Welcome to the JFrog Blog

All Blogs

Proudly Announcing JFrog’s Full Conformance to OCI v1.1

Proudly Announcing JFrog’s Full Conformance to OCI v1.1

JFrog has long supported standards widely used by developers, including OCI container images. We started with our OCI-compliant Docker registry, then followed up with dedicated JFrog Artifactory OCI repositories. In our continued commitment to developer freedom of choice, we’re excited to take another leap forward. JFrog is now fully conformant to OCI v1.1. Source: OCI…
Trusted Software Delivered!

Trusted Software Delivered!

At swampUP 2024 in Austin just a few days ago, we explored the EveryOps Matters approach with the crowd of developers, driven by a consolidated view from their companies’ boardrooms and 2024 CIO surveys. The message was clear: “EveryOps” isn’t just a strategy or tech trend —  it’s a fundamental, ongoing mindset shift that must…
JFrog swampUP 2024: News and Updates Live From the Show Floor

JFrog swampUP 2024: News and Updates Live From the Show Floor

Live updates from this event have concluded. JFrog’s annual user conference, swampUP 2024, brings together developers, DevOps teams, security engineers, SREs, AI/ML Engineers, thought leaders, industry experts, and technical professionals from the world’s leading enterprises. Together, we’ll explore the latest advancements, best practices, and transformative strategies shaping modern EveryOps. Here are live keynote updates coming…
JFrog Unveils First Runtime Security Solution to Deliver Complete Software Integrity and Lineage from Code to Cloud

JFrog Unveils First Runtime Security Solution to Deliver Complete Software Integrity and Lineage from Code to Cloud

When it comes to software supply chain security, we all do everything we can to prevent insecure software from being released into production. Hence we see software supply chain security shifting left to discover potential threats as early as possible in the software development lifecycle. But what happens when vulnerabilities are only discovered after an…
High-Performance AI Unleashed

High-Performance AI Unleashed

The AI revolution is transforming enterprises faster than you can say, "sudo apt-get install skynet." According to McKinsey, 65% of organizations now regularly use generative AI, nearly doubling from last year. However, as developers rush to integrate AI into their products, the shift from AI proof-of-concept to production can feel like trying to assemble flat-box…
Streamlining Secure, Intelligent Development: The Power of GitHub and JFrog Together

Streamlining Secure, Intelligent Development: The Power of GitHub and JFrog Together

Today’s Hurdles to Efficient Software Development Picture this: You've just settled in at home after a long day, ready to relax, when suddenly your phone buzzes. It's a notification about a failed build in your latest project. Your heart sinks. Your mind starts racing to connect the dots… What went wrong? Where is it broken?…
Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk

Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk

JFrog's security research team continuously monitors open-source software registries, proactively identifying and addressing potential malware and vulnerability threats to foster a secure and reliable ecosystem for open-source software development and deployment. This blog details a PyPI supply chain attack technique the JFrog research team discovered had been recently exploited in the wild. This attack technique…
From MLOps to MLOops: Exposing the Attack Surface of Machine Learning Platforms

From MLOps to MLOops: Exposing the Attack Surface of Machine Learning Platforms

NOTE: This research was recently presented at Black Hat USA 2024, under the title “From MLOps to MLOops - Exposing the Attack Surface of Machine Learning Platforms”. The JFrog Security Research team recently dedicated its efforts to exploring the various attacks that could be mounted on open source machine learning (MLOps) platforms used inside organizational…
Out with the Old – Keeping Your Software Secure by Managing  Dependencies

Out with the Old – Keeping Your Software Secure by Managing Dependencies

During 2023, the U.S. witnessed a record high in supply chain cyber-attacks, affecting 2,769 organizations. This figure represents the largest number recorded since 2017, marking an approximate 58% annual increase in impacted entities. If there ever was a doubt, now it’s crystal clear that YOUR SOFTWARE SUPPLY CHAIN IS A TARGET. Developers, DevOps and Security…
The Software Extinction Event That Wasn’t

The Software Extinction Event That Wasn’t

Note: This blog post was previously published on DevOps.com Imagine if the world’s most pervasive programming language, used in the majority of organizations, services, websites and infrastructure today, was itself made to be malicious? Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container… due to the popularity of…