welcome to the frog’s blog

Java 11 Licensing: What You’re Really Asking

There’s a bit of confusion in the market around Java 11 licensing, so it seems appropriate to share some thoughts and hopefully add some value by saving you the research. Disclaimer before we get going: of course, consult your legal and compliance teams before you make any decisions around Java 11 adoption or distribution. First…

It’s a Wonderful DevOps Life

In Frank Capra’s 1947 film, “It’s a Wonderful Life,” George Bailey wishes in the depths of his despair that he had never been born. So an angel shows him what that world would have been like. I sometimes feel the need of an angel, too. Not for the same reasons, of course. Our enterprise customers…

5 Signs You Need JFrog Enterprise+

The JFrog Enterprise+ platform we launched at swampUP last May really caused a stir in the industry heralding the liquid software revolution of continuous updates. The amount of interest and inquiries it generated shows that the platform truly addresses the pains that large enterprises are having in the end-to-end management of their binaries. But with…

JFrog Gives You DevSecOps in the Cloud, for the Cloud

You may have seen that we recently released a new version of JFrog Xray, along with releases of Mission Control and Artifactory. But one thing we’re super excited about is that this release train showcases that Xray is, for the first time, available in a pure cloud, SaaS model. Now you get to enjoy all…

Fearless Updates with JFrog Enterprise+: A Step-By-Step Demo

The JFrog Enterprise+ platform gives you a complete pipeline to control the flow of your binaries from build to production. Managing your software deployment end-to-end. The following screencast demonstrates a complete workflow from managing your JFrog services all the way to creating and securely distributing release bundles to target destinations. All part of the Enterprise+…

JFrog Xray Drills Deep Down into Your Docker Images

JFrog offers an end-to-end Docker security scanning solution covering the full lifecycle of your Docker images to manage development, vulnerability analysis, license compliance, artifact flow control, and distribution. JFrog Xray has access to the wealth of metadata Artifactory stores. Combined with deep recursive scanning, it puts Xray in a unique position to analyze the relationships between the…

Raising Helm – to Enterprise Scale

Reposted from the original which was posted on the AWS Open Source Blog TL/DR: Package managers in general are awful, but Helm, the package manager of Kubernetes, is… not bad at all. Of the seven deadly sins of package managers, Helm commits only two, and these are easily fixable. We’ll be explaining how below. We aren’t…

JFrog & Harness - Don’t Get Bogged Down with Continuous Delivery

Harness, a company that provides a Continuous Delivery as-a-Service platform, automates CD with machine learning and security. In this guest post, Stephen Burton, VP Marketing offers a primer on how customers use Artifactory, XRay and Harness together to accelerate Continuous Delivery. This post, also published on Harness.io, has been lightly edited from the original to…

Accelerate Azure DevOps or TFS with JFrog Artifactory and Conan

For some C/C++ developers, working within the structure of continuous integration can be an awkward transition. Running a CI server and the supporting tools to resolve dependencies, share packages, and manage binaries may be unfamiliar, and getting them to work together well can be challenging. C/C++ Continuous Integration Challenges Microsoft’s Azure DevOps (formerly known as…

Cluster Management Made Simple with JFrog Artifactory and HashiCorp Nomad

Many new technologies are laser-focused on cloud-native applications and architectures. However, not all applications are there just yet. Someone only reading trade press, may get the idea that all applications are there. The reality is that applications continue to take many forms, and will for a long time to come. It is refreshing to learn…

Managing Security Entities with JFrog Access

The Unsung Hero of Your Binaries’ Security JFrog Access is the sentinel that manages authentication and authorization for all JFrog services. Packaged and installed together with JFrog Artifactory, Access keeps your binaries secure by making sure that only authorized users can access them. And then, those that do access your binaries, can only do what…

Five Ways to Meet Deadlines When Developing with NPM

Node.js has risen to be the most popular development technology in use today. Don’t take my word for it, you can look at Stack Overflow’s 2018 survey. And if that’s not enough for you, pop into www.modulecounts.com and see how packages in public open source npm registries outnumber those from any other technology by a…

Two Models for DevOps - Rockets and Airplanes

More and more, agile enterprises require software development to function at supersonic, even interstellar speeds, turning around changes fast, yet safely. DevOps pipelines offer the best way, but what will you really need to fulfill that promise? Having a good way to understand the impact of CI/CD processes, and the role that container technologies like…

Tips and Best Practices for Developing with Artifactory on GCP

Hosting infrastructure on cloud-based services is becoming a standard in the tech industry. This comes as no surprise as multifaceted solutions for efficiency are the driving advantages of moving to the cloud. More specifically, some of the reasons that leave cloud solutions at an advantage include flexibility, cost and easier maintenance, allowing the team to…

The Unpleasant Surprises of OSS License Changes and How to Avoid Them

Three weeks ago a popular JavaScript tool Lerna underwent dramatic turmoil.  One of the original founders and maintainers of the Lerna project suggested changing the license from the ordinary MIT to “MIT with personal exceptions” in effort to prevent certain software companies, including Microsoft, Amazon, Apple, LinkedIn, Walmart, Target, Tesla, Xerox, Dell, and others, from…

Automation Using Webhooks in JFrog Artifactory

You (probably) already know that Artifactory, as your repository manager, plays a vital role in your CI/CD pipeline by bridging the gap between development and operations. Now, we’re giving you the option to use webhooks with Artifactory to automate your processes even further. Read on... First, what are webhooks? In the most simple terms, a…

Fully Automated Promotion Pipelines with SonarQube and Artifactory

This blog post is co-authored by Jonathan Roquelaure of JFrog and Fabrice Bellingard of SonarSource, and co-posted on the SonarSource blog Our previous blog post showed how to connect Artifactory and SonarQube to help make better decisions when it comes to deploying or delivering good quality software. With a pretty simple script added to your…

Cloud Is Not a Binary Decision

To cloud or not to cloud? That isn’t really the question anymore. In choosing a public cloud service, many businesses are finding that instead of just one cloud, they prefer a crowd. Enterprises face a dizzying array of choices in how to host their IT infrastructure, to find the best combination that matches business needs.…

Jenkins X: Code to Production in High-Speed

Following another year of successful Jenkins User Conferences (JUC) in France and Tel Aviv, bringing the Jenkins community together for one packed day full of announcements, this year the big news was Jenkins X. During his keynote talk at the Tel Aviv JUC, Kohsuke talked about the many different superpowers being shipped out to the…

You Have Docker - But Are Your Docker Registries Highly Available?

With Docker continuing to gain traction in production systems, and widespread use in pre-production, a company’s Docker registry can be central to its operations. This post explains how a high availability Docker registry can help companies avoid the enormous expense incurred when mission-critical systems go down. The Cost of Downtime Downtime is extremely costly, and…

Discoveries and a Release Management Plugin from JFrog

This is a repost of the original that was recently published as a guest post on the Atlassian blog. My time at Atlassian’s Bitbucket Cloud Dev Week proved to be very fulfilling, and not just for the cool code we produced. I’m excited about that too, of course. Using Bitbucket Cloud’s V2 APIs, I was…

Is Your Helm 2 Secure and Scalable?

Recently Rimas Mocevicius, a Kubernaut at JFrog and co-founder of Helm, spoke at our recent JFrog Helm meetup about the security issues relating to Helm 2 and offered an elegant workaround to secure your k8s cluster. Tiller Poses a Potential Security Threat In Helm 2, a new server-side component called “Tiller” was added. Tiller is…

Get Your License Compliance Reports with a Click of a Button

When releasing software, one of the key aspects you need is ensuring that you’re compliant and safe from any legal risks. Our previous blog post on DevOps and Compliance described how compliance can be a seamless part of the DevOps workflow in your organization. This blog post will address the way your company is enforcing…

5 Reasons You Should Be Using JFrog CLI

JFrog CLI is a useful compact client, which was developed in order to enhance and simplify command line interactions with JFrog products. In this blog post, I will present 5 reasons why you should be using JFrog CLI, and the most common use cases where it comes in handy with your Artifactory repository manager. Reason…

Gain Code Insights with JFrog Artifactory and Atlassian Bitbucket

At the 2018 Atlassian European Summit in Barcelona, Atlassian introduced a new UX in Bitbucket Server that empowers developers to be more productive. Called Code Insights, it gathers information from across the DevOps toolchain into Bitbucket’s pull request experience. On the heels of this news, JFrog is announcing a new integration that brings critical data…

Reusable Cloud Infrastructure as Code with Pulumi and JFrog Artifactory

This guest post is submitted by Chris Smith of Pulumi and is co-posted on the Pulumi blog. Pulumi enables you to specify cloud infrastructure with code. This empowers you to program the cloud in your favorite language, and benefit from useful and familiar features of coding like  static analysis, type checking, IDEs, and more. One…

How to Achieve Fully Traceable Builds with Drone

A build without build-info is like a black box. You don’t know what’s in it, what dependencies it uses, who created it, when it was created and with which tool. And then there are properties, tags and a host of metadata that gives the build its identity. Without build-info, your build is essentially useless. The…

Accelerating C/C++ in IoT with Conan and Resin.io

With Conan and resin.io you can rapidly prototype and build your IoT tool reducing your C++ management pains. Creating C/C++ apps for IoT devices is always challenging. It requires setup of the compiler and toolchain to cross-build for the embedded architecture, managing dependencies of the app, and deploying it in a wise way. Conan takes…

Top 10 Reasons Why You Need JFrog Enterprise+

  More and more companies rely on software to provide value to their customers through product or service updates, websites, mobile apps and more. Whether large or small, these companies can be in any industry segment such as financial, retail, manufacturing or healthcare. To keep providing value through software,  you need to continuously develop new…

Accelerating Software Delivery in the Cloud

So you’ve decided to take your development to the cloud. That’s a smart choice as cloud automation offers the speed and agility businesses need to keep pace with competition and ever-changing market demands. Cloud DevOps tools offer greater flexibility, rapid deployment, reduced IT costs, and low upfront costs with subscription pricing. Cloud-based offerings are a…

12 Reasons You Don't Need Software Artifact Management

0. You have no code. If you have a project, which has no code, you don’t need to manage any artifacts. Well, you don’t need CI, you don’t need runtime, all you need is a bug tracker. And Kelsey, thank you again for the fun! 1. You have no users. If your software has no…

You have Docker; Now are your Docker images secure?

This is the second blog in our series on Docker. In our initial blog called You have Docker; Now what?, we discussed the reasons for using a universal binary repository when implementing Docker to production with confidence. It’s great that you're using Docker, but managing security vulnerabilities is vital to ensuring your Docker environment is free…

Delivering Shift-Left Security with NeuVector and JFrog Xray

Bringing Kubernetes app security insights to developers This post is co-authored by Craig Peters of JFrog and Henrik Rosendahl of NeuVector and is also cross-posted on the NeuVector blog. Kubernetes, the container and orchestration tool favored by enterprises, provides great benefit in automating many aspects of application deployment at scale. But, like any emerging technology,…

You have Docker; Now what?

