Welcome to the JFrog Blog

Latest:

Mind Your Dependencies: Defending against malicious npm packages

January 25, 2022 Ilya Khivrich

6 min read

Modern software projects are mostly composed of open source code. The question of who really controls this code, and is responsible for detecting and fixing software supply chain security issues, became a significant source of concern after the discovery of the Log4Shell vulnerability. In a more recent development, the highly popular colors and faker npm…

Read More
Building a Company From 1-1,000: Scaling HR One Leap at a Time

Building a Company From 1-1,000: Scaling HR One Leap at a Time

January 20, 2022 Keren Massad, CHRO | 6 min read

Over a decade ago, our CEO, Shlomi Ben Haim, approached me to lead HR for JFrog. I wasn’t yet an employee, and at that point JFrog had only 15 people on staff. I said no. Why would JFrog need HR with 15 employees? His answer to me is the essence of how we have built…
Read More
No Internet? No Problem. Use Xray with an Air Gap – Part II

No Internet? No Problem. Use Xray with an Air Gap – Part II

January 19, 2022 Tal Yitzhak | 6 min read

With software supply chain attacks on the rise, implementing DevSecOps best practices in an air gapped environment is a must. In an effort to secure an organization’s internal network, there is an increasing trend of separating the internal network from the external one. Essentially creating an enclosed and disconnected environment from the public internet. An…
Read More
JFrog’s Best DevOps Blogs of 2021

JFrog’s Best DevOps Blogs of 2021

January 13, 2022 JFrog Team | 7 min read

In 2021, JFrog provided a steady stream of insightful articles about software release trends, DevOps best practices, JFrog innovations and more. Here we’ve selected what we consider the best posts of last year, in case you missed them or want to re-read them. You’ll find primers on how our customers benefit from our trailblazing partnership…
Read More
JFrog’s Best DevSecOps Blogs of 2021

JFrog’s Best DevSecOps Blogs of 2021

January 13, 2022 JFrog Team | 7 min read

Always a concern for DevOps teams, security has now become a critical part of developing and releasing software – a reality reflected on the sharp increase in JFrog blogs about DevSecOps. In fact, we generated so many hard-hitting and instructive blogs about security and compliance in 2021 that we decided our DevSecOps coverage deserved its…
Read More
Meet JFrog’s Newest Board Member – Meerah Rajavel, Citrix CIO and Technology Industry Veteran

Meet JFrog’s Newest Board Member – Meerah Rajavel, Citrix CIO and Technology Industry Veteran

January 10, 2022 Micheline Nijmeh | 13 min read

As JFrog continues to grow, having solid guidance and the right mix of talent on our board is important to help us reach our goals. We are honored to have recently welcomed seasoned business technology leader, Meerah Rajavel, to our Board of Directors. Meerah’s extensive experience in revenue growth, go-to-market, and business transformation strategies will…
Read More
Check Out JFrog’s New Community Site for Developers

Check Out JFrog’s New Community Site for Developers

January 7, 2022 Lori Lorusso, Developer Relations Community Manager, JFrog | 3 min read

JFrog has been hard at work behind the scenes restructuring how we share information with the developer community. We wanted to create a one-stop resource for developers who code in a variety of languages, with a focus on DevOps, DevSecOps, and cloud native technologies. So without further ado … let me introduce you to our…
Read More
The JNDI Strikes Back – Unauthenticated RCE in H2 Database Console

The JNDI Strikes Back – Unauthenticated RCE in H2 Database Console

January 6, 2022 Andrey Polkovnychenko and Shachar Menashe | 12 min read

Update 07/01/22 - Added credit to researcher @pyn3rd for similar independent previous findings in Acknowledgements section A short preamble Very recently, the JFrog security research team has disclosed an issue in the H2 database console which was issued a critical CVE - CVE-2021-42392. This issue has the same root cause as the infamous Log4Shell vulnerability…
Read More
DevOps 2022: 5 Big Rocks to Harness the Software Supply Chain

DevOps 2022: 5 Big Rocks to Harness the Software Supply Chain

January 5, 2022 Shlomi Ben Haim, CEO | 10 min read

Together with the community, JFrog pioneered what we now know as DevOps with a focus on binaries (aka software packages, artifacts or images). A decade ago, no one thought binary management would be a thing -- now it’s a standard most companies can’t live without. Back then, we said software universality would be necessary, and…
Read More
Cloud Nimble: The Next Evolution

Cloud Nimble: The Next Evolution

January 4, 2022 Gianni Truzzi | 7 min read

Over the last several years, systems architects have had to make sure their systems are cloud native, with applications that are optimized for scalable cloud technology infrastructure. In today’s environment, you should be asking whether your solutions are cloud nimble as well. For the modern enterprise, cloud computing is now the default model for applications,…
Read More

Popular Tags

Try the JFrog Platform

In the cloud or self-hosted

Start for Free

or Book a Demo