From the Frog's mouth

All Blogs

Security

DevOps

AI/ML

IoT

Cloud

Industries

Integrations & Partners

News & Community

Friction between DevOps and Security – Here’s Why it Can’t be Ignored

April 3, 2024 Sean Wright, Head of Application Security, Featurespace Paul Davis, Field CISO | 5 min read

Note: This post is co-authored by JFrog and Sean Wright and has also been published on Sean Wright's blog. DevOps engineers and Security professionals are passionate about their responsibilities, with the first mostly dedicated to ensuring the fast release and the latter responsible for the security of their company's software applications. They have many common…

CVE-2024-3094 XZ Backdoor: All you need to know

March 31, 2024 Shachar Menashe, JFrog VP Security Research Jonathan Sar Shalom, JFrog Director of Threat Research Brian Moussalli, JFrog Malware Research Team Leader | 14 min read

Update April 1st - Updated "What is the malicious payload of CVE-2024-3094?" due to newly released OSS tools Update April 7th - Updated "What is the malicious payload of CVE-2024-3094?" due to more published payload research On March 29th, it was reported that malicious code enabling unauthorized remote SSH access has been detected within…

The State of Software Supply Chain Security in 2024

March 27, 2024 Sean Pratt, JFrog Senior Product Marketing Manager | 4 min read

In today's fast-paced software development landscape, managing and securing the software supply chain is crucial for delivering reliable and trusted software releases. With that in mind, it’s important to assess whether your organization is set up to handle the continuous expansion of the open-source ecosystem and an ever-growing array of tools to incorporate into your…

Tips from a CSO: How to Secure Your Software Supply Chain

March 25, 2024 Moran Ashkenazi, JFrog Chief Security Officer | 8 min read

Trust is vital to success in our industry. Whether you’re creating and managing software for use internally, by other businesses, or direct-to-consumer, you need to be able to create trust with your end users. This can be accomplished, in part, by showing evidence of security measures, bringing the right people and tactics to the table,…

NPM Manifest Confusion: Six Months Later

March 26, 2024 Andrey Polkovnichenko, JFrog Security Researcher | 9 min read

Several months ago, Darcy Clarke, a former Staff Engineering Manager at GitHub, discovered the “Manifest Confusion” bug in the npm ecosystem. The bug was caused by the npm registry not validating whether the manifest file contained in the tarball (package.json) matches the manifest data published to the npm server. Clarke claims this to be a…

Software Ate the World, but Digital Transformation Can Give You Indigestion

March 14, 2024 Paul Garden, JFrog DevOps & Security Industry Solutions | 7 min read

In today's digitally-driven world, organizations rely heavily on software applications to streamline services, provide operations, engage customers, and drive innovation through digital transformation. Software has also become the lynchpin for securing an entire business’ services and keeping them up and running. Yet, this omnipresent force comes with its own set of challenges. The importance of…

How a DevOps Company Does DevOps

March 6, 2024 Noam Zilberman, JFrog Sr. Director of Engineering Productivity/DevX | 6 min read

At JFrog, we believe in practicing what we preach by "drinking our own champagne." This means that we not only develop and deliver market-leading products but also utilize our own solutions in our development processes. When it comes to managing development environments, we aim to implement the best-in-class approaches. By adopting these top-tier practices, we…

How to set up a Private, Remote and Virtual Docker Registry

March 5, 2024 Melissa McKay, JFrog Developer Advocate | 7 min read

The simplest way to manage and organize your Docker images is with a Docker registry. You need reliable, secure, consistent and efficient access to your Docker images that's shared across your team in a central location, including a place to set up multiple registries that work transparently with the Docker client. There are three different…

Advancing MLOps with JFrog and Qwak

February 28, 2024 Yonatan Arbel, JFrog Developer Advocate Shay Bagants, JFrog Software Architect | 5 min read

Modern AI applications are having a dramatic impact on our industry, but there are still certain hurdles when it comes to bringing ML models to production. The process of building ML models is so complex and time-intensive that many data scientists still struggle to turn concepts into production-ready models. Bridging the gap between MLOps and…

Four Key Lessons for ML Model Security & Management

February 21, 2024 Zohar Sacks, JFrog Senior Director of Product | 6 min read

With Gartner estimating that over 90% of newly created business software applications will contain ML models or services by 2027, it is evident that the open source ML revolution is well underway. By adopting the right MLOps processes and leveraging the lessons learned from the DevOps revolution, organizations can navigate the open source and proprietary…

Welcome to the JFrog Blog

Latest:

Gain Clarity on Cloud Usage with Enhanced Monitoring from MyJFrog