Almost all organizations developing software today use Docker. However, there are some that still don’t have confidence to take Docker to production. Let’s take a closer look at two main challenges behind this hesitation, which are visibility into the Docker images and where/how they are managed. Challenge 1: What’s in your Docker images Docker images…

Xray Policies: Govern Your Software Supply Chain with Ease

In modern software, there are many important aspects to governing software. You no longer only care for the quality of your own code, but also care for the quality, security, integrity, legal and other aspects of the open source packages that you use. The knowledge of how to handle the risks in these quality domains…

DevOps and Compliance; A Match Made in Heaven

Like the Borg in Star Trek, compliance can strike alarm in one’s heart. And resistance is (for the most part) futile because regulations are just another component of doing business. In any organized civil society, we’re all required to comply with rules of one sort or another. Sometimes those rules and regulations really are burdensome.…

From Code to Cloud with JFrog Artifactory and Azure AKS

Our Kit Merker, VP of Business Development, recently made a guest appearance on the Azure Friday show on Microsoft's Channel 9, showing how to use JFrog Artifactory as your repository manager with Azure and the importance of a Kubernetes Registry. Kit demonstrated the seamless flow from code to cloud, that includes JFrog Artifactory and DevOps…

Twistlock and JFrog Steer the Container DevSecOps Seas

Twistlock and JFrog have partnered to provide continuous scanning and security for your builds. Twistlock directly integrates with JFrog Artifactory, which provides a fully automated Docker promotion pipeline for maintaining your Docker registries. What is Twistlock? Twistlock is a versatile security solution that works well with the Kubernetes container orchestrator and integrates smoothly with JFrog…

Accelerate R Package Development with Artifactory CRAN Repositories

'R' You Ready to Take the Leap? R is the leading statistical language used for statistical computation and graphics used by data scientists and data analytics to extract meaning from data. The Comprehensive R Archive Network (CRAN) serves as the package manager for R providing easy package install, the option to store multiple versions and…

What To Think About When Thinking About Onboarding Artifactory

If you’re reading this, you have probably decided to add Artifactory into your Software Development Life Cycle (SDLC) / CI and would like to understand the key points to consider for implementing this integration. In this blog post, we’ll review the high level aspects you should address when introducing Artifactory into your environment and CI/CD…

Containerize Node Microservices Using Atlassian Bitbucket Pipeline and JFrog CLI

Did you know? Atlassian provides tools to help development teams more effectively collaborate and deliver software fast. Atlassian introduced Bitbucket Pipelines in 2016 to automate continuous integration in a seamless way with the git repository. As Bitbucket Pipelines has matured we’ve seen more of our customers taking advantage of its ability to easily integrate CI/CD…

Latest Helm Chart Enhancements from JFrog

Google introduced Kubernetes (k8s) as an open-source container-orchestration system for automating deployment, scaling, and management of containerized applications less than four years ago. Since then it has been gaining rapid popularity. Today, it is being used in a number of vendor solutions including Microsoft for its Azure Kubernetes Service (AKS), Mesosphere for its DC/OS, Pivotal for its…

10+ Reasons to Use Artifactory as your Docker Registry

There are  so many good reasons to use Artifactory as your Docker registry: The recently-released Package Viewer emphasizes the most relevant metadata with the look and feel of a native Docker registry JFrog CLI lets you build Docker images with exhaustive build information and upload them to Artifactory JFrog Xray will do a deep recursive…

Deploy JFrog Artifactory High Availability Using Azure Resource Manager Templates

Why Use Microsoft Azure Services? Microsoft Azure services is used by many companies and government agencies for their software development and hosting infrastructure needs. Development teams can quickly set up and dismantle development environments and IT operation teams can quickly host their production software. It helps to avoid complexity and expenses in procuring and managing…

Artifactory: Your NPM Registry for Bit

We’re always excited to see the different ways Artifactory gets used. Bit (bitsrc.io) is a platform built to increase code reuse and reduce the overhead around it. It lets you isolate “bits” of Javascript source code from existing projects, share them with your teammates and the developer community, and use them as NPM packages by…

Use JFrog Artifactory to Deliver Software with Confidence to AWS EKS

AWS is launching the Amazon Elastic Container Service for Kubernetes (Amazon EKS) and is announcing JFrog as a proud integration partner. Over the past year, it seems that even companies that weren’t in the first phase of Kubernetes adoption are now joining the party. JFrog has been a key part of the container movement, launching…

swampUP 2018, RELOADED

If I had to summarize swampUP 2018 in one word, it would be “opportunity”. It was an opportunity to hear about the latest developments in DevOps and learn what the future holds from industry leaders in the biggest companies such as Google, Amazon, Microsoft and Netflix. It was an opportunity to share knowledge and experience…

Kubernetes Registry for Azure Container Instances (ACI)

What is an Azure Container Instance? Microsoft Azure Container Instances (ACI) offers users a fast and simple way to deploy container applications in the cloud without provisioning virtual machines or having to adopt a higher-level service. Using ACI, you can scale and orchestrate operations by deploying a Docker container that pulls a Docker image from…

Manage Your Docker Builds with JFROG CLI in 5 Easy Steps!

JFrog CLI is a useful client that provides a simple interface that works smoothly with JFrog Artifactory and Jfrog Xray. The simplified CLI commands enable you to create readable automation scripts that are easy to maintain, efficient and reliable. From version 1.14.0, JFrog CLI has extended its support to manage Docker builds, in addition to its…

Leap into the Universe of Fearless Updates

Most of us work in a modern company whose  survival depends, amongst other things, on how quickly we can release and update software. One might argue that this is only true for technology companies, but in reality, whether you are a financial, retail, manufacturer or healthcare company, you’re probably developing software to maintain your products,…

Set Up Your JFrog Services in No Time!

JFrog Mission Control provides an easy way for JFrog administrators to set up, manage and monitor their Artifactory & Xray services using Configuration Scripts. Additional support, including Jenkins, will be available soon. Configuration scripts are written in Groovy and can be applied to one or more service at a time to perform a variety of…

Running an In-house Go Registry with Artifactory

The need for a Go registry Since its inception over eight years ago at Google, Go has emerged as one of the most popular languages used by developers and DevOps today, so much so that it was used to design and write both Helm and Kubernetes. The project’s 2017 survey of over 6,000 respondents showed…

SUSE and JFrog Accelerate Cloud Native Development for the Enterprise

Oh the things you can find, if you don’t stay behind!  (On Beyond Zebra!, by Dr. Seuss (1955)) It’s time to get Enterprise class Kubernetes to run your applications. SUSE enables organizations to accelerate app development by providing a platform that streamlines lifecycle operations for traditional and cloud-native technologies. SUSE enables you to deploy, manage,…

Deploy JFrog Artifactory in Canonical Distribution of Kubernetes

This blog post is co-authored by Craig Peters of JFrog and Stephan Fabel of Canonical. A free-to-use rapid way to deploy Kubernetes (k8s) is a critical building block for accelerating development team’s adoption. The Canonical Distribution of Kubernetes (CDK) delivers a pure experience across a wide variety of cloud infrastructures. This enables enterprises to rapidly…

The 3 Kubernetes Essentials: Cluster, Pipeline, and Registry

  This blog post is co-authored by Kit Merker of JFrog and Raziel Tabib of Codefresh, and is co-posted on the Codefresh blog. OK, so you’re adopting Kubernetes. Good choice. There is a dizzying array of good options to get a Kubernetes cluster up and running. But once it's there, how do you actually get…

JFrog Artifactory and ElectricFlow Accelerate Time to Market

JFrog and Electric Cloud have partnered to help customers accelerate software delivery, increase release quality, reduce delivery costs, and provide higher reliability and traceability to better compete in the market. Electric Cloud has developed a plugin that integrates JFrog Artifactory’s universal artifact repository manager that supports all major package formats (20+ languages) with their DevOps…

Use Terraform to Easily Manage Your Artifactory Infrastructure

Cloud-based solutions offer an abundance of opportunity to deliver potential game-changing possibilities for businesses. Your business can now deliver software at greater speed, and at a reduced cost. Cloud Deployment Challenges The Cloud is the way to go, but a cloud solution can be challenging when considering the various options available to you such as,…

Artifactory Cloud: Your Powerful DevOps Solution on AWS Marketplace

Increase software delivery and quality Gain universal support of development languages & DevOps tools Easily make Artifactory your Kubernetes registry You now have the freedom to use JFrog Artifactory. The most popular DevOps tool that was only available directly through JFrog, but is now available on the AWS Marketplace. The new offering is called JFrog…

swampUP 2018: A Technical Titan of a Conference

Have you heard about swampUP? If you’re not familiar with swampUP, then you have come to the right blog post.  I’d like to take a few minutes of your time to give you a perspective on what swampUP is, why you should go, and what you can learn.   swampUP 2018: What is it? It’s…

I Just Met a DB Called Maria

Checksum-Based Storage One of the key and unique features in Artifactory is checksum-based storage in which Artifactory stores an uploaded artifact’s checksum in a database and maps that checksum to the file’s location in storage. Using checksum-based storage optimizes your interaction with packages you upload through deduplication; copy, move and delete operations that happen at…

Relax, Your Binary JFrog Xray Vision is Highly Available

JFrog Xray provides continuous security governance and auditing of your software artifacts and dependencies at any stage of the application development lifecycle – build, test, and even production. JFrog Xray 2.0 introduces high availability, bringing even more security and governance to your software packages than ever before. Based on user feedbacks gathered over time, the…

Easily Scale JFrog Artifactory with AWS CloudFormation

Many businesses from small to medium companies to large enterprises are using Amazon Web Services (AWS) to host their infrastructure. But creating, keeping track of changes, and managing your infrastructure can be challenging. Replicating your entire stack multiple times for development and testing purposes can be a tedious, error-prone, and time-consuming process. AWS CloudFormation makes…

Conan Accelerates Your C/C++ Applications in OpenShift

C/C++ applications and build system scripts are monolith in nature. Achieving binary compatibility is becoming extremely difficult as applications include source information from a variety of local and third party sources, targeting a variety of platforms. Even classically monolithic applications may include a complex dependency graph, including transitive dependencies statically or dynamically linked. Another factor…

Gain Trust in Your Software Delivery with JFrog Xray

Universal analysis of binary software components has become an integral part of modern software development. This has been triggered by the growing need to trust the software you consume, and by the capabilities that various products offer in this space. JFrog Xray Integration with Artifactory With the release of JFrog Xray 1.12, you can experience…

JFrog @ Jenkins Days

Jenkins Days are upon us and JFrog is happy to be participating by sponsoring and giving a talk in both Boston (April 10) and Washington (April 12). Bruce Nguyen, JFrog Sr Solution Engineer, will talk about how "Binary Artifact Management is Crucial for any DevOps Implementation". In this talk he will cover the following topics: Binary…

JFrog Artifactory CE: Your Conan C/C++ Package Manager Repository

JFrog Artifactory Community Edition for C/C++ This product gives all the power and flexibility of the Artifactory repository for Conan and generic binaries to the C/C++ world completely free of charge to any software team. As the preferred Conan repository manager, Artifactory Community Edition features similar functionalities as the JFrog OSS edition, while containing support…

JFrog Artifactory: Your Kubernetes Registry

Composing software artifacts into containerized Kubernetes apps Containers let you simplify and manage your applications (especially microservices applications) at a level of abstraction from the specific hardware and even the VMs. As we’re seeing, a container orchestration system like Kubernetes lets you create apps and deploy them side-by-side without being concerned about compatibility between the…

