Great news for developers who leverage containers — JFrog has expanded its support for the OCI Container standard with dedicated OCI repositories! Before we touch on that, let’s do a quick recap on OCI containers for those unfamiliar with them outside the context of Docker. What are OCI containers? Containers are a lightweight and portable …
If you’re building apps to run on Kubernetes, chances are you’re using Helm. If you fall into that category, we have good news for you: Helm users will now benefit from JFrog Artifactory’s support of Helm OCI registries in JFrog Artifactory. JFrog’s expanded Helm OCI support Since the release of Helm v3.8.0, the Helm client …
UPDATE: As of swampUP 2023, Release Lifecycle Management includes the ability to create Xray policies to block promotion and/or distribution of Release Bundles that contain malicious packages, CVEs, etc. Read on for more information about Release Lifecycle Management. Every organization has a process for building and releasing software. Smaller organizations may run a few automated …
Amazon Elastic Kubernetes Service — or Amazon EKS — is a managed service that enables you to run Kubernetes on AWS without having to manage your own Kubernetes clusters. The JFrog Platform is available on AWS, making it super simple to deploy applications reliably and predictably, scale them quickly, roll out new features easily, and …
If DevOps is an approach to software development that emphasizes collaboration between Development and Operations teams, then Platform Engineering operationalizes that approach by creating a centralized platform that has specific sets of tools and processes. It’s the discipline of designing and building toolchains and workflows that enable self-service capabilities for software engineering organizations in a …
At JFrog, we’re serious about software supply chain security. As a CVE Numbering Authority, our JFrog Security Research team regularly discovers and discloses new malicious packages and vulnerabilities posing a threat to development organizations. We know that in order to deliver trusted software on demand, you must have a secure software supply chain — making …
As software development becomes more complex, it’s important for IT and software leaders to stay up-to-date on the latest trends. Tools like Stack Overflow’s Developer Survey and the Tiobe Index can be helpful, but they rely on indirect data and don’t provide a full picture of what’s actually being used in production. JFrog’s Software Artifact …
Yesterday, GitHub changed how the archives they provided are made. The result of this change surprised developers, triggering pipeline failures all over the world in most ecosystems. According to this GitHub post, this is a consequence of recent changes to Git itself, released almost six months ago and just deployed within GitHub now with unforeseen …
The modern software supply chain is complex. JFrog internal data shows that most enterprises use 12+ package types and 90 percent of applications depend on open source software. Additionally, there is a wide array of tools to support the software development process, including Source Code Managers (SCMs), Integrated Development Environments (IDEs), CI/CD suites, and more. …
Suppose you asked developers in the mid-2000s how they managed and compiled their binaries. You’d probably hear some anxiety-inducing answers (e.g., storing packages in git repositories or insecure file stores). Thankfully, organizations currently have various options for managing their first or third-party packages, dependencies, and containers. Different tools offer different levels of package support and …
