JFrog’s Best DevOps Blogs of 2021

In 2021, JFrog provided a steady stream of insightful articles about software release trends, DevOps best practices, JFrog innovations and more. Here we’ve selected what we consider the best posts of last year, in case you missed them or want to re-read them.

You’ll find primers on how our customers benefit from our trailblazing partnership with Docker, and from the U.S. Department of Defense’ Iron Bank certification for Artifactory and Xray.  Several “How to” posts guide you through setting up a Maven/Gradle registry, managing Docker builds with JFrog CLI, and assessing and remediating the impact from the SolarWinds hack. You’ll also learn how the JFrog Platform compares with the ones from GitHub and GitLab, and how to protect yourself from “dependency confusion” attacks. And much more.

Let the reading begin!

  1. Our Groundbreaking Partnership with Docker Is a Boon for DevOps Teams
  2. US Executive Order on Cybersecurity: What it Means for DevOps
  3. How to set up a Private, Remote and Virtual Maven/Gradle Registry
  4. Manage Your Docker Builds with JFrog CLI in 5 Easy Steps!
  5. Automatically Assess and Remediate the SolarWinds Hack
  6. Yet Another Case for Using Exclude Patterns in Remote Repositories: Namespace Shadowing (a.k.a. “Dependency Confusion”) Attack
  7. GitHub vs JFrog: Who Can Do the Job for DevOps?
  8. GitLab vs JFrog: Who Has the Right Stuff?
  9. What’s New from JFrog: Binary Lifecycle Management at Scale
  10. Enable Multi-Site DevOps with Federated Repositories
  11. Delivering on Our Commitments to the Public Sector with Iron Bank Certification


Our Groundbreaking Partnership with Docker Is a Boon for DevOps Teams

We started 2021 with a bang – unveiling an agreement with Docker that has greatly benefited our customers and the DevOps community. The partnership exempts JFrog Platform users from Docker Hub’s image-pull rate limits. Having this unlimited, high-performant access from Artifactory to Docker Hub helps developers in many ways, including by simplifying cloud-native app development. Read the post by JFrog’s Developer Relations VP Stephen Chin to understand the agreement’s details and wide-ranging advantages.



US Executive Order on Cybersecurity: What it Means for DevOps

When the White House issued its “Executive Order on Improving the Nation’s Cybersecurity,” JFrog CISO Moran Ashkenazi broke down its meaning and implications for DevOps teams. In particular, she explained the growing importance for organizations to have a software bill of materials (SBOM) for all of the software they release to their customers. Give her post a read and get the lowdown on this presidential order and the growing importance of protecting the software supply chain.


How to set up a Private, Remote and Virtual Maven/Gradle Registry

In an instructional “how to” post, JFrog Developer Advocate Batel Zohar walks us through the steps for setting up a free local, remote and virtual Maven/Gradle registry – in minutes – with Artifactory, Xray and Pipelines. You’ll end up with a simple way to manage and organize your Java dependencies, and reliable, secure and consistent access to them.

Manage Your Docker Builds with JFrog CLI in 5 Easy Steps!

When a new version of the JFrog CLI added support for managing Docker builds, Batel crafted a post to explain the new capability to users of our command line interface. With clear, simple and precise instructions, she demonstrates how to use the Docker CLI commands to manage Docker builds in Artifactory and scan them using Xray – all in five easy steps.



Automatically Assess and Remediate the SolarWinds Hack

The SolarWinds hack – a destructive supply chain attack – shook business, government and IT leaders, and put the spotlight on software development security. In this post, JFrog Solutions Architect Frank Zhu outlined how DevOps teams can use JFrog Platform to answer three critical questions about the attack: Am I impacted by the breach? Where am I impacted? How can I remediate the breached libraries/dependencies?



Yet Another Case for Using Exclude Patterns in Remote Repositories: Namespace Shadowing (a.k.a. “Dependency Confusion”) Attack

When it was disclosed that the npm registry is vulnerable to “dependency confusion” attacks – formally known as supply chain namespace shadowing attacks – JFrog’s Head of Developer Relations Baruch Sadogursky explained to our blog readers how to protect themselves: Make sure you create npm scoped packages and force exclude patterns. And in a subsequent Artifactory update – detailed by Baruch in this other post – JFrog made it even easier to prevent these attacks.


GitHub vs JFrog: Who Can Do the Job for DevOps?

JFrog and GitHub – how do they compare? That’s the question Technical and Marketing Content Writer Gianni Truzzi set out to answer in this granular comparison of our platform against our worthy competitor’s. Find out how JFrog stacks up in categories including “Release Faster,” “Connect to Your Universe,” “Protect Your Business” and “Scale to Infinity.”



GitLab vs JFrog: Who Has the Right Stuff?

In this post, we again pit JFrog against a major competitor – this time GitLab. In this exhaustive comparison, key questions include: What’s the difference between a truly integrated DevOps platform and DevOps solutions portfolio? Why does DevOps success hinge on the management of binaries, not of source code? How does the maturity – or lackthereof – of a vendor’s DevOps solutions impact their effectiveness? Dive in and find out.



What’s New from JFrog: Binary Lifecycle Management at Scale

As it always does, SwampUP – JFrog’s flagship conference – yielded exciting and groundbreaking product announcements, all focused on helping customers accelerate and secure their software releases through end-to-end binary lifecycle management. In this roundup of SwampUP news, Product Marketing VP Jens Eckels highlights new features like Pipelines’ Signed Pipelines and Xray’s Dependency Scanning – and explains how they help you manage the lifecycle of your binaries at scale.

(Diagram for Signed Pipelines)


Enable Multi-Site DevOps with Federated Repositories

Recognizing that enterprise software development has become highly collaborative, with packages shared by geographically dispersed teams, JFrog added a new feature to Artifactory called Federated Repositories. As this post explains, this bidirectional repository mirroring technology is easy to set up and maintain, and continuously synchronizes a federated set of repositories across multiple sites.



Delivering on Our Commitments to the Public Sector with Iron Bank Certification

JFrog achieved a significant milestone as a technology provider to the U.S. government when it received Iron Bank certification for Artifactory and Xray from the U.S. Department of Defense. Learn from this blog how our public sector customers and contractors benefit from having Artifactory and Xray included in Iron Bank, the DoD’s central repository of digitally-signed and hardened binary container images.