JFrog and Google Cloud Platform for Open Source: A Year in Review

Open source projects are now influencing software development more than ever before. We are seeing communities grow and innovation being created through open collaboration across company boundaries. Building a community and working across boundaries is not an easy process, so Google and JFrog are working together to ease the way forward. In late 2016 we announced…

Effective Repository Naming Conventions to Help Scale Your Business

Why do I need a repository naming convention? How many repositories do I need? What should I call my repositories? These are just some of the commonly asked questions that are asked around the topic of how to get started implementing JFrog Artifactory repository structures and naming conventions. Creating the right repository naming conventions and…

Accelerate Your Finance DevOps Experience with JFrog Artifactory

Working closely with top financial services, such as Goldman Sachs, JFrog has gained insight for developing solutions that comply with the specific requirements and regulations facing DevOps teams in financial organizations. Promote Security and Compliance in DevOps To meet the strict regulations of the financial industry, JFrog Artifactory provides an advanced audit trail log feature that…

Snyk Up on Vulnerabilities and Eradicate Them

About a year ago, we introduced you to Snyk, when we integrated Snyk data for npm vulnerabilities into Xray’s global database. With the recent release of version 1.11, JFrog Xray extends support for Snyk opening up analysis for open source vulnerabilities tracked from public structured databases across multiple ecosystems: npm, java, ruby, python, scala, go,…

Migrate from Nexus to Artifactory and Manage Your Binaries Better

Many businesses today are using a Binary Repository Manager to manage their binaries and artifacts as it is critical to the delivery of reliable, quality software, faster, and at a lower cost to better compete in the marketplace. However, as their business grows and matures, requirements change and they find the need for a more…

Control Your Kubernetes Voyage with JFrog Artifactory

Containerized microservices encapsulate a lightweight and consistent runtime environment for your application to run from development to testing to final deployment and production. As the number of containers grow over time, you will need a tool to help launch, track, and manage them. Kubernetes allows you to quickly and predictably deploy your applications using containerized…

Protect Your Containerized Microservices on OpenShift Using JFrog Xray

In our previous blog, we described how JFrog Artifactory on OpenShift benefits enterprise users when deploying containerized microservices. Now we’ll take it a step further to review the main security challenges facing container content and container registries when developing microservices. We will proceed to discuss how policies are enforced while building and deploying containers on…

How to Debug Docker Registries Like a Pro

Everyone is talking about Docker registries, so let’s take a few minutes to talk about how to debug them. Here are a few tools in my toolbox that I can recommend for troubleshooting Docker registries. Docker in Docker Also referred to as “dind”, this official project from Docker offers Docker images for pretty much every…

The Most Exciting DevOps Event of the Year! Are you in?

JFrog’s annual swampUP event of the year is here! The DevOps user conference will take place on May 16-18, 2018, in the beautiful Napa Valley. This is your opportunity to network and learn how other DevOps experts leverage JFrog products along with best practices from other DevOps thought leaders who will also be there. This…

Container Optimized Workflow for Tectonic by CoreOS (Now Red Hat)

Following our recent blog on Artifactory's integration with OpenShift, you can now deploy your binaries hosted on Artifactory to Tectonic, another major enterprise-ready Kubernetes platform that specializes in running containerized microservices more securely. Artifactory integrates with Tectonic to support end-to-end binary management that overcomes the complexity of working with different software package management systems, like…

JFrog and Valiantys: Partners in DevOps

The integration between IT and development is a significant pain point for many teams as they start their DevOps journey. With the introduction of agile methodologies, the need to deploy more frequently and in shorter cycles has increased.  Yet, operations struggle to maintain the pace as “new” methodologies can create a bottleneck. Often, these development…

GitLab CI and Artifactory: On Your Mark, Get Set, Build!

Integrating JFrog Artifactory into your GitLab CI workflow makes JFrog’s ‘Release Fast or Die’ mantra, a living reality. This blog post describes how to integrate GitLab CI with Artifactory not only to resolve and deploy binaries but also to benefit from Artifactory’s Build Integration feature. Publish and manage your packages GitLab CI supports creating multiple builds…

JFrog Artifactory on OpenShift Has Arrived

More and more DevOps practices rely on Kubernetes to deploy containerized microservices. However, as an open source project, Kubernetes may not provide all the elements required for an enterprise environment such as business-level support, testing body or guided practices by a reputed entity/company.  To address these enterprise requirements,  Red Hat released Openshift, which is, essentially,…

Master Your Helm Chart Repositories in Artifactory

Following our initial release of Helm Chart repository support in Artifactory a few weeks ago, it's time to leap into the fast track and get your Helm repositories up and running. Just a short recap, Helm is the package manager for Kubernetes and helps you manage Kubernetes applications using Helm Charts. Artifactory now natively supports Helm…

NPM Packages with JFrog CLI

JFrog CLI is a compact and smart client that provides a simple interface and greatly simplifies working with JFrog Artifactory. The simplified commands enable you to create readable automation scripts that are easy to maintain, efficient and reliable. From version 1.13.1, JFrog CLI has extended its support to include npm packages, in addition to its…

JFrog's Profile Grows Alongside its Enterprise Business and Offerings

  Analyst: Jay Lyman 21 Dec, 2017 JFrog has grown its enterprise business with its flagship artifact management software, called Artifactory, as well as additional, integrated components centered on software distribution, security and large-scale DevOps implementation. Nearing 10 years in business, the software artifact and release process automator has built an impressive stable of large…

Conan 1.0. A Commitment to Stability

Conan joined JFrog towards the end of 2016, and we immediately embarked upon a journey to empower the C/C++ community with sound DevOps practices. Conan repositories were soon introduced to Artifactory giving C/C++ developers secure, private repositories to host their Conan C/C++ packages with fine-grained access control, automatic layout and storage for all platforms configured…

The Best Ways to Synchronize Binaries Between Globally Distributed Teams

Distributed software development has become commonplace, especially in large enterprises that have several sites in different locations around the globe. This presents many challenges to ensure that all the development teams work on a coherent and synchronized code base. For example: Ensuring that developers all work with the same version of remote artifacts Ensuring that…

Your Enterprise Grade Helm Chart Repository with JFrog Artifactory!

With the 5.8 version release, JFrog Artifactory now natively supports Helm Chart Repositories, giving you full control of your deployment process to Kubernetes - the leading open-source orchestration platform for automating deployment, scaling, and management of containerized applications. JFrog fully supports deploying Artifactory to your Kubernetes cluster to serve as a universal repository manager for all…

Your HA Installation and Upgrade Process Just Got Easier!

The HA installation and setup process has been redesigned to create a simple and even more secure infrastructure for your Artifactory HA clusters. Through the use of a Master Key, Artifactory adds a new security layer that replaces the previously used Bootstrap bundle mechanism, which is now deprecated. JFrog Artifactory handles all configuration and encrypted…

A Journey Into Modern DevOps and Continuous Integration in C and C++ Projects

  C and C++ continue to be used and favored by many developers in all industries. However, when compared to other languages, C/C++ developers face greater challenges that include: long build times, diverse platforms and ecosystems, different build systems, binary compatibility, code inlining and embedding, and lack of standard for OSS. This featured DevOps.com article…

[Case Study] Supporting Multiple Disparate Tools While Optimizing Storage

The Mercedes-Benz brand immediately conjures up images of luxury and quality. We’d all be happy driving one, but beyond luxuries, Mercedes Benz is at the forefront of technology blazing the way forward in the field of autonomous connected cars. At the Mercedes Benz R&D facility in Sunnyvale (MBRDNA) research is conducted to add intelligence to…

Cloud Native CI/CD Pipelines using AWS CodeStar and JFrog Artifactory

Want to streamline your DevOps toolchain for a new project on the cloud? Want to manage, store, share, and version binary artifacts? It’s time to explore the composite solution offered by AWS CodeStar and JFrog Artifactory. When deciding to kick off a new project, technology companies and enterprise solution providers often run into walls when…

JFrog Artifactory Cloud Wins the Repository Challenge

Exactly one year ago, we launched our joint initiative with Google offering JFrog Artifactory Cloud hosted on Google Cloud Platform for free for selected open source projects. Since then, dozens of projects have been approved, and with the free open source hosting provided by JFrog and Google, are now able to put their efforts towards serving…

Easy CI with JFrog CLI

Continuous Integration is one of the foundations of a modern software supply chain. Most organizations wouldn’t consider developing software without one. The problem is that these sophisticated platforms require some expertise to set up and manage and usually require a dedicated server, an administrator and other resources. And to make things more complicated, different development…

JFrog and Kubernetes. Our Cloud-Native Journey Continues

Here at JFrog, we are avid users of Kubernetes in our various development efforts and in our different environments. That’s why we’re proud and excited to join the Cloud Native Computing Foundation so we can now also contribute from our technology and know-how. Learn more about our membership in this recent press release. JFrog benefits greatly…

JFrog Mission Control 2.0

Global Teams, Scale and Visibility For any product, a version 1.0 release must promise innovation in order to fill a gap or resolve a pain that nobody has addressed yet, otherwise, there is no justification to develop the product. This is what JFrog Mission Control did when it was first released. Mission Control 1.x started…

Google and JFrog Announce Grafeas: A Unified Language for Artifact Metadata

Today, Google and JFrog announce Grafeas, a first of its kind open source API that enables comprehensive auditing and governance for your software supply chain. Grafeas standardizes how you store, query and retrieve metadata attached to software artifacts. In particular, it provides rich auditing capabilities and acts as a central source of truth for organizations,…

Your Safe Repositories Just Got Safer with SHA-256

Artifactory was uniquely designed from the ground-up to optimally manage binaries with the capability to efficiently support packages in any format. One of the key features enabling this flexibility is Checksum-Based Storage. While all artifact files are stored and managed in one of the several options for binary storage supported by Artifactory, the files’ metadata,…

[Case Study] Before and After JFrog Bintray: Automating Package Distribution

Distributing large amounts of software packages? Interested in automating your distribution process? JFrog Bintray can help you make it happen. This case study will take you through James Ward’s personal journey of developing an automated process for on-demand deployments of WebJars, that are created, distributed and available within the community. His WebJars project was made…

Use File Specs in your CI/CD To Get Full Control of Your Artifacts

Getting creative with how you manage your artifacts in JFrog Artifactory? It's time to get familiar with File Specs. File specs allow you to specify the files you want to upload and download to and from Artifactory with a simple configuration. With only 2 mandatory fields, source (referred to as pattern) and target, you can…

The ABCs of Distributing Android Libraries

Bintray’s central repositories, JCenter and Conan-Center, are binary hubs for public OSS Maven and Conan (C++) packages respectively. They offer a great channel to distribute your public OSS packages. Having been around for a while, JCenter has become one of the most comprehensive sources for public OSS Maven packages, and is the channel-of-choice for many…

Vulnerability Detection For Your CI/CD Pipeline with JFrog Xray

My previous blog post talked about discovering vulnerabilities in your dependencies directly from within your IDE. However, sometimes this approach discourages the developer from doing their work and consequently reduces their productivity. Let’s take a look at how you can continue to detect vulnerabilities, as early on in the CI/CD process as possible, without interfering…

Real-Time Security Notifications at Your Fingertips with IntelliJ IDEA

JFrog has just made it even easier to identify securities and vulnerabilities in your dependencies directly from within your IntelliJ IDEA. This initial version of the JFrog IntelliJ IDEA plugin provides you critical insights as early as in the development phase, making it even less likely for vulnerable components to ever reach production. Through this…

