Welcome to the JFrog Blog

All Blogs

Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine

Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine

The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub. As a community service, the JFrog Security Research team continuously scans public repositories such as Docker Hub,…
Doing DevOps Your Way On SaaS Solutions: Connecting JFrog CLI to Your JFrog Workers

Doing DevOps Your Way On SaaS Solutions: Connecting JFrog CLI to Your JFrog Workers

In our previous blog post, we explored JFrog Workers, a JFrog Cloud Platform service that allows you to create customized workers that can respond to events in the platform. These workers can perform various tasks, from running code to adjusting functions, giving you more flexibility and control over your workflows. Allowing you to automate processes…
Embracing Complexity in DevOps: Software Supply Chain State of the Union 2024

Embracing Complexity in DevOps: Software Supply Chain State of the Union 2024

As we delve deeper into the era of software reliance, the 2024 JFrog Software Supply Chain report emerges as required reading for developers and DevOps professionals who are at the frontline of today’s technological innovations. DevOps and development themes from the 2024 report The report combines Artifactory data, analysis from the JFrog Security Research team,…
JCenter Sunset on August 15th, 2024

JCenter Sunset on August 15th, 2024

JFrog supported the Java community as the host of the JCenter repository for Java OSS libraries, packages and components as part of JFrog’s Bintray service for several years. When Bintray was deprecated on May 1st, 2021, to make way for the development and further advancement of the JFrog Platform, JFrog decided to continue the support…
When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI

When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI

In the rapidly evolving fields of large language models (LLMs) and machine learning, new frameworks and applications emerge daily, pushing the boundaries of these technologies. While exploring libraries and frameworks that leverage LLMs for user-facing applications, we came across the Vanna.AI library - which offers a text-to-SQL interface for users - where we discovered CVE-2024-5565, a…
JFrog & Qwak: Accelerating Models Into Production – The DevOps Way

JFrog & Qwak: Accelerating Models Into Production – The DevOps Way

We are collectively thrilled to share some exciting news: Qwak will be joining the JFrog family! Nearly four years ago, Qwak was founded with the vision to empower Machine Learning (ML) engineers to drive real impact with their ML-based products and achieve meaningful business results. Our mission has always been to accelerate, scale, and secure…
The Agenda is Live for swampUP 2024!

The Agenda is Live for swampUP 2024!

The excitement is building. JFrog is pleased to announce the awesome agenda we have assembled for swampUP 2024 at the Omni Barton Creek Resort & Spa in Austin. Join us Sep 9-11 for one of the premier DevOps conferences of the year, focusing on the latest trends in software development platforms, supply chain security, OSS…
JFrog4JFrog: DevSecOps Made Simple

JFrog4JFrog: DevSecOps Made Simple

Developers simply want to write code without interruption, while operations wish to build as fast as possible and deploy without restrictions. On the other hand, security professionals want to protect every step of the software supply chain from any potential security threats and vulnerabilities. In software development, every piece of code can potentially introduce vulnerabilities…
Taking a GenAI Project to Production

Taking a GenAI Project to Production

Generative AI and Large Language Models (LLMs) are the new revolution of Artificial Intelligence, bringing the world capabilities that we could only dream about less than two years ago. Unlike previous milestones, such as Deep Learning, in the current AI revolution, everything is happening faster than ever before. Many feel that the train is about…
How to Connect the JFrog Platform to Your GitHub Environment to Create a Seamless Integration

How to Connect the JFrog Platform to Your GitHub Environment to Create a Seamless Integration

The latest JFrog collaboration with GitHub enables you to easily combine your favorite solutions for source code and binaries in a seamless integration. This means you now have a unified comprehensive and secure end-to-end experience that supports your software projects. This integration covers everything from curating open source packages, coding, CI, release management, deployment and…