A routine cloud operations task should have a routine solution. Thatโs why weโve just made it a lot easier to install and maintain self-hosted instances of the JFrog DevOps Platform on AWS, through AWS CloudFormation. To further simplify the effort of self-hosting Artifactory and Xray on AWS, weโve just published a set of AWS CloudFormation โฆ
At JFrog, we rely on Kubernetes and Helm to orchestrate our systems and keep our workloads running and up-to-date. Our JFrog Cloud services had initially been deployed with Helm v2 and Tillerless plugin for enhanced security, but we have now successfully migrated our many thousands of releases to Helm v3. Like many SaaS service providers, โฆ
Note: The below post showcases the JFrog Platform Free Tier, which is currently limited for new sign-ups. In the meantime, we invite you to explore a fully-functional free trial. The JFrog Free subscription is a SaaS cloud offering of the JFrog DevOps Platform that provides software developers, DevOps Engineers, System Administrators and students a sandbox โฆ
When your organization becomes bigger, managing the users and groups lifecycle becomes a significant challenge. Your company grows rapidly, hiring new employees, and giving them access to more and more applications that your organization uses. This means that there are many employee-related actions that need to be taken when an employee changes their team, role, โฆ
A few months ago, I was asked if I wanted to develop an open-source Terraform provider. Eleanor Saitta, principal at Systems Structure Ltd, had a client who was setting up JFrog Xray across their Github repositories but didnโt want to configure each repository by hand. As an SRE who enjoys working on projects that automate โฆ
The simplest way to ensure the safety of all the open source (OSS) components used by your teams and sites, is with a software composition analysis (SCA) tool. You need an automated and reliable way to manage and keep track of your open source usage. With JFrog Xray, you can set up vulnerability and license โฆ
TL;DR Once my new projects are almost ready to share with the team and I can build and test them locally, Iโll need a CI automation tool to test and deploy each release. As a Principal Consultant at Declarative Systems, Iโve been recommending JFrog Artifactory to clients looking to bullet-proof their deployments since 2016. After โฆ
NeuraLegionโs VP Oliver Moradov takes us through how you can use JFrog and NeuraLegion to automate AppSec testing in your pipelines. The days of long release cycles are well and truly behind us โ it is simply not feasible in our agile development world, with developers delivering software and more features at an unprecedented scale โฆ
Recently, a novel supply chain attack was published by security researcher Alex Birsan, detailing how dependency confusion (or โnamesquattingโ) in package managers can be misused in order to execute malicious code on production and development systems. Background โ dependency confusion & Birsanโs attack In short, most package managers such as pip and npm do not โฆ
In a recent supply chain security assessment, the JFrog security research team (formerly Vdoo) analyzed multiple networking devices for security vulnerabilities and exposures. During the analysis we discovered and responsibly disclosed six major vulnerabilities in Realtekโs RTL8195A Wi-Fi module that these devices were based on. An attacker that exploits the discovered vulnerabilities can gain remote โฆ