Leap Forward and Be Proactive with DevOps Insights

Today, companies are adopting modern DevOps tools and practices at a rapid pace to increase high-quality software throughput and reduce inefficiencies (or as we call them, leaks) in the software development and delivery process. However, in most cases, there are very few metrics to prove that these DevOps-enabled pipelines are really performing better. So how…

Managing Software Updates “the DevOps Way”

At a recent DevOps event I attended, I spoke to some members of the DevOps team in one of the largest US banks. The discussion centered around patches and software updates in a Dockerized environment with many files and microservices. It didn’t take long to pinpoint their pain. “How do you manage software updates in…

Artifactory Enterprise. First-Class Artifact Management. Globally. At Scale

An Artifactory Enterprise license opens up a variety of unique and advanced features that offer solutions to real-life problems that global enterprises encounter. We document these features, and write blog posts and white papers about them, but being a community-driven company, there’s nothing quite like seeing people actually using these features in the field as…

Embracing DevOps and CI in C/C++ with Conan and Jenkins

This featured Jenkins blog post will show you how it’s now possible to implement DevOps best practices for C/C++ using Conan the C/C++ package manager, Jenkins CI, and JFrog Artifactory. Also included are code samples demonstrating how to define your own pipeline scripts to adapt to your specific workflows, using Jenkins Pipeline, Conan and JFrog…

Content-Driven Component Analysis

JFrog Xray was first released one year ago. Our first post about it highlighted what makes Xray more than just another security scanning tool. Over the last year, we have introduced more differentiating features like download blocking, integration with more security vulnerability providers like Aqua Security, Snyk, and BlackDuck, integration with your CI/CD pipeline to…

Monitoring and Optimizing Artifactory Performance

As Artifactory usage increases, its resources can gradually become depleted, causing hiccups or hits in performance. When usage increases, so does the importance of monitoring your system and its historical data. Monitoring usage patterns is an essential first step to optimizing Artifactory and ensuring its stability. Here, we would like to share with you some…

Artifactory 5.4: There’s More to it than Meets the Eye

In our product releases, we like to make a splash with the latest new features. Usually, these are features that you access through Artifactory’s UI or its REST API. Not this time! This time, the most significant addition to Artifactory 5.4 is invisible (well, sort of). I say “invisible” because outwardly, there’s no change in…

Clean Up Your Git LFS Repositories with JFrog CLI

Git has become an industry standard for source code control. However, it is not designed to store binary files efficiently, and storing large binary files in a Git repository can quickly inflate it, making it sluggish to respond. This is where Git LFS comes into play. Git LFS is a Git extension designed to accommodate…

Track Your Resource Allocation Globally

The recent release of JFrog Mission Control v1.11 has opened up a new dimension in the management of your global artifact workflow. For the first time, Mission Control lets you track and monitor how your resources are being used with the new Storage / Artifact Usage graph. Knowing how much storage the Artifactory instances you…

Increase your package visibility, the social way!

So, your binaries are hosted on Bintray and you are watching your package download stats grow. It's time for a boost! Two great new features online today; they might be small but they are powerful in spreading the word about your packages, or packages you like. The Latest Download Image Add a Download Link badge…

Speed Up Your Gradle Builds with JFrog Artifactory

Gradle introduced a cool built-in feature that lets you cache task outputs. Why is this cool? Because it reduces build time. How? By sharing the output of Gradle tasks between machines, subsequent builds are accelerated since they can reuse those outputs instead of rebuilding them. Now, this is where it gets even cooler. This feature…

Don't Let the Maven Deploy Plugin Trip You Up

Apache Maven is a commonly used build tool. It has many cool features such as default processing steps that are included out of the box, and is particularly good for compiling and packaging Java code. But this blog post is not an introduction to Maven. There are plenty of great books that provide that, and…

Time is of the essence: Make an impact using Firehose Events

Have you ever experienced the drive you get when you act on a sudden opportunity that really makes a valuable impact on something? On the other hand, have you ever experienced the disappointment of a missed opportunity? Let’s face it, every user action can be translated into a short window of opportunity that requires our…

JFrog Bintray Adds Support for Conan C/C++ Repositories and Launches Conan-center Managed Central Repository.

We are very excited to announce support for Conan repositories on JFrog Bintray, the Universal Distribution Platform. Currently serving more than 2 Billion downloads per month, Bintray offers developers the fastest and most reliable way to publish and consume software releases.  In addition, JFrog will soon launch conan-center which will become the central public repository for…

Like C/C++ Development with Visual Studio? Like it Better with Conan.

Microsoft’s announcement of a Vcpkg was the dawn of a new era in package management for millions of developers using Microsoft Visual Studio for C/C++ projects. But while it’s great for retrieving and building OSS libraries from sources, it has limitations when trying to build user projects. Limitations such as the inability to manage (building,…

Why OpenMRS Migrated from Sonatype Nexus to JFrog Artifactory and Bintray

OpenMRS, the collaborative open source project to develop software that supports the delivery of healthcare in developing countries, recently announced that they have migrated from using Sonatype Nexus and Maven Central to JFrog solutions Artifactory and Bintray. “It all worked out great and we did not hear about any single issue from developers after the…

Enterprise Level Access Control with Keys and Entitlements

“Private repositories”, “Teams and Organizations”, “Permissions”..., sounds like that’s all you need to provide secure private downloads. Well, not quite. Those are great features that fit the bill if your consumer is a Bintray user. But what if she isn’t? Well, then there are signed URLs. Those should do the trick. Just sign your file…

Love Your Logs. It Pays Off

“My Artifactory won’t start”; “I see some lag”; “My artifacts are missing”; “I get issues when Jenkins tries to pull/deploy artifacts”; “I am getting 404 / 401/ 403/ 500 /409” … These are just a few of the common issues I hear from our customers. Very basic issues; right? We can triage them in a…

AQL and JFrog CLI: A Match Made in Heaven

One of the big advantages of running builds using JFrog Artifactory is the exhaustive build information that is created by many sources and used within your organization. However, as your organization continues to grow, efficiently leveraging and managing this amount of data becomes critical. It is very easy to simply use up valuable storage space…

OpenShift with Artifactory: A Powerful PaaS with a JFrog Stack

If you’re containerizing, cloudifying, and doing DevOps, you want your tools to work together nicely so you don’t have the headache of managing infrastructure. We are making it even easier to make your enterprise-grade devops environment work great with JFrog Artifactory on OpenShift - Red Hat’s container platform based on Kubernetes. Because you can run…

Closing the Release Velocity Gap with Datical and Artifactory

Many companies have already made the transformation to agile development methodologies and proudly show how they’ve managed to shorten their application release cycles significantly. But there’s one place where companies often falter in the process: their databases. They can’t update their database implementations as quickly as they update their applications creating a release velocity gap.…

Fully Reproducible Builds with CircleCI and Artifactory

Most of you are probably familiar with the following scenario. You build an NPM package using CircleCI using dependencies that are fetched from the public NPM registry.  Suddenly, you discover that your package contains a major bug! You need to quickly rollback to the previous version, but discover that one of the dependencies from this…

Infrastructure as Binaries with Chef and Artifactory: Five Best Practices

  Infrastructure as Binaries became a reality several weeks ago when we announced that Artifactory supports infrastructure management platforms such as Chef. Both we, here at JFrog, and our infrastructure champions at Chef, believe that establishing a canonical Artifactory repository for all artifacts used in a company’s infrastructure such as Ruby Gems, NuGet packages, RPMs,…

What Makes a Dashboard “Premium”?

Once you’ve uploaded a package to Bintray, the one thing you want to see, more than anything else, is downloads. Without downloads, your package is like the proverbial tree that falls down in an empty forest, the proverbial sound of one hand clapping, the ... well, you get the picture. Bintray is happy to give…

Best Practices for Installing JFrog Xray

JFrog first released Xray in July 2016, and the response was phenomenal. Customers were very excited about the ability to hook up their Artifactory repositories and have Xray automatically do a deep recursive scan of their artifacts to weed out issues and vulnerabilities. Now, after several months, with the diverse experience and feedback from the many customers…

Collaboration is the Key to Scaling Development

When you’re building a DevOps environment, no single tool will solve all your problems. There is no magic silver bullet to streamlining your engineering team and shipping faster. There are many pieces that need to work together seamlessly to create a repeatable system for releasing high quality, high value software to customers. In fact, the…

A Cloud Platform for Defragging Devops

Many software organizations see DevOps as the silver bullet that will streamline their delivery workflow to help them produce software faster than ever before. So they start looking into the tools they will need, and then reality hits like a jab to right cheek. It starts with source control, goes on to CI/CD systems and…

The C/C++ Packaging Paradigm Quandary

Should a C/C++ package manager bundle both debug and release artifacts in the same package? Some developers think so because it’s easy to work with these packages by simply changing your configuration. But other developers frown upon this paradigm claiming it is not best practice. They claim that debug and release versions should be packaged…

Automatically detect vulnerabilities trying to creep into your builds

Security breaches, license issues, and denial of service attacks are all vulnerabilities that put your production systems at high risk every day! JFrog Xray makes your life easier by performing artifact analysis for you, enabling vulnerability detection before your code is harmed. How about automating this analysis process and integrating it into your CI/CD? This can…

Unleash the DevOps!

DevOps tools have come a long way. From virtual machines in dev and QA environments to those in production, and now Docker. The more we are charmed by the idea of hardware as a code, the crazier the things we are trying to do with it. Take the “immutable server” pattern as an example. In 2000,…

Frogs and Ducks, Your Sentinels for Open Source Security

  Black Duck Software creates products to secure and manage open source in applications and containers, eliminating pain related to open source security vulnerabilities and license compliance. The Tenth Annual Future of Open Source Survey they conducted in 2016, provided the numbers to prove many things about open source that we already knew. First and…

Artifactory Pro in Docker Easy as 1-2-3

With the new Artifactory 5.x, you can spin up an instance of Artifactory Pro in Docker in an instant! 1. On Mac or Linux, run the following command $ curl -L 'https://bintray.com/api/v1/content/jfrog/run/art-compose/$latest/art-compose?bt_package=art-compose' | sudo bash 2. Point your browser to http://<server>/artifactory/ and complete the onboarding wizard. 3. Start using Artifactory! NOTE: Data volumes on the host are…

SOS (Safe Open Source) with JFrog Xray and Snyk

Open source software is great. If you check almost every related statistic, you’ll find that usage of Open Source software continues to grow, from robust frameworks (angular.js, React) to databases (MongoDB) to simple things like string manipulations. But along with the benefits of using open source software, come the challenges. When you use an open…

The New Artifactory Docker Distribution

The recent release of Artifactory generation 5.x introduced many new features such as cloud-native storage and cluster license management for high availability, authentication, and authorization with access tokens, easy onboarding, and much more. In addition to new features, we also revamped our Docker distribution, completely redesigning it from scratch. Now, it’s much easier to spin…

Make Your Software Flow

Why Next Gen. DevOps Requires Strategic Thinking We live in an era where in order to survive, every type of company must transform itself into a technology company. Those who have not realized this yet have already lost the game. So, you’re one of those who survived the digital transformation? Congratulations, but that’s not enough.…

