Welcome to the JFrog Blog

Latest from JFrog Platform :

Gain Clarity on Cloud Usage with Enhanced Monitoring from MyJFrog

November 20, 2024 The JFrog Team

5 min read

We can all agree that visibility into resource usage is crucial for optimizing performance and managing costs to drive your business — especially in today’s cloud-driven world. MyJFrog is a comprehensive management portal for overseeing JFrog cloud platform instances and subscriptions. It provides a centralized control tower to manage and monitor subscriptions, resources, and usage.…

Read More
Collect and Manage your Binary Metadata using Build-Info

Collect and Manage your Binary Metadata using Build-Info

February 8, 2023 adia | 7 min read

Our modern life depends on software from the most trivial to critical task. How software is built, behaves and what it actually contains are fundamental questions that almost all stakeholders of the Software Development Life Cycle (SDLC) need to know. Being able to effectively manage your binaries (aka software packages, artifacts, containers, images…) provides full…
Read More
Detecting Malicious Packages and How They Obfuscate Their Malicious Code

Detecting Malicious Packages and How They Obfuscate Their Malicious Code

January 30, 2023 Jonathan Sar Shalom, Director of Threat Research | 14 min read

Wow! We made it to the last post in our Malicious Packages series. While parting is such sweet sorrow, we hope blogs one, two, and three provide insights into the havoc malicious packages cause throughout your DevOps and DevSecOps pipelines.  In the prior posts: We explained what software supply chain attacks are and learned the…
Read More
What Is Artifactory? | JFrog

What Is Artifactory? | JFrog

April 30, 2025 JFrog Team | 9 min read

The modern software supply chain is complex. JFrog internal data shows that most enterprises use 12+ package types and 90 percent of applications depend on open source software. Additionally, there is a wide array of tools to support the software development process, including Source Code Managers (SCMs), Integrated Development Environments (IDEs), CI/CD suites, and more.…
Read More
What’s in your build? Building Images in OpenShift with Artifactory and JFrog CLI

What’s in your build? Building Images in OpenShift with Artifactory and JFrog CLI

December 14, 2022 Asaf Gabai, Software Engineer, JFrog Ecosystem Team | 3 min read

Red Hat OpenShift is an enterprise Kubernetes container platform. It lets you build Docker images and use them to deploy your applications on a cloud-like environment (even if it’s not really on the cloud, rather a simulated cloud environment). Images built in OpenShift can be easily pushed into JFrog Artifactory - JFrog’s leading universal repository…
Read More
Cloud Marketplaces: How to Move “Tail Spend” to “Strategic Spend”

Cloud Marketplaces: How to Move “Tail Spend” to “Strategic Spend”

December 5, 2022 Christine Puccio, VP of Global Cloud Alliances, JFrog | 7 min read

As macroeconomic pressures increase, it’s common to hear more in corporate hallways about “Tail Spend.” But what is it, and how can companies move this sometimes-shadowy expenditure into a strategic advantage for IT and DevOps teams? TOC: Here are some answers to commonly asked questions: What's Tail Spend? Where can I find Tail Spend in my…
Read More
IDC LINK: JFrog Introduces New Software Supply Chain Security Capabilities

IDC LINK: JFrog Introduces New Software Supply Chain Security Capabilities

December 6, 2022 The JFrog Team | 3 min read

As software becomes increasingly complex, the need to secure the software supply chain becomes more important — and more difficult.  But how can businesses address the challenges of securing their software supply chain? The International Data Corporation (IDC) offers critical insight. Following the release of JFrog Advanced Security on October 18, 2022 – the world’s…
Read More
Five Examples of Infection Methods Attackers Use to Spread Malicious Packages

Five Examples of Infection Methods Attackers Use to Spread Malicious Packages

October 31, 2022 Jonathan Sar Shalom, Director of Threat Research, JFrog | 13 min read

Welcome to the second post in our series on Malicious Software Packages. This post focuses on the infection methods attackers use to spread malicious packages, and how the JFrog Security research team unveiled them. If you missed the first blog, here are some key takeaways: Third-party software packages contain vulnerabilities or malicious code delivered through…
Read More
Tour Terraform Registries in Artifactory

Tour Terraform Registries in Artifactory

October 26, 2022 Rakesh Krishna, Sean Pratt, Krishna Jonnalagadda | 8 min read

Why should you keep Terraform module, provider, and backend registries in a binary repository manager like Artifactory? Because, like your builds, packages, and other artifacts, your Terraform files are a key part of your software supply chain. Terraform is a widely used open source infrastructure-as-code (IaC) software tool to manage the entire lifecycle of cloud…
Read More
Enterprise Package Management for Everyone

Enterprise Package Management for Everyone

October 25, 2022 The JFrog Team | 5 min read

Suppose you asked developers in the mid-2000s how they managed and compiled their binaries. You'd probably hear some anxiety-inducing answers (e.g., storing packages in git repositories or insecure file stores). Thankfully, organizations currently have various options for managing their first or third-party packages, dependencies, and containers. Different tools offer different levels of package support and…
Read More
Malicious Packages Are a Rising Threat in Software Supply Chain Attacks

Malicious Packages Are a Rising Threat in Software Supply Chain Attacks

October 24, 2022 Jonathan Sar Shalom, Director of Threat Research, JFrog | 7 min read

Welcome to the first post in the malicious software packages series for the DevOps and DevSecOps community. This technical series will focus on various malicious packages and their effects on the software supply chain. We’ll dive deeper into malicious packages in each post, including  Defining software supply chain attacks and learning the critical role that malicious…
Read More

Popular Tags