In 2021, JFrog provided a steady stream of insightful articles about software release trends, DevOps best practices, JFrog innovations and more. Here we’ve selected what we consider the best posts of last year, in case you missed them or want to re-read them.
You’ll find primers on how our customers benefit from our trailblazing partnership with Docker, and from the U.S. Department of Defense’ Iron Bank certification for Artifactory and Xray. Several “How to” posts guide you through setting up a Maven/Gradle registry, managing Docker builds with JFrog CLI, and assessing and remediating the impact from the SolarWinds hack. You’ll also learn how the JFrog Platform compares with the ones from GitHub and GitLab, and how to protect yourself from “dependency confusion” attacks. And much more.
Let the reading begin!
- Our Groundbreaking Partnership with Docker Is a Boon for DevOps Teams
- US Executive Order on Cybersecurity: What it Means for DevOps
- How to set up a Private, Remote and Virtual Maven/Gradle Registry
- Manage Your Docker Builds with JFrog CLI in 5 Easy Steps!
- Automatically Assess and Remediate the SolarWinds Hack
- Yet Another Case for Using Exclude Patterns in Remote Repositories: Namespace Shadowing (a.k.a. “Dependency Confusion”) Attack
- GitHub vs JFrog: Who Can Do the Job for DevOps?
- GitLab vs JFrog: Who Has the Right Stuff?
- What’s New from JFrog: Binary Lifecycle Management at Scale
- Enable Multi-Site DevOps with Federated Repositories
- Delivering on Our Commitments to the Public Sector with Iron Bank Certification
We started 2021 with a bang – unveiling an agreement with Docker that has greatly benefited our customers and the DevOps community. The partnership exempts JFrog Platform users from Docker Hub’s image-pull rate limits. Having this unlimited, high-performant access from Artifactory to Docker Hub helps developers in many ways, including by simplifying cloud-native app development. Read the post by JFrog’s Developer Relations VP Stephen Chin to understand the agreement’s details and wide-ranging advantages.
When the White House issued its “Executive Order on Improving the Nation’s Cybersecurity,” JFrog CISO Moran Ashkenazi broke down its meaning and implications for DevOps teams. In particular, she explained the growing importance for organizations to have a software bill of materials (SBOM) for all of the software they release to their customers. Give her post a read and get the lowdown on this presidential order and the growing importance of protecting the software supply chain.
In an instructional “how to” post, JFrog Developer Advocate Batel Zohar walks us through the steps for setting up a free local, remote and virtual Maven/Gradle registry – in minutes – with Artifactory, Xray and Pipelines. You’ll end up with a simple way to manage and organize your Java dependencies, and reliable, secure and consistent access to them.
When a new version of the JFrog CLI added support for managing Docker builds, Batel crafted a post to explain the new capability to users of our command line interface. With clear, simple and precise instructions, she demonstrates how to use the Docker CLI commands to manage Docker builds in Artifactory and scan them using Xray – all in five easy steps.
The SolarWinds hack – a destructive supply chain attack – shook business, government and IT leaders, and put the spotlight on software development security. In this post, JFrog Solutions Architect Frank Zhu outlined how DevOps teams can use JFrog Platform to answer three critical questions about the attack: Am I impacted by the breach? Where am I impacted? How can I remediate the breached libraries/dependencies?
Yet Another Case for Using Exclude Patterns in Remote Repositories: Namespace Shadowing (a.k.a. “Dependency Confusion”) Attack
When it was disclosed that the npm registry is vulnerable to “dependency confusion” attacks – formally known as supply chain namespace shadowing attacks – JFrog’s Head of Developer Relations Baruch Sadogursky explained to our blog readers how to protect themselves: Make sure you create npm scoped packages and force exclude patterns. And in a subsequent Artifactory update – detailed by Baruch in this other post – JFrog made it even easier to prevent these attacks.
JFrog and GitHub – how do they compare? That’s the question Technical and Marketing Content Writer Gianni Truzzi set out to answer in this granular comparison of our platform against our worthy competitor’s. Find out how JFrog stacks up in categories including “Release Faster,” “Connect to Your Universe,” “Protect Your Business” and “Scale to Infinity.”
In this post, we again pit JFrog against a major competitor – this time GitLab. In this exhaustive comparison, key questions include: What’s the difference between a truly integrated DevOps platform and DevOps solutions portfolio? Why does DevOps success hinge on the management of binaries, not of source code? How does the maturity – or lackthereof – of a vendor’s DevOps solutions impact their effectiveness? Dive in and find out.
As it always does, SwampUP – JFrog’s flagship conference – yielded exciting and groundbreaking product announcements, all focused on helping customers accelerate and secure their software releases through end-to-end binary lifecycle management. In this roundup of SwampUP news, Product Marketing VP Jens Eckels highlights new features like Pipelines’ Signed Pipelines and Xray’s Dependency Scanning – and explains how they help you manage the lifecycle of your binaries at scale.
Recognizing that enterprise software development has become highly collaborative, with packages shared by geographically dispersed teams, JFrog added a new feature to Artifactory called Federated Repositories. As this post explains, this bidirectional repository mirroring technology is easy to set up and maintain, and continuously synchronizes a federated set of repositories across multiple sites.
JFrog achieved a significant milestone as a technology provider to the U.S. government when it received Iron Bank certification for Artifactory and Xray from the U.S. Department of Defense. Learn from this blog how our public sector customers and contractors benefit from having Artifactory and Xray included in Iron Bank, the DoD’s central repository of digitally-signed and hardened binary container images.