Build Info in Your VCS

Take control of your Security: How to use Build-Info in your VCS to track vulnerable versions

Tracking vulnerabilities and compliance requirements is essential for maintaining application security in any software project. However, this process can be time-consuming and complicated, especially as new issues are identified. Fortunately, the JFrog build-info provides a comprehensive solution by recording key information about your project’s build. With build-info, you can easily track vulnerable versions of your …

Collect and Manage your Binary Metadata using Build-Info

Collect and Manage your Binary Metadata using Build-Info

Our modern life depends on software from the most trivial to critical task. How software is built, behaves and what it actually contains are fundamental questions that almost all stakeholders of the Software Development Life Cycle (SDLC) need to know. Being able to effectively manage your binaries (aka software packages, artifacts, containers, images…) provides full …

JFrog’s Best DevSecOps Blogs of 2021

Always a concern for DevOps teams, security has now become a critical part of developing and releasing software – a reality reflected on the sharp increase in JFrog blogs about DevSecOps. In fact, we generated so many hard-hitting and instructive blogs about security and compliance in 2021 that we decided our DevSecOps coverage deserved its …

It’s Time to Get Hip to the SBOM

The DevOps, IT security and IT governance communities will remember 2021 as the year when the Software Bill of Materials, or SBOM, graduated from a “nice to have” to a “must have.”  Around for years, the SBOM has now become a critical DevSecOps piece, which everyone must thoroughly understand and incorporate into their SDLC (Software …

US Executive Order on Cybersecurity: What it Means for DevOps

The United States Government equates cybersecurity with national security.  That’s the crux of the recent Executive Order that will mandate that not only must software applications be vetted, but there will be upcoming regulations on providing all of the components that make up the software. As section 1 notes:  “prevention, detection, assessment, and remediation of …