Welcome to the JFrog Blog

FILTER BY

All
Products
Solutions
Other
Key Take Aways from RSA 2024

Key Take Aways from RSA 2024

The impact of the 2024 RSA Conference on security in San Francisco was beyond expectations.  It was really a fantastic opportunity to meet an amazing group of individuals from all stages of the software supply chain from CISOs to researchers to development and security teams. Our discussions reflected the key challenges facing software security professionals…
3 Key Considerations for Securing Your Software Supply Chain

3 Key Considerations for Securing Your Software Supply Chain

An organization's software supply chain includes all the elements involved in developing and distributing software, such as components, tools, processes, and dependencies. Each link in this important chain presents the potential for security threats. Recent research conducted by Gartner shows a major increase in attacks targeting code, tools, open-source components, and development processes, particularly in…
Strengthening Software Supply Chain Security: Insights from RSA Conference 2024

Strengthening Software Supply Chain Security: Insights from RSA Conference 2024

It’s a wrap! RSA 2024 brought together cybersecurity experts, industry leaders, and innovators to delve into critical topics defining the future of digital security. One of the key themes that garnered significant attention at RSA 2024 was software supply chain security. The Growing Importance of Software Supply Chain Security With 61% of U.S. businesses directly…
Removing Friction Between DevOps and Security is Easier than you Think

Removing Friction Between DevOps and Security is Easier than you Think

Removing friction between DevOps and Security teams can only lead to good things. By pulling in the same direction, DevOps can make sure developers continue to work with minimum interruption, while automation and background processes make security more effective and consistent than before. And, security teams have the visibility and understanding of the software development…
Leveraging Shift Left and Shift Right for End-To-End Application Security

Leveraging Shift Left and Shift Right for End-To-End Application Security

Despite organizations' best efforts, security threats are on the rise, with malicious actors continuously evolving their tactics. Unfortunately, the situation is only intensifying as hackers from all walks of life leverage artificial intelligence (AI) and machine learning (ML) techniques. To combat these threats, security teams need to implement gates and controls throughout their entire software…
JFrog Security research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories

JFrog Security research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories

As key parts of the software ecosystem, and as partners, JFrog and Docker are working together to strengthen the software ecosystem. Part of this effort by JFrog's security research team involves continuous monitoring of open-source software registries in order to proactively identify and address potential malware and vulnerability threats. In former publications, we have discussed…
Ensure your models flow with the JFrog plugin for MLflow

Ensure your models flow with the JFrog plugin for MLflow

Just a few years back, developing AI/ML (Machine Learning) models was a secluded endeavor, primarily undertaken by small teams of developers and data scientists away from public scrutiny. However, with the surge in GenAI/LLMs, open-source models, and ML development tools, there's been a significant democratization of model creation, with more developers and organizations engaging in…
OpenTofu support comes to JFrog Artifactory

OpenTofu support comes to JFrog Artifactory

If you deploy container-based services in Kubernetes, chances are you’re also using infrastructure-as-code to help automate the provisioning and maintenance of the cloud environments where your applications will run. Up until recently, Terraform was “the name” in infrastructure-as-code. However, HashiCorp’s decision in the second half of 2023 to change Terraform from an open source license…
Supporting Next-Level Enterprise Scale in Software Development

Supporting Next-Level Enterprise Scale in Software Development

What it means to be “enterprise grade” has changed. In software development, the size of new artifacts and the pace of development has increased dramatically. Developers are now releasing new components daily, if not multiple times a day. With containerization, and now AI/ML models, new pieces of software can be multiple GBs or larger. In…
Live Panel Recap: Women in DevOps

Live Panel Recap: Women in DevOps

In celebration of International Women’s Day, I had the pleasure of speaking with two incredible female leaders in the software industry on our live panel session, “Women in DevOps: Moments of Leadership and Tech Evolution.” During the conversation with Jyostna Seelam, Senior Manager at Capital One, and Tracy Ragan, CEO of DeployHub, we discussed the…