Welcome to the JFrog Blog

All Blogs

How to Connect the JFrog Platform to Your GitHub Environment to Create a Seamless Integration

How to Connect the JFrog Platform to Your GitHub Environment to Create a Seamless Integration

The latest JFrog collaboration with GitHub enables you to easily combine your favorite solutions for source code and binaries in a seamless integration. This means you now have a unified comprehensive and secure end-to-end experience that supports your software projects. This integration covers everything from curating open source packages, coding, CI, release management, deployment and…
GitHub and JFrog Partner To Unify Code and Binaries for DevSecOps

GitHub and JFrog Partner To Unify Code and Binaries for DevSecOps

Note: This post is co-authored by JFrog and GitHub and has also been published on the GitHub blog As the volume of code continues to grow exponentially, software developers, DevOps engineers, operations teams, security specialists, and everyone else who touches code are increasingly spending their time in the weeds of securing, delivering, and scaling software.…
The basics of securing GenAI and LLM development

The basics of securing GenAI and LLM development

With the rapid adoption of AI-enabled services into production applications, it’s important that organizations are able to secure the AI/ML components coming into their software supply chain. The good news is that even if you don’t have a tool specifically for scanning models themselves, you can still apply the same DevSecOps best practices to securing…
Key Take Aways from RSA 2024

Key Take Aways from RSA 2024

The impact of the 2024 RSA Conference on security in San Francisco was beyond expectations.  It was really a fantastic opportunity to meet an amazing group of individuals from all stages of the software supply chain from CISOs to researchers to development and security teams. Our discussions reflected the key challenges facing software security professionals…
3 Key Considerations for Securing Your Software Supply Chain

3 Key Considerations for Securing Your Software Supply Chain

An organization's software supply chain includes all the elements involved in developing and distributing software, such as components, tools, processes, and dependencies. Each link in this important chain presents the potential for security threats. Recent research conducted by Gartner shows a major increase in attacks targeting code, tools, open-source components, and development processes, particularly in…
Strengthening Software Supply Chain Security: Insights from RSA Conference 2024

Strengthening Software Supply Chain Security: Insights from RSA Conference 2024

It’s a wrap! RSA 2024 brought together cybersecurity experts, industry leaders, and innovators to delve into critical topics defining the future of digital security. One of the key themes that garnered significant attention at RSA 2024 was software supply chain security. The Growing Importance of Software Supply Chain Security With 61% of U.S. businesses directly…
Removing Friction Between DevOps and Security is Easier than you Think

Removing Friction Between DevOps and Security is Easier than you Think

Removing friction between DevOps and Security teams can only lead to good things. By pulling in the same direction, DevOps can make sure developers continue to work with minimum interruption, while automation and background processes make security more effective and consistent than before. And, security teams have the visibility and understanding of the software development…
Leveraging Shift Left and Shift Right for End-To-End Application Security

Leveraging Shift Left and Shift Right for End-To-End Application Security

Despite organizations' best efforts, security threats are on the rise, with malicious actors continuously evolving their tactics. Unfortunately, the situation is only intensifying as hackers from all walks of life leverage artificial intelligence (AI) and machine learning (ML) techniques. To combat these threats, security teams need to implement gates and controls throughout their entire software…
JFrog Security research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories

JFrog Security research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories

As key parts of the software ecosystem, and as partners, JFrog and Docker are working together to strengthen the software ecosystem. Part of this effort by JFrog's security research team involves continuous monitoring of open-source software registries in order to proactively identify and address potential malware and vulnerability threats. In former publications, we have discussed…
Ensure your models flow with the JFrog plugin for MLflow

Ensure your models flow with the JFrog plugin for MLflow

Just a few years back, developing AI/ML (Machine Learning) models was a secluded endeavor, primarily undertaken by small teams of developers and data scientists away from public scrutiny. However, with the surge in GenAI/LLMs, open-source models, and ML development tools, there's been a significant democratization of model creation, with more developers and organizations engaging in…