Automated EULA-protected Downloads

One of the great features of a Bintray Enterprise account is the ability to present a EULA when a user downloads one of your Products. That works well for the general case when the downloading user is a real person who can go through the Bintray UI and physically accept the EULA for publicly available…

Skill Up with DevOps Training at SwampUP

Team skills are directly proportional to project success Training and team talent are often overlooked as essential pieces of a project’s success.  Analysis from IDC research suggests that the skills of a team are directly proportional to the team’s ability to deliver successful projects on time and with high quality. “To maximize project success and…

Infrastructure as Code Binaries

The advent of cloud computing has made it very easy for IT and DevOps to quickly spin up any variety of environment needed. From small individual boxes that a developer may need, to large and complex production datacenters.  However, the ability to quickly and easily spin up environments, also opens up the risk of spinning…

The 5 Big DevOps Changes to Expect in 2017

Thoughts from the CEO desk 2017 started off with a DevOps bang; an enormous amount of capital was poured into DevOps technology companies by VCs, and larger-scale adoption of tools and methodologies was approved in this year’s IT budgets with the recognition that DevOps is a “must-have”. These changes follow a Gartner Report from 2016…

Accelerating DevOps with a Frog in a Sandbox

Here at JFrog, we say “Release Fast or Die,” but this doesn’t apply only to us; it goes for all enterprises who are facing intense pressure to become more agile and reduce costs. One way to do this is by moving to DevOps and taking an automated “as-a-service” approach to delivering infrastructure and applications. However,…

JFrog Xray CI/CD Integration Keeping Your Builds Safe

When was the last time you closed off a sprint, happily marking all user stories as DONE and uploaded the build to your staging environment only to find out the build was riddled with security vulnerabilities. Hmm...there’s a point for discussion in your sprint retrospective, and now it’s time to redo your sprint planning for…

Securely Onboarding Colleagues through SAML Authentication

Once you’ve created your Bintray account, getting your colleagues on board with permission-based access to your organization’s content is not always so easy. You want to use the most secure authentication available, so why can’t you use your corporate SAML server to authenticate your users? The answer is, now you can. If you configure your…

Xray and Aqua Keeping Your Containers in Safe Waters

While Docker has become all the rage, it is still a relatively new technology in the market. Many companies have introduced it into their organizations, but relatively few have taken Docker to production. One of the reasons is the security risk inherent in running a large set of containers, often based on open source code,…

Predictive Graphs and Notifications

In my last post about JFrog Mission Control, I introduced the new Graphs feature which shows how your instances and repositories have been consuming storage. Knowing your history can help you prepare for the future, but why should you have to second-guess what will happen? Mission Control now does that for you with predictive graphs.…

Whale Parts in Your Docker Registry

There are many good reasons why you would set up a private Docker registry in Artifactory to manage your Docker images. One of them is the ability to promote images, letting you easily move and copy images from one repository to another in your CI/CD pipeline while setting different access privileges. Another is Artifactory’s universal…

Keep Your Secrets Safe by Serving Encrypted Files

Once you have uploaded your content into Bintray private repositories, it’s pretty safe through Bintray’s management of users, organizations, and teams. But what happens when you need to send a private file to someone else? Signed URLs give you an easy way to do that. Just generate your URL signing key and use the URL…

IP Restriction with White CIDR and Black CIDR

Imagine this scenario. Your flagship product is doing OK; you’re getting downloads. Nevertheless, increasing sales is always a top priority, so you decide to create a free OSS version to boost usage and generate more awareness in the market. It’s also a great product, free to download, and is a great teaser for the upsell…

Developing for OpenWrt? Bintray Has an Opkg For You

OpenWrt is typically associated with network routers and similar equipment, and indeed the official OpenWrt website lists overs 1200 devices on which it runs. Network routers may sound boring (well, to some of us), but as the Internet of Things (IoT) continues its crusade around the world, many people don’t know that OpenWrt is also…

[Podcast] Artifact Repositories and Continuous Delivery Pipelines

Version control is one of the top two predictors of deployment lead time, deployment frequency and MTTR. Why is it so important for DevOps organizations? During JavaOne last September, I participated in an online panel on the subject of Artifact Repository, as part of Continuous Discussions (#c9d9), a series of community panels about Agile, Continuous…

Creating a Signed URL Using the Bintray UI

Creating a Signed URL is now available to you through the Bintray friendly User Interface, from start to end. If you are new to Signed URLs, you would rather check out this cool feature. Refer to the REST API Guide at URL Signing, and to the Sign me up! blog, discussing generating Signed URL using…

Manage your Bintray and GitHub organizations better together

Bintray's integration with GitHub is now moving to a new level with GitHub organizations! As a Bintray user who is also a GitHub user, you already know that you can import your GitHub repositories, tags, readme's, and release notes to Bintray. Now you can also import your GitHub organizations, the organization’s repositories, and even keep…

Who needs a EULA if nobody reads it?

As long as you’re distributing public open source software, you don’t need a EULA. Just choose from the over 100 open source licenses Bintray offers to get the level of protection you want. Once you move to distributing commercial software, you need a EULA. This is the contract that you make with all of your…

Publishing Your Maven Project to Bintray

Bintray gives you everything you need to share your Maven project, and much more: you will be able to monitor downloads and users with the statistics that Bintray keeps for you. You can also share your project via Bintray's JCenter repository (which is the largest public Maven repository out there), and effortlessly sync it with…

Feel secure with SSL? Think again.

Recently, we’ve heard a lot of discussion about the trust we place in public binary repositories. For example, Maven Central, a popular legacy repository maintained by Sonatype, was recently compromised by a successful MITM attack. In response, Sonatype set up an https access to central (removing the demand for a $10 donation to the Apache…

6 Reasons to Distribute Commercial NuGet Packages through Bintray

Developing on .NET? Then, most likely, you are no stranger to NuGet Gallery. It’s a great place to find public NuGet packages. But is it the best place to host and distribute your own private packages? With the recent addition of native support for NuGet, you can now point your NuGet client to Bintray and…

Catch that Millionth Download with Bintray’s New Statistics API

Want to know exactly how many times your packages have been downloaded? Bintray has always given you download statistics through its UI, but now you can also get them for professional repositories via REST API. Detailed statistics on downloads per version over any time frame give you deep insights into how your software releases are…

Is Docker Hub really the best way to distribute your images?

Docker is definitely one of the biggest things to hit the software industry in the last few years. Everyone is using Docker, and Docker Hub is growing rapidly serving over 45,000 images by now. But did you ever ask yourself if Docker Hub is really the best platform to distribute your Docker images. It stands…

Feeling secure with Bintray downloads

Remember our take on .asc files? The thing is, digital certificates alone cannot guarantee the identity of someone. To fully trust someone there needs to exist a reliable Web of Trust (WoT) that leaves little to no doubt that the signer is who he claims to be. So what’s the solution then? Use Bintray as…

Android Studio – Migration from Maven Central to JCenter

This post was originally published in Techno Talkative blog by Paresh Mayani. Feel free to comment here or there.   During the android workshop, in the office and in the chat with some of the android developers, I have received some questions around build script and repository: Why earlier versions of android studio were using…

Enjoy Bintray and use it as pain-free gateway to Maven Central

What does it means when some tool or framework has literally dozens of guides, pages long each? It probably means that it is popular, or complicated to use. Usually, both. That’s the story of Maven Central (a.k.a. Central Repository, a.k.a. repo1, a.k.a. ibiblio). Of course, there is a better alternative nowadays - Bintray is already…

Sign me up!

Bintray Premium gives you cool new features such as private repositories, permission management, more storage and so much more. One of the biggest benefits of using a Premium account is the ability to create expirable, signed URLs for your repositories’ content. Signed URLs you said? What’s that? A signed URL is an obscure URL with…

Nodeclipse: 500k downloads per month and counting!

[caption id="attachment_373" align="alignright" width="140"] Paul Verest[/caption] Paul Verest, the Nodeclipse project lead posted to the Nodeclipse blog about his experiences with Bintray. He talks about how the Bintray distribution platform freed up resources to take care of the truly important things - driving Nodeclipse and Enide Studio forward! The main benefits Paul mentions are: Speed…

Hosting your Eclipse update site (P2) on Bintray.com

Did you know you can easily host your Eclipse update site on Bintray.com? After registering to Bintray (and optionally, creating or joining an organization), it's as easy as 1-2-3: Use the predefined 'generic' repo (or create a new one) if you are generating a plain P2 update site, or 'maven' repo if you are generating…

Download stats and logs - now with deep user insights

Ever wondered who exactly downloaded your software? I don’t mean just “someone from the United States.” I’m talking about getting down to the organization level in terms of “someone from Acme Corp. NY office”. Now you can get this information, from Bintray: This information is available for any package type for Bintray Premium users, but…

Bintray + GitHub = Synergistic Love Story

First things first - Bintray is not a competitor of GitHub. They complete each other, not compete. Here's how (I love vienn diagrams): [caption id="attachment_98" align="alignnone" width="300"] Click to enlarge[/caption] Bintray is an organic next step for developing software at GitHub - once your sources are built - distribute them from Bintray. Our job is…

5 Things You Should Know About Docker Registries in Artifactory

As a universal artifact repository manager, Artifactory is, among other things, a fully fledged Docker registry. In addition to storing and managing Docker images, Artifactory also offers extensive integration with your CI pipeline, supports authentication through external providers, high availability, massively scalable storage and is constantly updated to support the latest Docker client version and…

Push the Limits of Virtual Repositories

Our recent Developer and DevOps Trends 2015 survey showed that anyone using Docker also uses additional technologies. I’ll let you in on a little secret. That’s true in general, not just in relation to Docker. The vast majority of developers work with several different technologies at once. So most (if not all) of you are…

Sweet Dreams with Open Source Licensing

Has your release ever been held up due to open source licensing issues? Here’s a true story. In one of my previous jobs, the company I was working at was acquired by an industry monolith. It was a dream-come-true for this startup. There was cheering, happy smiling faces in the corridor, and much revelry. A…

JFrog CLI Offers Fully Reproducible Builds For All

One of the big advantages of running builds through Artifactory is that it stores exhaustive build information generated by the different plugins used with common build tools. This is the “Bill of Materials” that lets you fully reproduce any build even if it has already been deployed to production. It includes everything from artifact versions…

Historical Data and your Instances’ and Repositories’ Future

I never liked history in school. I was more interested in the latest technological developments and what the future had in store. What I didn’t realize at that time was age-old saying  that (paraphrasing) you have to know your history to understand where you’re going. The same is true of your Artifactory instances and repositories.…

[Podcast] How to Achieve Continuous Software Delivery Using DevOps Tools and Methodologies

Listen to this podcast recorded at JenkinsWorld 2016 in which Fred Simon and Sacha Labourey talk about how to achieve continuous software delivery using DevOps tools and methodologies including Mesosphere, Kubernetes, Vagrant, Docker, and Swarm.  Learn why JFrog Artifactory is the leading Universal repository manager that helps your teams automate the development processes and expedite…

JFrog Artifactory Cloud on Google Cloud Platform (GCP)

Through a special initiative to support the open source community, JFrog Artifactory Cloud hosted on GCP is available at no charge, jointly sponsored by JFrog and Google, for qualified open source projects. Register now > Last May we announced a collaboration with Google to host our JFrog Artifactory Cloud solution on Google Cloud Platform (in…

Stay in Context, See the World

New release, new features! Focus on what's important You know, Bintray supports various repository types, like Maven, YUM and Debs, and more types to come. But sometimes all those goodies are just too much. You want to see and search for only certain type of packages (e.g. focus only on Maven jars to use Bintray…

Conan Joins JFrog

Conan.io, our favorite C/C++ package manager has just leaped into JFrog. This is one more great chapter in our story which began a few years ago, when JFrog products took a universal approach to provide developers the freedom of choice, using any technology they chose. With the recent addition PHP Composer, JFrog Artifactory currently supports…

No Internet? No Problem. Use Artifactory with an Air Gap

Virtually all development organizations need access to remote public resources such as JCenter, NuGet Gallery, npmjs.org, Docker Hub etc., to download dependencies needed for a build. One of the big benefits of using Artifactory is its remote repositories which proxy these remote resources and cache artifacts that are downloaded. This way, once any developer or…

Using Satis and Packagist for PHP Development? Think JFrog Artifactory!

