Welcome to the JFrog Blog

Yet Another Case for Using Exclude Patterns in Remote Repositories: Namespace Shadowing (a.k.a. “Dependency Confusion”) Attack

Yet Another Case for Using Exclude Patterns in Remote Repositories: Namespace Shadowing (a.k.a. “Dependency Confusion”) Attack

TL;DR The npm Registry is vulnerable to supply chain namespace shadowing, also known as "Dependency Confusion" attacks. Make sure you create npm scoped packages and force exclude patterns. Long-time Obsession with Exclude Patterns I remember the first JFrog customer training I delivered in February 2012. This slide was the one where I explained the importance…
Our Groundbreaking Partnership with Docker Is a Boon for DevOps Teams

Our Groundbreaking Partnership with Docker Is a Boon for DevOps Teams

Today we’re announcing a big move that will yield substantial, concrete benefits for our customers and for the entire DevOps community: A groundbreaking partnership with Docker that exempts Cloud users of the JFrog DevOps Platform from Docker Hub’s image-pull rate limits. This agreement further boosts JFrog’s vibrant ecosystem of integration partners, built on the “too…
A Two-Way Jira Speedway, the JFrog Artifactory App

A Two-Way Jira Speedway, the JFrog Artifactory App

The path between two clouds ought to be a speedy two-way street. That’s the DevOps pipeline principle behind the JFrog Artifactory App for Jira, which forges a traceable link between your issues in Jira Cloud and your builds in Artifactory on the JFrog DevOps Platform for cloud.  Bringing Issue Tracking to your DevOps Pipeline Once…
Distribute Software Releases Globally with JFrog on AWS

Distribute Software Releases Globally with JFrog on AWS

Release management is a topic that leaders in DevOps teams should be concerned with as organizations move toward implementing systems of automated continuous deployment. The practice will make your organization more efficient, but how do you implement it?   Modernizing your infrastructure for the cloud is essential to distributing trusted releases globally. Many enterprises choose AWS…
Simply the Best: JFrog’s Top DevOps Articles from 2020

Simply the Best: JFrog’s Top DevOps Articles from 2020

In 2020, JFrog’s experts published a treasure trove of content -- blogs, articles, infographics, and more -- to share insights and advice with our customers and the DevOps community at large. In case you missed them -- or want to re-read them -- here’s a list of the most popular ones. They range from a…
SDLC Security: It’s Personal for JFrog

SDLC Security: It’s Personal for JFrog

The SolarWinds hack, which has affected high-profile Fortune 500 companies and large U.S. federal government agencies, has put the spotlight on software development security -- a critical issue for the DevOps community and for JFrog. At a fundamental level, if the code released via CI/CD pipelines is unsafe, all other DevOps benefits are for naught.…
Achieving Continuous Deployment with Artifactory Webhooks & Docker

Achieving Continuous Deployment with Artifactory Webhooks & Docker

Continuous Deployment (CD) requires setting up your infrastructure and automation to update your solution with the latest code change from the main branch. That’s what we call “Liquid Software”. Full automation makes your deployment seamless, less error prone, faster and it makes the feedback loop shorter because you can now deploy after each change. Achieving…
Install JFrog Platform on Kubernetes in Under 20 Minutes

Install JFrog Platform on Kubernetes in Under 20 Minutes

We get it, installing Artifactory and the JFrog DevOps Platform on Kubernetes can be daunting. As easy as we’ve sought to make it with our official JFrog installation Helm charts, there are a lot of decisions to be made. That’s meant to give you the widest possible choice for how to best fit your JFrog…
Infographic: Accelerating Trusted Distribution of Software Innovation, Everywhere

Infographic: Accelerating Trusted Distribution of Software Innovation, Everywhere

Research firm IDC has recently published an infographic (check it out below!) outlining the new requirements for modern software distribution and key guidance for organizations to meet future needs and overcome the bottlenecks in the next era of large-scale application delivery. With the advent of DevOps and modern delivery practices, organizations are becoming better at…