JFrog’s Best DevSecOps Blogs of 2021

Always a concern for DevOps teams, security has now become a critical part of developing and releasing software – a reality reflected on the sharp increase in JFrog blogs about DevSecOps. In fact, we generated so many hard-hitting and instructive blogs about security and compliance in 2021 that we decided our DevSecOps coverage deserved its …

It’s Time to Get Hip to the SBOM

The DevOps, IT security and IT governance communities will remember 2021 as the year when the Software Bill of Materials, or SBOM, graduated from a “nice to have” to a “must have.”  Around for years, the SBOM has now become a critical DevSecOps piece, which everyone must thoroughly understand and incorporate into their SDLC (Software …

Signed Pipelines Build Trust in your Software Supply Chain

Trust isn’t given, it’s earned. As the Russian proverb advises, Доверяй, но проверяй — or as U.S. President Ronald Reagan liked to repeat, “Trust, but verify.” We designed JFrog Pipelines to securely support a large number of teams, applications, users and thousands of pipelines. The latest release brings an industry-first verification capability to Pipelines that …

US Executive Order on Cybersecurity: What it Means for DevOps

The United States Government equates cybersecurity with national security.  That’s the crux of the recent Executive Order that will mandate that not only must software applications be vetted, but there will be upcoming regulations on providing all of the components that make up the software. As section 1 notes:  “prevention, detection, assessment, and remediation of …