If you’re developing server side code in PHP, there’s a pretty good chance you’re using PHP Composer to manage your dependencies and getting 3rd party components from Packagist. To host your internal private packages, you might be using Toran Proxy or your own Git repository. You might even be using open source Satis for your repositories.…

Blocking Downloads with Artifactory and Xray

Nobody wants to get sick, so we’ll wear jackets when it gets cold, take our vitamin C and avoid going out in the snow with wet hair. We all do different things to stay clear of nasty viruses and bacteria because we know that the loss in productivity and efforts we’ll have to make to…

JFrog CLI Working Files From Both Ends

Since JFrog CLI was introduced about a year ago, its popularity has skyrocketed in the CI community. When we asked our users what they liked most about JFrog CLI, the message we got back was clear: Simple, Native, Efficient. Simple: It’s simple and intuitive to use, and onboarding only takes a few minutes. Native: It’s…

JFrog, Proud Partners in DevOpsExpress

DevOps has become one of the hottest buzzwords to hit the software industry. Everybody is talking about DevOps, and everybody is supposedly doing DevOps, but there isn’t really a solid definition of DevOps that has caught. Nevertheless, if you look up a few different sources, they all talk about collaboration between developers and IT operations that…

It's Your Content, Claim The Logs For It

Improved statistics we introduced last month give you much more information about the users that download open source software you publish than any other binaries distribution platform ever. But why stop there? What if you want even more? One of the most powerful ways to slice and dice your download stats is to play with…

Introducing New and Improved Statistics

Bintray’s latest version introduces an upgraded graphic downloads statistics feature. Now you can view the statistics of all package downloads segmented by date, version and country. You can view the download stats for the last 24 hours by hour or select a wanted date range within the last 30 days. For unbounded date range download…

MBeans, MBeans They're Good For Your Heart

Some of you may have gotten a giggle from the title of this post, remembering that children's song  about beans that many of us would gleefully sing every time one of our friends "let loose". But the truth is, MBeans really are good for your heart, especially if you have to monitor a multitude of…

[White Paper] Developing Fast with CocoaPods

CocoaPods stepped into the realm of Xcode development to take dependency management from the domain of tiresome and tedious to make it simple and easy. Nevertheless, working with CocoaPods presents the challenges that are typical of working with any dependency manager that uses remote resources like Pod and Podspecs repositories, such as network or repository…

IT IS TIME TO TRUST YOUR SOFTWARE!

JFrog Xray - not just another security vulnerabilities scanner. We have just officially launched JFrog Xray, and were already asked by customers why we think JFrog Xray should be used instead of $YOUR_FAVORITE_SECURITY_SCANNING_TOOL. Is Xray like Black Duck? Maybe it’s like Docker Security Scanning? Maybe it’s similar to Sonatype Nexus Component Intelligence? Before getting into…

Repository Log Analytics At Your Fingertips

Friday, late afternoon, and everything seems to be running smoothly. The weekend is just around the corner, so you lean back in your chair and start to plan all the fun you’re going to have. Suddenly, your phone screen lights up. An instant message from your boss that says, “Hey, some of the developers are…

Disaster Recovery Built Into Centralized Repository Management

Planning for Disaster Recovery is a bit like insurance. You know you need it so that when the 5#!7 hits the fan, you’re ready with a plan Artifactory sits at the heart of critical software development processes in any organization that has realized the need for advanced artifact management. Depending on who (or which CI…

Increase your Maven Package’s Exposure by Adding it to JCenter

If you already distribute your Maven packages via Bintray, your packages can gain further exposure by including them in Bintray's JCenter! (if you are not very familiar with Bintray’s support for Maven, please refer to the user guide and to my previous post). JCenter is the repository with the biggest collection of Maven artifacts in…

swampUP Announcements. Extra! Extra! Read all about it!

New announcements at swampUP JFrog Product Announcements: JFrog Xray:  JFrog Xray is the first universal impact analysis product, giving organizations an unparalleled level of understanding about all of their container images, software packages and binary artifacts, even with the huge volume and variety of components that development teams share in the software build and distribution…

Empowering Azure DevOps /TFS with JFrog Artifactory

For those of you familiar with JFrog Artifactory and its integration with CI servers, you know that we have plugins for Jenkins, TeamCity and Bamboo that integrate and capture information from the CI server to provide full traceability between artifacts and their origin. We also have an integration with MsBuild which allows you to capture…

Empowering BitBucket Version Control with Promotion and Distribution

We're pleased to announce the integration of JFrog Artifactory and JFrog Bintray with Atlassian Bitbucket. This integration provides a unified dashboard that visualizes the entire release pipeline from commit, through CI, quality gates and release for distribution. The JFrog Bitbucket add-on lets you monitor a build pipeline that is flowing through Bitbucket -> Bamboo -> Artifactory -> Bintray. This…

The Benefits of Package Search in a Universal Repository

We don’t call Artifactory the Universal Repository Manager for nothing. You can now search for any package using search criteria specific to the package type. Looking for an image in your Docker registry? Specify its name, and/or its tag, or you can use its digest for a more specific search. Lost an Npm package? Search…

Migrating from Nexus to Artifactory

Migrating from Nexus to JFrog Artifactory is very simple by using nexus2art migrator. The migrator provides a user friendly wizard like interface for transferring everything in your Sonatype Nexus instance repositories, artifacts, users, and settings to an Artifactory instance. Easy setup Migrator tool requires an initial setup (i) to connect to your Nexus and JFrog…

Optimizing Repository Security and Performance with Include and Exclude Patterns

Repositories are the building blocks of Artifactory, and there are three basic types: Local repositories are where you store your in-house artifacts; remote repositories proxy remote resources and cache artifacts downloaded from them (e.g. JCenter, Nuget gallery, repositories in other Artifactory instances and others); and virtual repositories aggregate both local and remote repositories under a…

Taking Docker to Production with Confidence

Many organizations developing software today use Docker in one way or another. If you go to any software development or DevOps conference and ask a big crowd of people “Who uses Docker?”, most people in the room will raise their hands. But if you now ask the crowd, “Who uses Docker in production?”, most hands…

"Database is wrong for you" and all that FUD

Update November 2015: Sonatype introduces abstract blob storage in Nexus 3, almost completely mimicking Artifactory's checksum-based storage that they have been criticizing for years. Talk about leaders and followers. Checksum-based storage. It’s one of the key features that makes Artifactory better than the competition. Here is the typical false claim made by Sonatype (creator of…

If You're Not Using Git LFS, You're Already Behind!

The popularity of the Git version control system among developers has grown consistently over the last few years, with many Subversion users making the switch to Git's 'file system snapshot' approach, which differs from the 'file change logging' approach of classic VCS software. Git's Little Problem - Large Files However, Git was originally meant to…

JFrog Mission Control, we have lift-off!

It’s not every day we get to announce a brand new product, so we’re really excited with our first release of JFrog Mission Control. Why did we build Mission Control? Because it’s in the spirit of our long tradition of listening to our community. With more and more enterprises setting up more and more clusters…

[White Paper] JFrog Mission Control

As enterprises ramp up their use of JFrog Artifactory, and install multiple servers at globally distributed data centers, monitoring and managing the global binary workflow becomes more and more challenging. JFrog Mission Control overcomes these challenges by providing a centralized management console for global Artifactory instances.

Filestore Management In The Age of Petabytes

Artifactory 4.6 was released last week, and along with adding Google Cloud Storage to the already extended family of storage providers, introduces support for the most complex storage configuration needs of any company in today’s world of binaries management. This will make your filestore management much more reliable and flexible, allowing you to mix n’…

Tracking New Java Libraries Has Never Been Easier!

Want to know when a new version of $YourFavoriteJavaLibrary is released (and I mean - any Java library)? With Bintray, it's one-two-three. Go to bintray.com and search. [caption id="attachment_252" align="alignnone" width="300"] Click to enlarge[/caption] Click on the package you'd like to watch. [caption id="attachment_251" align="alignnone" width="300"] Click to Enlarge[/caption] Click "watch", (log in if needed).…

Hot on Bintray: Package Merging

We have recently introduced package merging: several packages from the same repository can now be merged into one. This is extremely useful when you have existing packages that are not aligned properly. For example, when you have many small technical packages (modules) that are logically one, single package, often using the same version scheme. Such…

[White Paper] DevOps Without a Binary Repository? A Nightmare!

As the grease in the wheels of any software development machine, DevOps is a critical to keep development running smoothly. But to do that, DevOps engineers must efficiently manage an ever-growing matrix of binaries, environments and geographically distributed sites to ensure a smooth application workflow. Wanna wake up from the nightmare? Read/download the white paper.

Be the First to Know. Really.

So, you have an early-2000 style repository, like Maven Central: And let's say you are very, extremely interested to know when the new version of netty comes out.  We understand, it's a natural addiction. How can you do it? Here are some ideas: Well, you can visit Maven Central every day. Couple of times a…

Docker is Not Alone

JFrog Artifactory - The Only Universal Enterprise Repository Manager During DockerCon 2015 in SF, Solomon Hykes asked the audience: "Who is using Docker and nothing else"? No one in the audience raised their hand. Our Developer and DevOps 2015 Survey reinforces this point and adds what developers are using together with Docker. In JFrog’s Developer and…

Advanced repositories - get more out of the box!

The ability  to proxy remote repositories and cache external artifacts from them is crucial whether they are Docker images, NuGet packages, npm, tar.gz files or any of the dependencies we use to create our own products. It speeds up our builds, ensures reliable access, gives control over the bill-of-materials and offers many more benefits making…

Process is Critical So Are the Systems of Record.

