banner background banner background
JFrog banner JFrog banner
  • Products
  • Solutions
  • Pricing
  • Developers
  • Resources
  • Partners
  • Discover Our Partner Ecosystem >
  • Find a JFrog Partner >
  • Explore Partner Integrations >
  • Community >
  • Documentation >
  • Integrations >
  • Applications >
Use Case
  • Cloud Solutions
    • Flexible Cloud Deployment Solutions
  • AI/ML
    • Model Lifecycle Management (MLOps)
    • Data Engineering & Feature Management (DataOps)
    • AI/ML Development and Deployment
    • MLSecOps
  • DevOps
    • Artifact Management
    • Tool Consolidation
    • Release Lifecycle Management
  • DevSecOps
    • Holistic Software Supply Chain Security
    • Curate Open-Source Packages
    • Source Code Scanning (SAST)
    • Software Composition Analysis (SCA)
    • Secrets Detection
    • Infrastructure as Code (IaC) Security
  • Device/IoT
    • Connected Device Management
Integrations
  • GitHub >
  • NVIDIA >
  • Docker >
  • Maven >
  • See all integrations >
Industry
  • Financial Services >
  • Public Sector >
  • Technology >
  • Healthcare >
  • Gaming >
  • Automotive >
  • Enterprise >
Learning & Guides
  • JFrog Help Center >
  • Demo Center >
  • Security Research >
  • JFrog Academy >
  • Events >
  • Webinars & Workshops >
  • DevOps Consulting Services >
  • JFrog Certifications >
  • Software Supply Chain Topics >
Collateral
  • Resource Center >
  • JFrog Blog >
  • Customer Stories >
  • State of the Union Report >
Customer Zone
  • Support >
    Customer support, tickets and community
  • Manage & Troubleshoot >
    Renew, retrieve licenses, legal and more
  • MyJFrog >
    Cloud customer portal
  • Cloud Status >
    Service status & event subscription
  • JFrog Trust >
    How we protect you & your data
The JFrog Platform
Deliver Trusted Software with Speed

The only software supply chain platform to give you end-to-end visibility, security, and control for automating delivery of trusted releases. Bring together DevOps, DevSecOps and MLOps teams in a single source of truth.
View Platform
DevOps
JFrog Artifactory
Universal Artifact & ML Model Repository Manager
JFrog Distribution
Secure Distribution Across Consumption Points
JFrog Connect
IoT Device Management with DevOps Agility
DevSecOps
JFrog Curation
Seamlessly Curate Software Packages & ML Models
JFrog Security Essentials (Xray)
Integrated SCA for Software & AI Artifacts
JFrog Advanced Security
Supply Chain Exposure Scanning & Impact Analysis
JFrog Runtime
Real-time visibility into runtime vulnerabilities
AI/ML
JFrog ML
Build, Train, Secure, Deploy, Serve and Monitor ML Models and GenAI
Contact UsStart Free
  • Products
    The JFrog Platform
    Deliver Trusted Software with Speed

    The only software supply chain platform to give you end-to-end visibility, security, and control for automating delivery of trusted releases. Bring together DevOps, DevSecOps and MLOps teams in a single source of truth.
    View Platform
    • DevOps

      • JFrog Artifactory
        Universal Artifact & ML Model Repository Manager
      • JFrog Distribution
        Secure Distribution Across Consumption Points
      • JFrog Connect
        IoT Device Management with DevOps Agility
    • DevSecOps

      • JFrog Curation
        Seamlessly Curate Software Packages & ML Models
      • JFrog Security Essentials (Xray)
        Integrated SCA for Software & AI Artifacts
      • JFrog Advanced Security
        Supply Chain Exposure Scanning & Impact Analysis
      • JFrog Runtime
        Real-time visibility into runtime vulnerabilities
    • AI/ML

