Welcome to the JFrog Blog

Bring Xray Out of the Box with Dependency and Binary Scanning

Bring Xray Out of the Box with Dependency and Binary Scanning

Shifting left security means you, the developer, catching and fixing vulnerabilities and license violations early in the SDLC. That’s why Xray scans binaries pushed to Artifactory by your builds, and alerts you when there are issues with your dependencies. But catching them earlier, even before checking in code, can be important for developers shifting left.…
JFrog Detects Malicious PyPI Packages Stealing Credit Cards and Injecting Code

JFrog Detects Malicious PyPI Packages Stealing Credit Cards and Injecting Code

Software package repositories are becoming a popular target for supply chain attacks. Recently, there has been news about malware attacks on popular repositories like npm, PyPI, and RubyGems. Developers are blindly trusting repositories and installing packages from these sources, assuming they are secure. Sometimes malware packages are allowed to be uploaded to the package repository,…
JFrog and Vdoo: Better Together

JFrog and Vdoo: Better Together

JFrog customers will soon enjoy end-to-end, holistic security across their software lifecycle -- from development to devices -- as the technology of recently-acquired Vdoo gets integrated into the JFrog DevOps Platform. That was the pledge made by JFrog and Vdoo leaders during their first joint webinar, in which they explained why JFrog acquired Vdoo, how…
How to Accelerate Software Delivery with Hybrid Cloud CI/CD

How to Accelerate Software Delivery with Hybrid Cloud CI/CD

Are you looking for solutions to deliver rapid application development and iterations? You’re not alone. To accomplish this, many organizations are embracing cloud native containers across multiple cloud providers. The reason? This strategy reduces the risk of vendor lock-in, and helps you scale the application infrastructure horizontally.  In their recent swampUP 2021 talk “Going Serverless,…
The Biggest DevSecOps Hits From swampUP 2021

The Biggest DevSecOps Hits From swampUP 2021

In the wake of recent events like the SolarWinds hack and the White House executive order on cybersecurity, DevSecOps and security are top-of-mind for most DevOps and security professionals.  How to efficiently adapt or adopt a sound DevSecOps practice has become a priority, especially with the U.S. government’s impending mandate requiring software applications to be…
Drive DevSecOps Visibility with JFrog Partner Integrations

Drive DevSecOps Visibility with JFrog Partner Integrations

If you need your teams to act, you need to alert them where they’re already looking. Yet yesterday’s DevOps practices demand individuals to wrangle with uncorrelated events, multiple UIs, and siloed technologies. Tomorrow’s DevOps must enable teams with: Unified Data Single Pane Dashboard Integrated Platform To practice DevSecOps, you’ll need to know where a vulnerable…
JFrog CloudFormation Modules Make Provisioning to AWS Easy and Secure

JFrog CloudFormation Modules Make Provisioning to AWS Easy and Secure

A routine cloud operations task should have a routine solution. That’s why we’ve just made it a lot easier to install and maintain self-hosted instances of the JFrog DevOps Platform on AWS, through AWS CloudFormation. To further simplify the effort of self-hosting Artifactory and Xray on AWS, we’ve just published a set of AWS CloudFormation…
JFrog Product Leaders Answer swampUP Attendees’ Burning Questions

JFrog Product Leaders Answer swampUP Attendees’ Burning Questions

In a live, unscripted “ask me anything” session, a group of JFrog product leaders candidly answered questions from swampUP attendees, with topics ranging from newly-announced JFrog products and capabilities to current cybersecurity concerns that impact DevOps teams. Because the lively discussion yielded so many great questions and answers, we’ve put together here a summary of…
US Executive Order on Cybersecurity: What it Means for DevOps

US Executive Order on Cybersecurity: What it Means for DevOps

The United States Government equates cybersecurity with national security.  That’s the crux of the recent Executive Order that will mandate that not only must software applications be vetted, but there will be upcoming regulations on providing all of the components that make up the software. As section 1 notes:  “prevention, detection, assessment, and remediation of…