Welcome to the JFrog Blog

FILTER BY

All
Products
Solutions
Other
Gain real-time observability into your software supply chain with the New Relic Log Analytics Integration

Gain real-time observability into your software supply chain with the New Relic Log Analytics Integration

JFrog’s new log analytics integration with New Relic brings together powerful observability capabilities to monitor, analyze, and visualize logs and metrics from self-hosted JFrog environments. The integration is free for all tiers of self-hosted JFrog customers and utilizes the powerful, open source log management tool, Fluentd, to collect, process, and surface data in New Relic…
Examining OpenSSH Sandboxing and Privilege Separation – Attack Surface Analysis

Examining OpenSSH Sandboxing and Privilege Separation – Attack Surface Analysis

The recent OpenSSH double-free vulnerability - CVE-2023-25136, created a lot of interest and confusion regarding OpenSSH’s custom security mechanisms - Sandbox and Privilege Separation. Until now, both of these security mechanisms were somewhat unnoticed and only partially documented. The double-free vulnerability raised interest for those who were affected and those controlling servers that use OpenSSH.…
Release Trusted Software Faster – Our New release Lifecycle Management Beta Is Here

Release Trusted Software Faster – Our New release Lifecycle Management Beta Is Here

Releasing production-ready software is a complicated tangle of tools and processes lacking visibility, traceability, and consistency. This leads to custom integrations and human intervention, which create opportunities for mistakes, impede automation, and increase the likelihood of insecure software being released. JFrog's release lifecycle management capabilities enable "release first" software supply chain (SSC) management, delivering trusted…
How to Onboard to a Federated Repository

How to Onboard to a Federated Repository

Scaling up your development organization typically involves spreading development across multiple locations around the globe. One of the key challenges with multisite development is ensuring reliable access to required software packages and artifacts for teams collaborating across time zones. The JFrog Software Supply Chain Platform solves this challenge with federated repositories in JFrog Artifactory. What…
Striving for a “DigitALL” World That Empowers Everyone on International Women’s Day

Striving for a “DigitALL” World That Empowers Everyone on International Women’s Day

As I pondered the theme of this year’s International Women’s Day - DigitALL and Embracing Equality - it struck me how much we take for granted in our always-on, always-connected world. Technology has opened up countless opportunities for everyone, including women. At least those who have the necessary digital access to take advantage of it.…
Advanced DevOps Security With Development Flexibility

Advanced DevOps Security With Development Flexibility

Announcing the general availability of JFrog Xray’s advanced security features in self-hosted subscriptions, organizations have the flexibility to manage and secure their software development pipelines in-house and in the cloud. Since Developers and the DevOps infrastructure are the primary attack vector in the software supply chain, we designed our platform and the advanced security features…
Testing the actual security of the most insecure Docker application

Testing the actual security of the most insecure Docker application

Our previous research on CVE exploitability in the top DockerHub images discovered that 78% of the reported CVEs were actually not exploitable. This time, the JFrog Security Research team used JFrog Xray’s Contextual Analysis feature, automatically analyzing the applicability of reported CVEs, to scan OWASP WebGoat - a deliberately insecure application. The results identified that…
Complete your Software Supply Chain with GitLab CI/CD and JFrog

Complete your Software Supply Chain with GitLab CI/CD and JFrog

Software is more than building code. Developing software and ensuring quality builds requires managing a complete software supply chain. With the many security threats across the supply chain, managing each and every aspect of the software you deliver to your customers, including the entire process of how it was made, is critical to your organization.…
Automate Your Deployments on Kubernetes Using GitHub Workflows and JFrog Artifactory Custom Webhooks

Automate Your Deployments on Kubernetes Using GitHub Workflows and JFrog Artifactory Custom Webhooks

Full automation makes your Continuous Deployment (CD) faster, seamless and less error prone. For example, triggering the deployment of your Helm Chart when a Docker image is pushed to production. The latest JFrog Artifactory release makes this easy! With a new Custom Webhook feature that enables a direct integration with a variety of services such…