Welcome to the JFrog Blog

Pulling All Your Kubernetes Cluster Images from a Private Artifactory Registry

Pulling All Your Kubernetes Cluster Images from a Private Artifactory Registry

There are many benefits to working with JFrog Artifactory as your private Docker registry, allowing you to store, share and deploy your binary artifacts in a single source of truth. This blog post will focus on using Artifactory in Kubernetes. Specifically, we’ll walk through the steps for configuring Kubernetes to pull images from Artifactory and…
Log4j Vulnerability Alert: 100s of Exposed Packages Uncovered in Maven Central

Log4j Vulnerability Alert: 100s of Exposed Packages Uncovered in Maven Central

The high risk associated with newly discovered vulnerabilities in the highly popular Apache Log4j library - CVE-2021-44228 (also known as Log4Shell) and CVE-2021-45046 - has led to a security frenzy of unusual scale and urgency. Developers and security teams are pressed to investigate the impact of  Log4j vulnerabilities on their software, revealing multiple technical challenges…
Log4j Detection with JFrog OSS Scanning Tools

Log4j Detection with JFrog OSS Scanning Tools

The discovery of the Log4Shell vulnerability in the ubiquitous Apache Log4j package is a singular event in terms of both its impact and severity. Over 1 million attack attempts exploiting the Log4Shell vulnerability were detected within days after it was exposed, and it may take years before we see its full impact. While it's hard…
Catching Log4j in the Wild: Find, Fix and Fortify

Catching Log4j in the Wild: Find, Fix and Fortify

At many organizations, the surprise discovery that the widely used Apache log4j open source software has harbored a longtime critical vulnerability was as if Scrooge and the Grinch had teamed up for the biggest holiday heist of all. Incident response teams across the globe have scrambled to remediate thousands, if not millions of applications. “For…
Create Your Software Distribution “Fast Lane” with Distribution Edges

Create Your Software Distribution “Fast Lane” with Distribution Edges

Accelerating software distribution is a critical part of the modern DevOps stack. Modern application development has created new challenges around distribution at scale, leading organizations to rethink their software distribution infrastructure. JFrog Distribution enables enterprises to easily create their fast, scalable converged software distribution infrastructure by combining two components that can be deployed in multi-tier,…
Rethinking Your Software Distribution Infrastructure

Rethinking Your Software Distribution Infrastructure

Accelerating software distribution is a critical part to enabling enterprise delivery at scale. Throughout the SDLC processes, we’re required to continuously distribute software packages -- either to remote development teams as part of CI cycles, to production environments or devices for deployments, or for public downloads by your developers or partners ecosystem. The key attributes…
Log4j Log4Shell Vulnerability Q&A

Log4j Log4Shell Vulnerability Q&A

In our recent webinar, Log4j Log4Shell Vulnerability Explained: All You Need To Know, our  Senior Director Security Research expert Shachar Menashe shared information on the security issue and how to detect and remediate it. We are happy to share additional information in the following Q&A, based on the questions raised during the webinar. The Log4j…
Your Log4shell Remediation Cookbook Using the JFrog Platform

Your Log4shell Remediation Cookbook Using the JFrog Platform

UPDATED 1/14/2022: Added information on JFrog tool to patch Docker images in Artifactory repositories. Last week, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java (specifically, the 2.x branch called Log4j2). The vulnerability was originally discovered and reported to…
swampUP 2022 CFP Now Open

swampUP 2022 CFP Now Open

We are very excited to announce that the call for paper (CFP) for JFrog’s annual user conference, swampUP 2022 is now open! The CFP is open from December 15 - February 1, 2022. This is your opportunity to share your knowledge with a community of developers, DevOps engineers, security professionals, SREs, IT leaders, and more!…