Welcome to the JFrog Blog

Head-to-Head: Penetration Testing vs. Vulnerability Scanning

Head-to-Head: Penetration Testing vs. Vulnerability Scanning

To release reasonably secure products, vendors must integrate software security processes throughout all stages of the software development lifecycle. That would include product architecture and design; implementation and verification; deployment and monitoring in the field; and back again to design to address the changing threat landscape, market needs, and product issues. In this blog post,…
Delivering on Our Commitments to the Public Sector with Iron Bank Certification

Delivering on Our Commitments to the Public Sector with Iron Bank Certification

Serving our customers in the public sector, including government agencies and contractors, is both a great honor and a major responsibility for JFrog. The applications and digital services that they release have a direct impact on the well-being of our communities, across critical areas including national defense, healthcare, public safety, education and more. Today, I’m…
Set Up a Remote Repository in Artifactory To Proxy Iron Bank Images

Set Up a Remote Repository in Artifactory To Proxy Iron Bank Images

U.S. Department of Defense (DoD) teams that manage DevSecOps software factories or that use DevSecOps factories to develop, secure and operate mission applications, need a trusted repository management system to store their local artifacts as well as artifacts pulled from Iron Bank, the DoD’s central repository of hardened container images. Artifacts that are stored include…
Transformers ’21: Changing the Lens – Manager vs. Developer

Transformers ’21: Changing the Lens – Manager vs. Developer

As we wrap up our series on JFrog “transformers” in honor of International Programmers Day, we’d like you to meet Kavita Viswanath, General Manager, JFrog India, and Batel Zohar, JFrog Developer Advocate. Through their experiences, we’ll look at the two sides of DevOps -- the behind the scenes purview of management and the impact of…
Transformers ‘21: Manisha Sahasrabudhe, Director of Product, JFrog

Transformers ‘21: Manisha Sahasrabudhe, Director of Product, JFrog

As we continue our series on JFrog “transformers” in honor of International Programmers Day, we introduce you to Manisha Sahsrabudhe, who transformed  her career as a software programmer focused on code, to becoming an entrepreneur co-founding a continuous delivery company, Shippable,  to Director of Product at JFrog. Shippable, a DevOps automation platform that easily connects DevOps…
Transformers ‘21: Melissa McKay, Developer Advocate, JFrog

Transformers ‘21: Melissa McKay, Developer Advocate, JFrog

As we continue our series on JFrog "transformers" in honor of International Programmers Day, today we meet Melissa McKay, a Developer Advocate on the JFrog Developer Relations team. Melissa’s career has taken her from writing code to presenting her tips and techniques to other developers all over the world. A true transformer, she wears many hats…
Managing IoT Software Updates at Scale: Our Acquisition of Upswift

Managing IoT Software Updates at Scale: Our Acquisition of Upswift

With the increasing proliferation of connected devices, it might be assumed that deploying software to devices, providing incremental updates, application security and IoT device management at scale are all rolled into companies’ DevOps pipelines as one big happy portfolio. Sadly, this has not been the case to date. Most IoT software updates and management solutions…
International Programmers Day 2021: Celebrating Those on the Front Lines of Digital Transformation

International Programmers Day 2021: Celebrating Those on the Front Lines of Digital Transformation

Happy International Day of the Programmer to the coders out there programming our digital world. It is your work and commitment that make the technical community thrive. You create the foundation for the innovations transforming the way we work and live. In honor of International Day of the Programmer and spirit of transformation, we’re going…
Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling

Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling

JFrog Security research teams are constantly looking for new and previously unknown vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered a potentially critical vulnerability in HAProxy, a widely used open-source load balancer proxy server that is particularly suited for very high traffic web sites…