      • JFrog ML
        Build, Train, Secure, Deploy, Serve and Monitor ML Models and GenAI
  • Solutions
    • Use Case
      • Cloud Solutions
        • Flexible Cloud Deployment Solutions
      • AI/ML
        • Model Lifecycle Management (MLOps)
        • Data Engineering & Feature Management (DataOps)
        • AI/ML Development and Deployment
        • MLSecOps
      • DevOps
        • Artifact Management
        • Tool Consolidation
        • Release Lifecycle Management
      • DevSecOps
        • Holistic Software Supply Chain Security
        • Curate Open-Source Packages
        • Source Code Scanning (SAST)
        • Software Composition Analysis (SCA)
        • Secrets Detection
        • Infrastructure as Code (IaC) Security
      • Device/IoT
        • Connected Device Management
    • Integrations
      • GitHub
      • NVIDIA
      • Docker
      • Maven
      • See all integrations
    • Industry
      • Financial Services
      • Public Sector
      • Technology
      • Healthcare
      • Gaming
      • Automotive
      • Enterprise
  • Pricing
  • Developers
      • Community
      • Documentation
      • Integrations
      • Applications
  • Resources
    • Learning & Guides
      • JFrog Help Center
      • Demo Center
      • Security Research
      • JFrog Academy
      • Events
      • Webinars & Workshops
      • DevOps Consulting Services
      • JFrog Certifications
      • Software Supply Chain Topics
    • Collateral
      • Resource Center
      • JFrog Blog
      • Customer Stories
      • State of the Union Report
    • Customer Zone
      • Support
        Customer support, tickets and community
      • Manage & Troubleshoot
        Renew, retrieve licenses, legal and more
      • MyJFrog
        Cloud customer portal
      • Cloud Status
        Service status & event subscription
      • JFrog Trust
        How we protect you & your data
  • Partners
      • Discover Our Partner Ecosystem
      • Find a JFrog Partner
      • Explore Partner Integrations
Blog Home

Feeling secure with Bintray downloads

jbaruch

By jbaruch April 30, 2021

2 min read

SHARE:

UPDATE: As of May 1, 2021 Bintray services will no longer be available (ConanCenter and JCenter are not affected) for more information read the Centers Deprecation Blog

Remember our take on .asc files? The thing is, digital certificates alone cannot guarantee the identity of someone. To fully trust someone there needs to exist a reliable Web of Trust (WoT) that leaves little to no doubt that the signer is who he claims to be.

So what’s the solution then? Use Bintray as a decentralized source of trust to validate the author’s public web identity in order to verify that he is who you think he is. Once this identity can be recognized, it can be used to decide whether the packages the user has signed, and which you are about to download deserve your trust or not.

But what is a “web identity” and how can you trust it? If we are talking about developers, it will probably be their Twitter account, GitHub account (and, maybe others like Google+, Bitbucket, etc.). And how you can be sure that the author is not listing a fake profile? By using OAuth.

You can authorize your Bintray profile with Twitter, GitHub and Google+ and provide your users with the confidence that the files they download come from who you claim to be:

Authorize social accounts in Bintray profile

Once your profile is authorized (the authorized profiles are clearly marked on your Bintray author page with checkboxes, as in the screenshot below), the users of your repositories and packages can validate your identity by peeking at your page in the social networks themselves.

Social Accounts Verified in Bintray

We, at JFrog, believe that information is power, and the more info you have about the libraries and their authors, the better decisions you’ll make about whether to trust them or not!

Tags: user profile web of trust security

SHARE:

Sign up for blog updates

Popular Tags

  • CI/CD
  • Artifactory
  • Best Practices
  • DevOps
  • Xray

Train and Learn with the Best in DevOps, DevSecOps, Al, and MLOps!

Register now
Take the Quantum Shift.

Products
  • Artifactory
  • Xray
  • Curation
  • Distribution
  • Container Registry
  • Connect
  • JFrog ML
  • JFrog Platform
  • Start Free
Resources
  • Blog
  • Security Research
  • Events
  • Integrations
  • JFrog Help Center
  • Software Supply Chain Topics
  • Open Source
  • JFrog Trust
  • Compare JFrog
Company
  • About
  • Management
  • Investor Relations
  • Partners
  • Customers
  • Careers
  • Press
  • Contact Us
  • Brand Guidelines
Developer
  • Community
  • Downloads
  • Community Events
  • Community Forum
  • Applications
Follow Us
© 2025 JFrog Ltd All Rights Reserved
Discover More
  • Software Distribution Solution
  • What is a Software Supply Chain?
  • Discovering DevOps Community
JFrog Logo
Terms of Use | Privacy Notice | Cookies Policy |
Privacy Options Cookies Settings
| Accessibility Notice | Accessibility Mode

Success

Your action was successful

Oops... Something went wrong

Please try again later

Information

frog hand

Modal Message

US Flag
Click Here
JFrog Logo
Chinese Flag
请点这里