action requires authentication. Point your existing Maven, npm, pip, cargo, docker, helm or apt/yum clients at the load balancer endpoint. The supported topology is single-node (single-binary); multi-node configurations are not deployed by the quick start. See docs/marketplace and HONEST-LIMITATIONS in the repository.
Support
Vendor support
Support for FerroRepo is provided by abyo software. Primary support contact: email aws-support@abyo.net (first response within one business day; the Enterprise tier via Private Offer adds a 24/7 SLA with a one-hour response for Critical issues). Send all product, deployment, and billing questions to aws-support@abyo.net .
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.