Blog Home
Build Info in Your VCS

Take control of your Security: How to use Build-Info in your VCS to track vulnerable versions
August 29, 2023

Tracking vulnerabilities and compliance requirements is essential for maintaining application security in any software project. However, this process can be time-consuming and complicated, especially as new issues are identified. Fortunately, the JFrog build-info provides a comprehensive solution by recording key information about your project’s build. With build-info, you can easily track vulnerable versions of your …

Read More
Collect and Manage your Binary Metadata using Build-Info

Collect and Manage your Binary Metadata using Build-Info
February 08, 2023

Our modern life depends on software from the most trivial to critical task. How software is built, behaves and what it actually contains are fundamental questions that almost all stakeholders of the Software Development Life Cycle (SDLC) need to know. Being able to effectively manage your binaries (aka software packages, artifacts, containers, images…) provides full …

Read More

JFrog’s Best DevSecOps Blogs of 2021
January 13, 2022

Always a concern for DevOps teams, security has now become a critical part of developing and releasing software – a reality reflected on the sharp increase in JFrog blogs about DevSecOps. In fact, we generated so many hard-hitting and instructive blogs about security and compliance in 2021 that we decided our DevSecOps coverage deserved its …

Read More

It’s Time to Get Hip to the SBOM
August 24, 2021

The DevOps, IT security and IT governance communities will remember 2021 as the year when the Software Bill of Materials, or SBOM, graduated from a “nice to have” to a “must have.”  Around for years, the SBOM has now become a critical DevSecOps piece, which everyone must thoroughly understand and incorporate into their SDLC (Software …

Read More

Signed Pipelines Build Trust in your Software Supply Chain
May 27, 2021

Trust isn’t given, it’s earned. As the Russian proverb advises, Доверяй, но проверяй — or as U.S. President Ronald Reagan liked to repeat, “Trust, but verify.” We designed JFrog Pipelines to securely support a large number of teams, applications, users and thousands of pipelines. The latest release brings an industry-first verification capability to Pipelines that …

Read More

US Executive Order on Cybersecurity: What it Means for DevOps
May 21, 2021

The United States Government equates cybersecurity with national security.  That’s the crux of the recent Executive Order that will mandate that not only must software applications be vetted, but there will be upcoming regulations on providing all of the components that make up the software. As section 1 notes:  “prevention, detection, assessment, and remediation of …

Read More

GitHub vs JFrog: Who Can do the Job for DevOps?
February 17, 2021

When you choose a product, you’re hiring it to do a job. You’ve put out the“Help Wanted” sign for DevOps, and choosing between two well-qualified prospects is high stakes. The hire you make can ensure the enterprise swiftly rises — or sinks. With JFrog and GitHub, you have two of the best candidates. Now judge …

Read More

Popular Tags