Welcome to the JFrog Blog

GitLab vs JFrog: Who Has the Right Stuff?

GitLab vs JFrog: Who Has the Right Stuff?

Like the historic space race, the competition to plant the flag of DevOps is blasting off which makes it an exciting moment for the community. According to market intelligence firm IDC, global business will invest $6.8 trillion in digital transformation by 2023. Yet research also suggests that 70 percent of them will fail to meet…
Update Repositories for PHP Composer v2 in JFrog Artifactory

Update Repositories for PHP Composer v2 in JFrog Artifactory

If you’re among the nearly one in four professional developers using PHP (according to StackOverflow’s 2021 survey), then the maintainers of Composer would really like you to migrate from v1 of the PHP package manager to v2.  On October 24 2020, Composer 2.0.0 was released with some major improvements.Since almost eight out of every ten…
JFrog Xray + Splunk + SIEM: Towards Implementing a Complete DevSecOps Strategy

JFrog Xray + Splunk + SIEM: Towards Implementing a Complete DevSecOps Strategy

Making security an intrinsic part of a DevOps pipeline is a “must-have” for organizations looking to secure their applications earlier in the development process.  The combination of JFrog Artifactory and JFrog Xray enables organizations to build security into all phases of their software development lifecycle, so they can proactively detect and mitigate open source software…
A Peek at JFrog’s Iron Bank Accreditation for Xray and Artifactory

A Peek at JFrog’s Iron Bank Accreditation for Xray and Artifactory

JFrog Artifactory and JFrog Xray recently underwent a rigorous hardening process to earn accreditation for inclusion in the U.S. Department of Defense’s Iron Bank, a centralized repository of digitally-signed and hardened container images. In this blog post, we’re pulling back the curtain on the process, in order to share our insights and lessons learned with…
Delivering on Our Commitments to the Public Sector with Iron Bank Certification

Delivering on Our Commitments to the Public Sector with Iron Bank Certification

Serving our customers in the public sector, including government agencies and contractors, is both a great honor and a major responsibility for JFrog. The applications and digital services that they release have a direct impact on the well-being of our communities, across critical areas including national defense, healthcare, public safety, education and more. Today, I’m…
Set Up a Remote Repository in Artifactory To Proxy Iron Bank Images

Set Up a Remote Repository in Artifactory To Proxy Iron Bank Images

U.S. Department of Defense (DoD) teams that manage DevSecOps software factories or that use DevSecOps factories to develop, secure and operate mission applications, need a trusted repository management system to store their local artifacts as well as artifacts pulled from Iron Bank, the DoD’s central repository of hardened container images. Artifacts that are stored include…
The More the Merrier: Multi-Arch Docker Manifests with Buildx and Artifactory

The More the Merrier: Multi-Arch Docker Manifests with Buildx and Artifactory

The cloud native promise to be able to “build once, deploy anywhere” is nearly fulfilled. With containerization and Docker, we can build our applications and services for any environment, and set configuration at runtime. Well,... almost. Operating systems and apps still need to be compiled to execute on specific architecture types. Your software that’s been…
No Internet? No Problem. Use Artifactory with an Air Gap – Part I

No Internet? No Problem. Use Artifactory with an Air Gap – Part I

Virtually all development organizations need access to remote public resources such as Maven Central, NuGet Gallery, npmjs.org, Docker Hub etc., to download dependencies needed for a build. One of the big benefits of using Artifactory is its remote repositories which proxy these remote resources and cache artifacts that are downloaded. This way, once any developer…
How to set up a Private, Remote and Virtual npm Registry

How to set up a Private, Remote and Virtual npm Registry

The simplest way to manage and organize your Node dependencies is with an npm repository. You need reliable, secure, consistent and efficient access to your dependencies that are shared across your team, in a central location. Including a place to set up multiple registries, that work transparently with the npm client. With the JFrog free…