Welcome to the JFrog Blog

Don’t waste time on irrelevant false positive alerts in your source code

Don’t waste time on irrelevant false positive alerts in your source code

Are you tired of using security tools that generate endless results, making it impossible to identify actual risks? Do you struggle with inefficient prioritization due to a lack of context, making the process of assessing and remediating vulnerabilities a time-consuming nightmare? Look no further than JFrog’s Contextual Analysis, available as part of the "jf audit"…
Prevent Credential Exposure in Code

Prevent Credential Exposure in Code

In today's software development world, developers rely on numerous types of secrets (credentials), to facilitate seamless interaction between application components. As modern applications become more complex and require authentication for services and dependencies, the practice of hardcoding secrets during software development is on the rise. The most common types of credentials are: Application Program Interface…
swampUP 2023 – Top 10 Reasons To Attend

swampUP 2023 – Top 10 Reasons To Attend

JFrog’s DevOps and DevSecOps user conference is a unique and inspiring in-person event. Here’s why you don’t want to miss it! Wednesday, September 13 | San Jose, California Get lessons learned on how industry-leading companies are approaching their DevOps and DevSecOps challenges - with fellow practitioners that have implemented large scale solutions. Including companies such…
JFrog and Atlassian simplify DevOps-Centric security

JFrog and Atlassian simplify DevOps-Centric security

Atlassian has long been helping agile teams collaborate, track progress, and manage projects more efficiently, and is now simplifying software security for Jira Software Cloud users. We’re excited to announce that JFrog has joined Atlassian as a security partner. The integration with the JFrog Platform enables JFrog Xray data to be surfaced in Jira, making…
Got tool sprawl? Let’s consolidate.

Got tool sprawl? Let’s consolidate.

If you’re a developer, DevOps engineer, or security technician, you know the feeling of managing multiple tools at once. It’s a phenomenon so prevalent in software development that it has its own name, “tool sprawl,” and it can make it hard for teams to do their jobs efficiently. What causes tool sprawl? Problems caused by…
How a software supply chain platform streamlines DevOps best practices

How a software supply chain platform streamlines DevOps best practices

Today's software developers are tasked with a lot more than just coding. To keep up with the fast-paced software-driven economy, they need to focus on automation, collaboration, security, distribution, data analysis, and agility to ensure quality builds and get releases to customers quickly and securely. DevOps and security professionals need a centralized system of records…
From zero to breach in seconds: Why you need to focus on software supply chain security now

From zero to breach in seconds: Why you need to focus on software supply chain security now

The RSA Conference 2023 addressed several key issues and trends in the cybersecurity industry. Generative AI was a key topic of discussion, with attendees, executives and policymakers seeing its potential in both offense and defense in the cybersecurity arms race. The White House's National Cybersecurity Strategy was also a topic of conversation across panels and…
What is Platform Engineering?

What is Platform Engineering?

If DevOps is an approach to software development that emphasizes collaboration between Development and Operations teams, then Platform Engineering operationalizes that approach by creating a centralized platform that has specific sets of tools and processes. It’s the discipline of designing and building toolchains and workflows that enable self-service capabilities for software engineering organizations in a…
Software Supply Chain Security at RSA Conference 2023

Software Supply Chain Security at RSA Conference 2023

The risk of supply chain attacks increases as more companies rely on third-party vendors and suppliers for critical services and products. Supply chain attacks have become increasingly prominent in recent years. In 2022, for instance, supply chain attacks surpassed the number of malware-based attacks by 40%. These types of attacks involve targeting a company's suppliers,…