Shift Your IDE Left With Xray Plugins

Forewarned is forearmed,” cautions the old proverb, and that truth coined in the 16th century is even more apt for DevSecOps in the 21st. The earlier you know about vulnerabilities, the better you can avoid making them part of your software. That’s the same principle behind a “Shift Left” DevSecOps strategy. Rather than waiting for … Continued

Top 10 Reasons Why You Need JFrog Enterprise+

  More and more companies rely on software to provide value to their customers through product or service updates, websites, mobile apps and more. Whether large or small, these companies can be in any industry segment such as financial, retail, manufacturing or healthcare. To keep providing value through software,  you need to continuously develop new … Continued

JFrog Xray and NeuVector

Delivering Shift-Left Security with NeuVector and JFrog Xray

Bringing Kubernetes app security insights to developers This post is co-authored by Craig Peters of JFrog and Henrik Rosendahl of NeuVector and is also cross-posted on the NeuVector blog. Kubernetes, the container and orchestration tool favored by enterprises, provides great benefit in automating many aspects of application deployment at scale. But, like any emerging technology, … Continued


Content-Driven Component Analysis

JFrog Xray was first released one year ago. Our first post about it highlighted what makes Xray more than just another security scanning tool. Over the last year, we have introduced more differentiating features like download blocking, integration with more security vulnerability providers like Aqua Security, BlackDuck, and integration with your CI/CD pipeline to keep your builds … Continued


Best Practices for Installing JFrog Xray

JFrog first released Xray in July 2016, and the response was phenomenal. Customers were very excited about the ability to hook up their Artifactory repositories and have Xray automatically do a deep recursive scan of their artifacts to weed out issues and vulnerabilities. Now, after several months, with the diverse experience and feedback from the many customers … Continued

The 5 Big DevOps Changes to Expect in 2017

Thoughts from the CEO desk 2017 started off with a DevOps bang; an enormous amount of capital was poured into DevOps technology companies by VCs, and larger-scale adoption of tools and methodologies was approved in this year’s IT budgets with the recognition that DevOps is a “must-have”. These changes follow a Gartner Report from 2016 … Continued


Xray and Aqua Keeping Your Containers in Safe Waters

While Docker has become all the rage, it is still a relatively new technology in the market. Many companies have introduced it into their organizations, but relatively few have taken Docker to production. One of the reasons is the security risk inherent in running a large set of containers, often based on open source code, … Continued


Sweet Dreams with Open Source Licensing

Has your release ever been held up due to open source licensing issues? Here’s a true story. In one of my previous jobs, the company I was working at was acquired by an industry monolith. It was a dream-come-true for this startup. There was cheering, happy smiling faces in the corridor, and much revelry. A … Continued

Blocking Downloads with Artifactory and Xray

Nobody wants to get sick, so we’ll wear jackets when it gets cold, take our vitamin C and avoid going out in the snow with wet hair. We all do different things to stay clear of nasty viruses and bacteria because we know that the loss in productivity and efforts we’ll have to make to … Continued


JFrog Xray – not just another security vulnerabilities scanner. We have just officially launched JFrog Xray, and were already asked by customers why we think JFrog Xray should be used instead of $YOUR_FAVORITE_SECURITY_SCANNING_TOOL. Is Xray like Black Duck? Maybe it’s like Docker Security Scanning? Maybe it’s similar to Sonatype Nexus Component Intelligence? Before getting into … Continued