You probably read the awesome post in the Netflix Engineering Tools team blog about the build process that Netflix uses to continuously deploy the service that streams movies and TV shows to more than 75 million global Netflix members. And while the post concentrates on the build process - the build tool, the CI server and the…

Artifactory Command Line Interface (CLI) - Pure and Simple

Since writing this post, Artifactory CLI has evolved into JFrog CLI that works with both Artifactory and Bintray. I encourage you to read this follow-up post to learn about the power of the JFrog CLI when working with Artifactory, and then read the follow-up post to learn about the great things you can do with JFrog…

How not to care about unpublishgate

So, you all heard about #npmgate a.k.a. #unpublishgate. Azer removed left-pad from the official npm registry and all hell broke loose. Most of npm builds in the world are failing today because a tiny (17 lines of js code!), but very popular library was obliterated from a central repository  (which teaches us a lesson about…

Meet the all-new Artifactory Online Dashboard

If you haven’t yet heard about our exciting new release of Artifactory 4, then you can read about it in our release notes. It comes with a whole bunch of new features, and most visibly, a brand new UI. Well, our Artifactory Online community is also reaping the benefits of this release, and, in addition…

JFrog CLI (mb)ing to New Heights

Remember Artifactory CLI? That was the tool we released several months ago to simplify your automation scripts while optimizing upload and download of files to and from Artifactory. Well, after hundreds of downloads and a lot of great feedback we got, we decided “what’s good for Artifactory, is good for Bintray too.” So please meet...…

[Case Study] Oracle Managing Artifacts at Scale

How do you manage terabytes of binaries? How do you move mountains of artifacts around the world, at peak performance, all the time? That's what Oracle does, every day. Download the case study to learn why Loreli Cadapan, Director of Development  Operations at Oracle, chose Artifactory to manage the company's binary workflow at industrial scale.  

Let’s prove what we all know is true

There are only a few more days for you to cast your vote for Artifactory at the DevOps Dozen hosted by DevOps.com. Artifactory has been nominated in the category of Repo Manager, and we all know that: Artifactory is the only repo manager that provides full support for Docker (and NuGet, and Npm, and virtually…

Creating a Signed URL Using the Bintray UI

Creating a Signed URL is now available to you through the Bintray friendly User Interface, from start to end. If you are new to Signed URLs, you would rather check out this cool feature. Refer to the REST API Guide at URL Signing, and to the Sign me up! blog, discussing generating Signed URL using…

How smart is your remote repository?

The ability  to proxy remote repositories and cache external artifacts from them is crucial whether they are Docker images, NuGet packages, npm tar.gz files or any of the dependencies we use to create our own products. It speeds up our builds, ensures reliable access , gives control over the bill-of-materials and offers many more benefits…

swampUP 2016: JFrog User Conference

The JFrog User Conference, affectionately known as “swampUP”, is a yearly event where developers and DevOps come together to talk, network, learn from industry visionaries, and...enjoy an endless flow of fine food and wine (who said learning can’t be fun). Last year’s one-day event was so successful (here are some pictures), and generated so much…

Use the right tool for the job: Git LFS with Artifactory

In a recent conversation I had with a developer that works with my wife, who works as the QA Manager for an awesome educational games company, she shared with me a very painful issue that most game developers (probably) share: storing binary assets in Git. This is an issue for everyone in this industry - regardless…

Care for some CocoaPods?

The highlight of the latest release of Artifactory, version 4.5, is support for CocoaPods, and there are a bunch of additional updates which we thought you might like to hear about. CocoaPods - The main event Developing for iOS, watchOS, tvOS or OS X? Jumping on the Swift bandwagon now that it’s open sourced? CocoaPods means…

JFrog Mission Control 1.0 Unleashed.

A couple of months ago we released the preview version of JFrog Mission Control. As a new product, we were eager to get it out there and start getting feedback. Since then we have been in constant contact with dozens of our customers who downloaded it learning what worked well and what was missing. So…

Goodies to Kick Off 2016

Holiday season is over. Gifts were exchanged, miles were traveled, resolutions were made, and much alcohol was consumed. Time to get back to work, renewed and energized for the new year. While we had our share of merry-making here at JFrog, we also managed to get some work done between the revelry, and released Artifactory…

Even more Vagrant love in Bintray

You, of course, know, that for nearly the last two years, you have been downloading your Vagrant software from JFrog Bintray. But recently, Bintray has taken Vagrant support to a whole new level; it is now is a fully fledged Vagrant repository allowing you to distribute your public and private Vagrant boxes from Bintray! As…

Another one bites the Maven Central dust (and saved by Bintray)

Today, I encountered another very detailed blog post on the woes of publishing on Maven Central. Jose Maria Arranz (@jmarranz) explains why he doesn't like Maven in general and publishing to Maven Central in particular (I am with him on a lot of valid points). I can't help quoting: Fortunately when searching for how-to articles…

JFrog's Developer and DevOps Trends Survey 2015

We started running these surveys in 2013 to stay in touch with our developer and DevOps communities, and to understand how they work and the challenges they address on a daily basis. This year’s survey ran from August 25th through September 3rd and received more than a thousand responses, from over 50 countries, mostly, the…

Enterprise Level Access Control with Keys and Entitlements

“Private repositories”, “Teams and Organizations”, “Permissions”..., sounds like that’s all you need to provide secure private downloads. Well, not quite. Those are great features that fit the bill if your consumer is a Bintray user. But what if she isn’t? Well, then there are signed URLs. Those should do the trick. Just sign your file…

Advanced Cleanup Using Artifactory Query Language (AQL)

Each Artifactory administrator has his own methodology and policies for managing binaries within Artifactory, however, cleaning artifacts and freeing up storage space is a common need that every administrator has. As you probably know, Artifactory does provide a few cleanup methods out-of-the-box such as deleting complete versions, limiting the number of snapshots and deleting unused…

Pyramids, Antiques, Maven Central and Sonatype Nexus…

How can you compare one technology or tool to its competitors? Usually, there is no objective comparison available. So how do you know which is better? Eclipse or IntelliJ IDEA? Java EE or Spring? C# or Java? All you can usually find is a holy war and biased comparisons on vendor sites. But luckily, sometimes,…

6 Reasons to Distribute Commercial NuGet Packages through Bintray

Developing on .NET? Then, most likely, you are no stranger to NuGet Gallery. It’s a great place to find public NuGet packages. But is it the best place to host and distribute your own private packages? With the recent addition of native support for NuGet, you can now point your NuGet client to Bintray and…

4 best practices in repository configuration

1. If you are using several technologies, (e.g. Nuget, Maven, NPM, PyPi etc..) define a unique repository for each of them. By doing that you are making sure that all of the build requests are directed to the right place rather than going to a repository that may not even have the necessary packages. 2.…

Jenkins Artifactory Plugin 2.3.0, Hot Off the Press

JFrog has recently released version 2.3.0 of the Jenkins Artifactory Plugin. In case you're not yet familiar with the Jenkins Plugin for Artifactory, here's some background. Artifactory has become the leading binary repository manager available today, and through a series of plugins, it can easily be plugged into the different components of your CI environment.…

AQL: A Comprehensive Query Language for Repositories

One of our mantras here at JFrog is that we’re community driven. At each roadmap meeting we discuss features arising from trends in the industry along with feature requests we frequently get from the Artifactory community. AQL is just such a feature. No… nobody said, “Hey guys, why don’t you build a super efficient query…

Pyramids, Antiques, Maven Central and Sonatype Nexus…

How can you compare one technology or tool to its competitors? Usually, there is no objective comparison available. So how do you know which is better? Eclipse or IntelliJ IDEA? Java EE or Spring? C# or Java? All you can usually find is a holy war and biased comparisons on vendor sites. But luckily, sometimes,…

Fronting Oracle Maven Repository with Artifactory

This post was originally published in The Buttso Blathers blog by Steve Button. Feel free to comment here or there.   The JFrog team announced this week the release of Artifactory 3.5.1, which is a minor update that now works with the Oracle Maven Repository. http://www.jfrog.com/confluence/display/RTF/Artifactory+3.5.1 I spent a little while yesterday having a look…

2014: A Year of Revolution in Continuous Integration

  This note isn’t just a recap of 2014, it is our commitment to the future! 2014 was a crucial year for the development and DevOps world – an explosive inflection point with vendors integrating tools to capture and pass information from development to operations to automate the entire application delivery process. The industry hasn’t…

Docker Has Arrived, But Has Your Ship Really Come In?

In many ways it has. Docker has emerged as the “King of Containers” with more and more enterprises adopting Docker technology to run applications in data centers, on IT infrastructure and developer laptops alike. Docker’s decoupling of applications from their environments has effectively revolutionized how software is run. However, as with any (relatively) new technology,…

Wanna Download? Get Your Signed URLs Here

The new features that  a Bintray Premium account exposes are exactly what you need for commercial software distribution. Private repositories, fine-grained permission management, storage-as-you-go and much more.  Private repositories are a great way to control who can access your artifacts, but what happens if you want to give someone limited access to a specific artifact.…

JFrog leaps ahead with US offices, new investment from VMware

Analyst: Jay Lyman 29 Sep, 2014 Repository and binary management vendor JFrog continues to grow, thanks largely to its new US offices and continued growth of modern, agile, DevOps technologies and methodologies among more mainstream and larger enterprises. In July, JFrog announced $7m series B funding from VMware and previous investor Gemini Israel Ventures. JFrog says the funding has helped it to grow…

Less is More!

A blog I wanted to read prior to Series B I decided to write this blog and share JFrog’s story with you, so if you’re doing or planning any fundraising, you'll have these silver bullets in your pocket to whip out at any decision points along the way. I used some “Getting Your Business Funded”…

Continuous Integration using TFS, NuGet, and Artifactory

This blog shows how Artifactory, a binary repository manager, can be used a) as the storage location for remotely located build references, b) as a drop site for locally built CI artifacts, c) and in a future blog how it can also function as a storage and of all these binaries. For this demo we will use the MyLogger solution.…

The Future of Open Source: Speeding Technology Innovation

As one of the contributors to Black Duck’s eighth annual Future of Open Source Survey, the industry’s leading indicator of open source software (OSS) industry trends, JFrog was pleased to be able to help show the world the true impact of open source software. This was the first year that we decided to take part in the survey.…

Using OneGet with Artifactory

Artifactory, OneGet, NuGet, Chocolatey, and Powershell Setup and Installations Recently there has been an enthusiastic buzz around OneGet, Microsoft’s new download manager for Powershell. With OneGet, Windows now has a first-class deployment manager quite similar to what the *inx folks had for years with the Apt-Get download manager. OneGet is a command line tools which…

Private npm Registry With Artifactory

The main reason for Node‘s explosive popularity is its thriving ecosystem. Likewise, it’s well understood that the main reason for that ecosystem’s growth is npm, Node’s package manager. npmjs.org usage has skyrocketed with statistics showing over 4 Million packages downloaded a day, and over 68,000 packages publicly available, and the numbers just keep going up. In fact,…

Power to the People - Customize and Extend Artifactory with User Plugins

From our experience with thousands of Artifactory users, we know one thing for sure:we don't know better. Every organization does its ALM differently: artifact approval flow, snapshot retention policies, build-to-release flow, governance, required metadata and much, much more - each organization is different. We definitely have some ideas on how the build and deploy process…

Introducing First Class RubyGems Support in Artifactory

Here's a short and down-to-business screen-cast that shows how to set up a feature-rich hosted Ruby Gems repository. You'll get the full monty - local repositories for sharing your private gems, remote repositories to stop being dependent on rubygems.org and a virtual repository that unifies and simplifies configuration. Of course, it plays awesomely with Jenkins, (by using Jenkins…

JFrog catching more enterprises as devops, legacy ops converge

Analyst: Jay Lyman JFrog is a commercial backer of the open source Artifactory repository management software. The company, with offices in Israel and Milpitas, California, reports an increase in enterprise customers melding new, more agile application development and release practices (aka devops) with legacy systems and processes. The company's repository management software and new Bintray for distributing binaries are significant components…

Share Your JavaScript Libraries With The World

Let's face it, developers are lazy (including myself). Philipp Lenssen agrees with this saying in his post by stating: Only lazy programmers will want to write the kind of tools that might replace them in the end. Lazy, because only a lazy programmer will avoid writing monotonous, repetitive code – thus avoiding redundancy, the enemy of…

Fight Crime with GPG

So you deliver your awesome library to hundreds of users each day, but they’re a tough bunch and they’re all like: “Hey man, we gotta see some ID” So you kneel to the whims of the rabble; you generate your GPG key pair and sign each artifact you deliver, because hell if you’re gonna let…

Google and GitHub insist - go store your binaries in a proper place!

