remote repositories Archives

SHARE:

GitHub Tried to Change the Checksum for Release Archives. You Should Start Hosting Your Own.

January 31, 2023

Yesterday, GitHub changed how the archives they provided are made. The result of this change surprised developers, triggering pipeline failures all over the world in most ecosystems. According to this GitHub post, this is a consequence of recent changes to Git itself, released almost six months ago and just deployed within GitHub now with unforeseen …

SHARE:

Scaling Software Supply Chains Securely

March 31, 2021

Software supply chains are mission-critical for digital businesses, and as global conditions accelerate the growth in contactless interactions and transactions, many organizations are reviewing how to solve the challenge of scaling the volume and velocity of their software development and release processes to meet the digital demand. The latest JFrog Platform release delivers a rich …

SHARE:

GitHub vs JFrog: Who Can do the Job for DevOps?

February 17, 2021

When you choose a product, you’re hiring it to do a job. You’ve put out the“Help Wanted” sign for DevOps, and choosing between two well-qualified prospects is high stakes. The hire you make can ensure the enterprise swiftly rises — or sinks. With JFrog and GitHub, you have two of the best candidates. Now judge …

SHARE:

Yet Another Case for Using Exclude Patterns in Remote Repositories: Namespace Shadowing (a.k.a. “Dependency Confusion”) Attack

February 08, 2021

Update: June 1, 2021. You asked, we delivered! Even easier protection against dependency confusion attacks! Read more — Going Beyond Exclude Patterns: Safe Repositories With Priority Resolution. TL;DR The npm Registry is vulnerable to supply chain namespace shadowing, also known as “Dependency Confusion” attacks. Make sure you create npm scoped packages and force exclude patterns. Long-time …

SHARE:

Improve Network Performance – Store Docker Images Locally with Artifactory

July 09, 2015

Goodbye network worries – hello remote Docker registries Docker Hub is an invaluable resource that you need on a regular basis, but as a remote resource, what do you do if it goes down or if there is an issue with the network? JFrog Artifactory is an intermediary between developers and Docker Hub and fully …

SHARE:

4 best practices in repository configuration

June 09, 2015

1. If you are using several technologies, (e.g. Nuget, Maven, NPM, PyPi etc..) define a unique repository for each of them. By doing that you are making sure that all of the build requests are directed to the right place rather than going to a repository that may not even have the necessary packages. 2. …

GitHub Tried to Change the Checksum for Release Archives. You Should Start Hosting Your Own.

Scaling Software Supply Chains Securely

GitHub vs JFrog: Who Can do the Job for DevOps?

Yet Another Case for Using Exclude Patterns in Remote Repositories: Namespace Shadowing (a.k.a. “Dependency Confusion”) Attack

Improve Network Performance – Store Docker Images Locally with Artifactory

4 best practices in repository configuration

Popular Tags