Prevent Inadvertent Software Supply Chain Exposures When Allowing Public Access to Private Registries

At JFrog, we’re serious about software supply chain security. As a CVE Numbering Authority, our JFrog Security Research team regularly discovers and discloses new malicious packages and vulnerabilities posing a threat to development organizations. We know that in order to deliver trusted software on demand, you must have a secure software supply chain — making …

JFrog’s Software Artifact State of the Union is Here! See What’s Actually Being Used in Software Technology Today

As software development becomes more complex, it’s important for IT and software leaders to stay up-to-date on the latest trends. Tools like Stack Overflow’s Developer Survey and the Tiobe Index can be helpful, but they rely on indirect data and don’t provide a full picture of what’s actually being used in production. JFrog’s Software Artifact …

What Is Artifactory? | JFrog

The modern software supply chain is complex. JFrog internal data shows that most enterprises use 12+ package types and 90 percent of applications depend on open source software. Additionally, there is a wide array of tools to support the software development process, including Source Code Managers (SCMs), Integrated Development Environments (IDEs), CI/CD suites, and more. …

Enterprise Package Management for Everyone

Suppose you asked developers in the mid-2000s how they managed and compiled their binaries. You’d probably hear some anxiety-inducing answers (e.g., storing packages in git repositories or insecure file stores). Thankfully, organizations currently have various options for managing their first or third-party packages, dependencies, and containers. Different tools offer different levels of package support and …

Deploy Iron Bank-Approved Artifactory/Xray on AWS GovCloud and RKE2

With Artifactory and Xray now included in the U.S. Department of Defense’s Iron Bank container repository, we’re eager to help you benefit from this accreditation. Today, we’ll explain how to deploy these hardened JFrog images on AWS GovCloud using Rancher Kubernetes Edition (RKE2.) Specifically, we’ll describe the installation and configuration of the Iron Bank-accredited Artifactory …

JFrog Cold Artifact Storage: Retention Policies for Your Binaries

With the trend towards smaller but more frequent software releases, your binaries and artifacts keep accumulating faster. Our enterprise customers each maintain an average of 20 million unique artifacts, adding 130% more each year. Eventually, a clutter of outdated binaries forms, and fInding the binaries you need becomes unwieldy, difficult, and confusing. Over time, your …

GitLab vs JFrog: Who Has the Right Stuff?

Like the historic space race, the competition to plant the flag of DevOps is blasting off which makes it an exciting moment for the community. According to market intelligence firm IDC, global business will invest $6.8 trillion in digital transformation by 2023. Yet research also suggests that 70 percent of them will fail to meet …

Update Repositories for PHP Composer v2 in JFrog Artifactory

If you’re among the nearly one in four professional developers using PHP (according to StackOverflow’s 2021 survey), then the maintainers of Composer would really like you to migrate from v1 of the PHP package manager to v2.  On October 24 2020, Composer 2.0.0 was released with some major improvements.Since almost eight out of every ten …

Steer OCI to Kubernetes with Artifactory and Helm 3

With the latest release of JFrog Artifactory, your Kubernetes world just got a lot bigger. Artifactory’s Docker registries are now compliant with the Open Container Initiative (OCI). Repository support for images compatible with OCI and support for the Helm 3 client mean you can run K8s with a high degree of versatility. Once you’re no …