Attack on Docker Hub

JFrog Security research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories

As key parts of the software ecosystem, and as partners, JFrog and Docker are working together to strengthen the software ecosystem. Part of this effort by JFrog’s security research team involves continuous monitoring of open-source software registries in order to proactively identify and address potential malware and vulnerability threats. In former publications, we have discussed …

How to set up private remote and virtual Docker registry

How to set up a Private, Remote and Virtual Docker Registry

The simplest way to manage and organize your Docker images is with a Docker registry. You need reliable, secure, consistent and efficient access to your Docker images that’s shared across your team in a central location, including a place to set up multiple registries that work transparently with the Docker client. There are three different …

What's New in JFrog Artifactory and Xray

What’s New with JFrog Artifactory and Xray

TL;DR Get the latest on self-hosted Docker rate limits, cutting through violation noise and new package type support. Without doubt, 2020 has been one of the most challenging years for everyone in recent history, but especially for those in the world of DevOps. JFrog has strived to continue developing and innovating at the same pace, …

Steer OCI to Kubernetes with Artifactory and Helm 3

With the latest release of JFrog Artifactory, your Kubernetes world just got a lot bigger. Artifactory’s Docker registries are now compliant with the Open Container Initiative (OCI). Repository support for images compatible with OCI and support for the Helm 3 client mean you can run K8s with a high degree of versatility. Once you’re no …

ArtifactoryDocker123Feature

Artifactory Pro in Docker Easy as 1-2-3

With the new Artifactory 5.x, you can spin up an instance of Artifactory Pro in Docker in an instant! 1. On Mac or Linux, run the following command $ curl -L ‘https://bintray.com/api/v1/content/jfrog/run/art-compose/$latest/art-compose?bt_package=art-compose’ | sudo bash 2. Point your browser to https://<server>/artifactory/ and complete the onboarding wizard. 3. Start using Artifactory! NOTE: Data volumes on the host are …

The 5 Big DevOps Changes to Expect in 2017

Thoughts from the CEO desk 2017 started off with a DevOps bang; an enormous amount of capital was poured into DevOps technology companies by VCs, and larger-scale adoption of tools and methodologies was approved in this year’s IT budgets with the recognition that DevOps is a “must-have”. These changes follow a Gartner Report from 2016 …

xray_aqua_280x215

Xray and Aqua Keeping Your Containers in Safe Waters

While Docker has become all the rage, it is still a relatively new technology in the market. Many companies have introduced it into their organizations, but relatively few have taken Docker to production. One of the reasons is the security risk inherent in running a large set of containers, often based on open source code, …

Docker-Build-Info280x215

Whale Parts in Your Docker Registry

There are many good reasons why you would set up a private Docker registry in Artifactory to manage your Docker images. One of them is the ability to promote images, letting you easily move and copy images from one repository to another in your CI/CD pipeline while setting different access privileges. Another is Artifactory’s universal …

ArtiDockerReg

5 Things You Should Know About Docker Registries in Artifactory

As a universal artifact repository manager, Artifactory is, among other things, a fully fledged Docker registry. In addition to storing and managing Docker images, Artifactory also offers extensive integration with your CI pipeline, supports authentication through external providers, high availability, massively scalable storage and is constantly updated to support the latest Docker client version and …

Taking Docker to Production with Confidence

Many organizations developing software today use Docker in one way or another. If you go to any software development or DevOps conference and ask a big crowd of people “Who uses Docker?”, most people in the room will raise their hands. But if you now ask the crowd, “Who uses Docker in production?”, most hands …