Welcome to the JFrog Blog

JFrog’s Best DevSecOps Blogs of 2021

JFrog’s Best DevSecOps Blogs of 2021

Always a concern for DevOps teams, security has now become a critical part of developing and releasing software – a reality reflected on the sharp increase in JFrog blogs about DevSecOps. In fact, we generated so many hard-hitting and instructive blogs about security and compliance in 2021 that we decided our DevSecOps coverage deserved its…
Pulling All Your Kubernetes Cluster Images from a Private Artifactory Registry

Pulling All Your Kubernetes Cluster Images from a Private Artifactory Registry

There are many benefits to working with JFrog Artifactory as your private Docker registry, allowing you to store, share and deploy your binary artifacts in a single source of truth. This blog post will focus on using Artifactory in Kubernetes. Specifically, we’ll walk through the steps for configuring Kubernetes to pull images from Artifactory and…
Log4j Vulnerability Alert: 100s of Exposed Packages Uncovered in Maven Central

Log4j Vulnerability Alert: 100s of Exposed Packages Uncovered in Maven Central

The high risk associated with newly discovered vulnerabilities in the highly popular Apache Log4j library - CVE-2021-44228 (also known as Log4Shell) and CVE-2021-45046 - has led to a security frenzy of unusual scale and urgency. Developers and security teams are pressed to investigate the impact of  Log4j vulnerabilities on their software, revealing multiple technical challenges…
Catching Log4j in the Wild: Find, Fix and Fortify

Catching Log4j in the Wild: Find, Fix and Fortify

At many organizations, the surprise discovery that the widely used Apache log4j open source software has harbored a longtime critical vulnerability was as if Scrooge and the Grinch had teamed up for the biggest holiday heist of all. Incident response teams across the globe have scrambled to remediate thousands, if not millions of applications. “For…
Log4j Log4Shell Vulnerability Q&A

Log4j Log4Shell Vulnerability Q&A

In our recent webinar, Log4j Log4Shell Vulnerability Explained: All You Need To Know, our  Senior Director Security Research expert Shachar Menashe shared information on the security issue and how to detect and remediate it. We are happy to share additional information in the following Q&A, based on the questions raised during the webinar. The Log4j…
Your Log4shell Remediation Cookbook Using the JFrog Platform

Your Log4shell Remediation Cookbook Using the JFrog Platform

UPDATED 1/14/2022: Added information on JFrog tool to patch Docker images in Artifactory repositories. Last week, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java (specifically, the 2.x branch called Log4j2). The vulnerability was originally discovered and reported to…
Glide to JFrog DevSecOps with the New Experience

Glide to JFrog DevSecOps with the New Experience

We're excited to share with you that we have launched a completely new way to start using the JFrog DevOps Platform that you – as a developer – will love. We’ve provided a super-easy, developer-friendly path to discovering how Artifactory and Xray can help you produce safer apps, faster, getting started through the command line…
With AWS EKS Anywhere, DevOps with Artifactory Can Be Everywhere

With AWS EKS Anywhere, DevOps with Artifactory Can Be Everywhere

With all the focus on public cloud infrastructures, it’s easy to believe that there is no room for on-premises deployments of infrastructure. However, on-prem deployments are not likely to completely go away because often it’s just the right thing to do. If you operate in highly regulated environments, with a need for heightened security over…
Announcing the JFrog Slack App for Artifactory and Xray Cloud

Announcing the JFrog Slack App for Artifactory and Xray Cloud

Imagine a world where every team member could directly contribute to software together. We’re living in that world now. With more than 10 million daily active users, Slack is one of the most ‘lived in’ collaboration tools used by software development teams around the world. With this in mind, JFrog is excited to announce that…