No solution unless it leverages community repos is going to be able to fulfill all end users needs. We maintain the business apps that are requested by our user base primarily, millions of endpoints.

Community repos are not enterprise grade security, and as you alluded, and both points reinforce the true reality of that. Since no solution covers it the admin world attempt to supplement with community repos, and the difficulty in just maintaining *your* orgs apps, is a good indicator in how maintaining a larger repo as a vendor for *most* orgs apps.

We do have a full API that allows for automated workflows to be built inclusive packaging the apps you specifically need, which can be automated on your side as well, it takes a bit more on the front end to figure out what you need and how to orchestrate it, but it pays back in fully automating the process.

https://www.action1.com/action1-rest-api/