Starting July 2nd GitHub is allowing hosting binaries again. Point about Google Code still remains valid. Plus, we believe we still do better job when it comes to binaries, comparing to GitHub, which is awesome (for your sources). Well, first GitHub, and now Google Code, both cease to host your binaries on their platforms. The…

Taking Control of App Releases

Featuring report "Release Management for Enterprises", by RebelLabs Today’s software users have rapidly evolving needs, are mobile, and expect 24/7 connectivity and reliability. So dev teams need to churn out new features and versions frequently to keep up while still making sure that service is not interrupted. Sounds like a tall order, but fail to…

Does Ruby Need a Mature Binary Repository?

At some point in time, a Ruby developer realized the need to serve gems within a private network. The main reasons why: You can't rely onRubyGems.org You need a place to host the gems is not available in RubyGems. Those can be of two flavors: Something not hosted at RubyGems. For example, Vagrant. Something internal (neither open source nor…

wOwSCON 2013

I've been a part of the swamp for over a year now and managed to learn that being a part of the community means much more than sitting in front of the computer and writing code all day long. One of the ways JFrog stays in touch with the community is attending conferences and I…

So, Your Nexus Repository Manager Claims It Supports NuGet. O RLY?

Both Sonatype Nexus Pro and Artifactory Pro claim they support NuGet format for proxying NuGet Gallery and hosting NuGet packages. But the term "support" is rather vague. Let's try to compare the features of the NuGet Support in both tools, down to business. Comparing the full solution is far beyond the scope of a single blog…

3.0.x at Full Speed

You probably already noticed, but just in case - Artifactory 3.0 awesomeness is now delivered to you more frequently than ever. For example, we just released 3.0.2. This minor release completes the databases support matrix by adding PostgreSQL to the mix. In addition to the usual load of bug fixes we introduced a special treatment for `artifactory.content-type` property. Setting it…

Artifactory User Plugins in 5 Screenshots or Less

Actually, less (only 4).Remember the blog post about user plugins? How easy and fast is it to add or change functionality in Artifactory? When you went skeptic, like "come on, it's nice in the blog post, but how useful it really is?" Here's real live example from today:This morning (~09:30 AM in Netanya, Israel) I found…

Beat the binary repository developer (a.k.a. User Plugins)

From our experience with thousands of Artifactory users we know one thing for sure: we don't know better. Every organization does its ALM differently: artifact approval flow, snapshot retention policies, build-to-release flow, governance, needed metadata and much, much more - they are all different. We definitely have some ideas on how the build and deploy…

JavaOne - Next year in Vegas?

OK, my adrenaline is back to normal, and it's time for a wrap-up about JavaOne. As the Main Event in which we participate every year, this year’s JavaOne was big for JFrog. Judge for yourself: at JavaOne 2009 we introduced the Pro and Cloud versions of Artifactory Binaries Repository Manager at JavaOne. At JavaOne 2011…

Replication! What and How.

Update Jul. 24th 2012: As of version 2.6.2  Artifactory also supports event-driven replication. Benefit from all the worlds: pull/push/event-driven!Working in distributed teams isn’t easy. There are time zone differences, language and cultural differences, and… data distribution. When the data you need is away, you are miserable. So, let’s fix it. Bring your data home Let’s take binary…

Go beyond Java with CI server and Artifactory

During the last couple of years, continuous integration (CI) and automated release management methodologies have become much stronger in non-Java builds.Number of familiar tools are used for these methodologies, like the version control system to manages your sources, your build tool to actually build your software from sources and  your build server, which builds your software continuously using…

JFrog jumps at Devops opportunity with continuous integration repository

Analyst: Jay Lyman Israel-based JFrog backs the open source Artifactoryrepository management software, where it finds audience with both application developers and IT operations teams. Its positioning between these two parties managing one of their common challenges in software artifacts and binaries places JFrog at the crux of the devops trend that is pulling development and IT operations together. While…

QCon 2012 - Perfect as Everything in London Should Be

Update 13 Jul. 2012: The video recording of my talk was published on infoq.comIt was JFrog's second QCon London, and it just gets better. Imagine: even the London weather was perfect, not to mention the sessions, booth traffic, show organization and food (what, you say, good English food? Well, great IndoPak food, at least). Due to high demand…

Dependency Management with .NET - Doing it Right

The problem of dependency management is neither new nor original, it exists in all development platforms, and .NET is no different.Let’s go through different solutions and see how they perform. I’ll list them here in no particular order.Keeping dependencies in your source controlThat’s a very popular solution, and for a reason. The benefits are obvious.…

Artifactory - Community Talks

We’d rather have our customers and users be the gauge of how well Artifactory met their Continuous Integration needs, rather than have you listen to our opinion.These are busy days for the froggers getting ready to release 2.4. The buzz is out there and proudly we can see more and more talks that cover Artifactory as…

The Frog Who Turned into a Prince

JFrog’s Artifactory Wins JavaOne 2011 Duke's Choice Award 3 years from the day it was founded, JFrog was recognized by Oracle and the Java community  for Innovation Java Tools for Developer with Duke’s Choice Award at JavaOne 2011.This is not a marketing announcement nor a techie or an executive post, this blog is about how…

The Future of CI at JAX Conf

The Future of CI at JAX Conf - San Jose June, 2011 by Fred SimonThese are exciting days for Continuous Integration users and for us - JFrog Artifactory team.Following the successful CI Summit held in LinkedIn HQ last month, we are now heading to theSan Jose JAX Conf!This year, for the first time, the great European JAX conference…

Thinking in Gradle!

Since my first encounter with Gradle and Hans Dockter (TSSJS 2009 in Las Vegas), I slowly (but surely) started to use this new build tool in many environment and projects.Today, I’m hooked and I don’t think there is a better way to build!But, the main issue I encountered is how to convince other that Gradle is the…

The First Continuous Integration Summit - Video Available!

On April 7th, we held the First Continuous Integration Summit at LinkedIn HQ in the Silicon Valley. We were overbooked a week from opening the event registration page! This enthusiastic response, in addition to the feedback we received (and still getting) from the community, illustrates the great appetite for gaining and learning more about CI technologies and…

Artifactory Vs. Nexus The Integration Matrix

Are you stuck with your vendor stack ?! The up-to-date community-driven feature comparison between Artifactory and Nexus can be found here. The evolution of Continuous Integration, build tools and build servers in the past years has been very impressive. The amount of projects (open source, or not) and tools that were launched and later adopted…

To Build or Not to Be - Seminar Videos

JFrog's Continuous Integration and Build Seminar "To Build or Not to Be", took place on July 1st, 2010 and was a big success.The sessions of Kohsuke Kawaguchi creator of Hudson and CEO of InfraDNA, and Hans Dockter creator of Gradle and CEO of Gradle Inc are now available online.Watch now the videos of "Gradle - A Better Way To Build".and "Doing More with Hudson"  …

The case study of JBoss Repository Manager

Most of the issues encountered by JBoss developers with their new build infrastructure are discussed openly here. This is an important source of information about the problems encountered with a Hudson, Maven and Sonatype-Nexus integration. Since we (JFrog) worked on Hudson, Maven, and Repository Manager environment for many years, we provided some feedbacks to JBoss.  …

Building an Enterprise Repository with Artifactory

*The content of this blog is a translation of a blog posted in Portuguese by Diego Pacheco.*I clearly recall experiencing DLL hell while working predominantly with Microsoft products. We suffered from dependency issues back then and we still suffer from them today.When I started working with Java I suffered from a similar development concern. The specifics are a little…

So you've decided to configure a remote repo and avoid headaches?!

Background There are a lot of public Maven 2 repositories out there (repo1, JBoss, SpringSource, etc.). When setting up your repository manager for your organization, configuring remote repositories can be one of the most difficult tasks. Finding the correct URL for those remote repositories, and more importantly, defining the correct include/exclude patterns for artifacts, is…

Empower Hudson with Artifactory - Track and Replay Your Build Artifacts

Overview In this blog, I will demonstrate how to integrate Hudson with JFrog's Artifactory repository manager to have full build-to-artifacts traceability. We will use Artifactory plug-in to deploy the Hudson build artifacts and track them back to their original build. Keeping the history and reproducibility of code is a must-have for any modern project. Using one of the different…

The one that talks, the one that does!

The one that talks, the one that does! In a blog "Why Putting Repositories in your POMs is a Bad Idea", Sonatype "asked" the open source community to manage their Maven2 POM file correctly.This is a good and important request, since Maven will not work correctly: Over time (due to URL changes) In a closed…

Search-based Promotion - Staging and Promotion Finally Made Simple!

Overiew One of the greatest features of Artifactory 2.1 is the support for artifacts staging and promotion. The idea behind this feature is that in many environments, before exposing a new release for public consumption, the release needs to go through a well-known life-cycle - the release is first made available in a staging environment…

Maven and JavaFX, the story of TwitterFX POM

JavaOne demo Our JavaOne 2009 technical presentation TS-4388 is a demo integrating Maven, JavaFX, Artifactory and WebStart in one smooth process for the developer and site operation manager. So, we were looking for a nice JavaFX demo with source code using external Java dependencies that will demonstrate the ease of use of Maven when using Java libraries.…

Avoiding Clear Text Passwords in Maven

On Secure LDAP Integration: Avoiding Clear Text Passwords in Maven Settings and Controlling Login FallbackFirst, Some BackgroundOne shortcoming of Maven is that it requires you to store your repository passwords in clear text inside the settings.xml file. Now, this stops being mere annoyance and starts becoming a real security hole once your repository's authentication is done…

Re: Contrasting Artifactory and Nexus

I do not care too much about product comparisons coming from product vendors since they are usually biased and written with a single mindset of "how do I make my product look better". Being labeled with an "I'm nonobjective" sticker from the start, I tend to take them with limited trust.I recently came across a blog…

Artifactory 2.0 has been released!

We are pleased to announce the availability of Artifactory 2.0. Artifactory is an advanced Maven repository manager, offering powerful enterprise features, such as LDAP/Active Directory integration and fine-grained permission control, behind an easy-to-use user interface.With this second major release of Artifactory, Artifactory is 100% configurable via an Ajax web UI and is packed with many enterprise-level…

Lists and Contextual Menus, MMI nightmare!

I'm more of a "server side" kind of developer.When I see too much HTML, CSS and Javascript, I need pills!Still, I like to challenge the MVC architecture of UI frameworks. I even wrote my own web framework for fun (but some poor developers, in India I think, are now suffering from it), and played with…