A potential security risk in the npm ecosystem known as “manifest confusion” has recently been spotlighted in a blog post by Darcy Clarke, a former Staff Engineering Manager at GitHub. Clarke mentioned that JFrog Artifactory seems to replicate this issue, so of course we investigated it right away. In this post, we will explain what …
We all know that artifact management is an important part of our development lifecycle, and if you’re using Jenkins you’ll also need to store your builds and binaries. In the world of DevOps, efficient integration and management of artifacts and dependencies are crucial for successful software delivery. Together, Jenkins and JFrog Artifactory offer a powerful …
Are you tired of using security tools that generate endless results, making it impossible to identify actual risks? Do you struggle with inefficient prioritization due to a lack of context, making the process of assessing and remediating vulnerabilities a time-consuming nightmare? Look no further than JFrog’s Contextual Analysis, available as part of the “jf audit” …
In today’s software development world, developers rely on numerous types of secrets (credentials), to facilitate seamless interaction between application components. As modern applications become more complex and require authentication for services and dependencies, the practice of hardcoding secrets during software development is on the rise. The most common types of credentials are: Application Program Interface …
Note: This blog post was previously published on InfoWorld For DevOps, 2023 is the year to reduce tool sprawl and start tool consolidation efforts. Sprawl is often seen as a natural result of the flexibility and empowerment of dev teams to choose their own tools, but organizations now understand the need for a single, streamlined system. …
There are many ways bad actors try to infiltrate and exploit companies, including by gaining access to your internal network and the applications connected to it. With more organizations adopting products in the cloud, or at the very least connected to the internet, addressing this potential attack vector is an important element of any security …
JFrog’s DevOps and DevSecOps user conference is a unique and inspiring in-person event. Here’s why you don’t want to miss it! Wednesday, September 13 | San Jose, California Get lessons learned on how industry-leading companies are approaching their DevOps and DevSecOps challenges – with fellow practitioners that have implemented large scale solutions. Including companies such …
As the prevalence of containers continues to expand, managing the push and pull of containers without an enterprise-grade container registry is unwieldy. Many companies utilize JFrog Artifactory as a Docker and Helm registry, but also utilize Docker Desktop strategically to manage their container services. The goal of this blog is to show you how to …
Atlassian has long been helping agile teams collaborate, track progress, and manage projects more efficiently, and is now simplifying software security for Jira Software Cloud users. We’re excited to announce that JFrog has joined Atlassian as a security partner. The integration with the JFrog Platform enables JFrog Xray data to be surfaced in Jira, making …
If you’re a developer, DevOps engineer, or security technician, you know the feeling of managing multiple tools at once. It’s a phenomenon so prevalent in software development that it has its own name, “tool sprawl,” and it can make it hard for teams to do their jobs efficiently. What causes tool sprawl? Problems caused by …
