Welcome to the JFrog Blog

Latest from Xray :

How to Connect the JFrog Platform to Your GitHub Environment to Create a Seamless Integration

May 30, 2024 Batel Zohar, JFrog Developer Advocate Carmit Hershman, JFrog Senior Software Architect, CTO Office

8 min read

The latest JFrog collaboration with GitHub enables you to easily combine your favorite solutions for source code and binaries in a seamless integration. This means you now have a unified comprehensive and secure end-to-end experience that supports your software projects. This integration covers everything from curating open source packages, coding, CI, release management, deployment and…

Read More
GitHub and JFrog Partner To Unify Code and Binaries for DevSecOps

GitHub and JFrog Partner To Unify Code and Binaries for DevSecOps

May 29, 2024 adia | 5 min read

Note: This post is co-authored by JFrog and GitHub and has also been published on the GitHub blog As the volume of code continues to grow exponentially, software developers, DevOps engineers, operations teams, security specialists, and everyone else who touches code are increasingly spending their time in the weeds of securing, delivering, and scaling software.…
Read More
3 Key Considerations for Securing Your Software Supply Chain

3 Key Considerations for Securing Your Software Supply Chain

May 16, 2024 zoer | 3 min read

An organization's software supply chain includes all the elements involved in developing and distributing software, such as components, tools, processes, and dependencies. Each link in this important chain presents the potential for security threats. Recent research conducted by Gartner shows a major increase in attacks targeting code, tools, open-source components, and development processes, particularly in…
Read More
Removing Friction Between DevOps and Security is Easier than you Think

Removing Friction Between DevOps and Security is Easier than you Think

May 8, 2024 drewt | 11 min read

Removing friction between DevOps and Security teams can only lead to good things. By pulling in the same direction, DevOps can make sure developers continue to work with minimum interruption, while automation and background processes make security more effective and consistent than before. And, security teams have the visibility and understanding of the software development…
Read More
JFrog Security research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories

JFrog Security research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories

April 30, 2024 adia | 19 min read

As key parts of the software ecosystem, and as partners, JFrog and Docker are working together to strengthen the software ecosystem. Part of this effort by JFrog's security research team involves continuous monitoring of open-source software registries in order to proactively identify and address potential malware and vulnerability threats. In former publications, we have discussed…
Read More
Ensure your models flow with the JFrog plugin for MLflow

Ensure your models flow with the JFrog plugin for MLflow

April 25, 2024 adia | 6 min read

Just a few years back, developing AI/ML (Machine Learning) models was a secluded endeavor, primarily undertaken by small teams of developers and data scientists away from public scrutiny. However, with the surge in GenAI/LLMs, open-source models, and ML development tools, there's been a significant democratization of model creation, with more developers and organizations engaging in…
Read More
Elevate and Streamline Your Developer Experience with JFrog-Coder Fusion

Elevate and Streamline Your Developer Experience with JFrog-Coder Fusion

April 10, 2024 adia | 5 min read

It’s a scenario many developers know all too well: a configuration works flawlessly for one team member but doesn’t work for you. Starting a new job brings with it the excitement of fresh challenges and opportunities. However, it also entails the often painful task of setting up your development environment—a process that can be both…
Read More
Friction between DevOps and Security – Here’s Why it Can’t be Ignored

Friction between DevOps and Security – Here’s Why it Can’t be Ignored

April 3, 2024 drewt | 5 min read

Note: This post is co-authored by JFrog and Sean Wright and has also been published on Sean Wright's blog. DevOps engineers and Security professionals are passionate about their responsibilities, with the first mostly dedicated to ensuring the fast release and the latter responsible for the security of their company's software applications. They have many common…
Read More
CVE-2024-3094 XZ Backdoor: All you need to know

CVE-2024-3094 XZ Backdoor: All you need to know

March 31, 2024 adia | 14 min read

Update April 1st - Updated "What is the malicious payload of CVE-2024-3094?" due to newly released OSS tools Update April 7th - Updated "What is the malicious payload of CVE-2024-3094?" due to more published payload research   On March 29th, it was reported that malicious code enabling unauthorized remote SSH access has been detected within…
Read More
Tips from a CSO: How to Secure Your Software Supply Chain

Tips from a CSO: How to Secure Your Software Supply Chain

March 25, 2024 zoer | 8 min read

Trust is vital to success in our industry. Whether you’re creating and managing software for use internally, by other businesses, or direct-to-consumer, you need to be able to create trust with your end users. This can be accomplished, in part, by showing evidence of security measures, bringing the right people and tactics to the table,…
Read More

Popular Tags