Browse by category or alphabetically, and access in-depth articles on key software supply chain topics—from languages and libraries to package managers, toolchains, and security practices.
Access control defines and enforces who can access or modify digital resources to protect data and ensure compliance.
Learn MoreAPI security mitigates attackers' abuse of an Application Programming Interface to disrupt systems or steal data.
Learn MoreApplication security refers to the measures taken to protect software applications from threats and vulnerabilities.
Learn MoreApplication Security Testing (AST) identifies, reports, and detects vulnerabilities in software applications throughout the SDLC.
Learn MoreA backdoor attack is a technique used by threat actors to create a hidden entry point into an application or environment.
Learn MoreThe file that results from compiling your code, if written in a language that is compiled rather than interpreted.
Learn MoreA tool that allows you to organize your compiled binaries into repositories, just as you organize your source code into repositories.
Learn MoreAs a verb, to compile your source code into an executable binary. As a noun, a version of your application as an executable binary.
Learn MoreCI/CD streamlines and automates the process of integrating, testing, and delivering code changes to applications.
Learn MoreA CI/CD pipeline helps Machine Learning teams achieve rapid and reliable updates of models in production.
Learn MoreCode signing is a cryptographic process that uses a digital signature to confirm a software artifact’s origin and integrity.
Learn MoreA compiler translates an application written in a higher-level programming language into a lower-level language so it can be executed.
Learn MoreA virtualized operating system environment that includes an application and its dependencies, helping it run anywhere it's deployed.
Learn MoreContainer runtime security is a component of application security, helping to detect/mitigate issues that impact running containers.
Learn MoreA philosophy that your software updates should be continuously delivered to the target, although deployment to the user is still...
Learn MoreLike Continuous Delivery, a philosophy that your software updates should be continuously delivered to the target. However, Continuous...
Learn MoreEnabled by a Continuous Integration tool like JFrog Pipelines, merging all developers’ working codebase with the source, multiple...
Learn MoreContract testing is a type of software testing that evaluates interactions between software services. It...
Learn MoreCloud environments typically include a large number of diverse workloads running across multiple cloud services, with thousands of human...
Learn MoreCommon Vulnerabilities and Exposures (CVE) are a dictionary of unique identifiers (CVE ID) assigned to publicly disclosed cybersecurity...
Learn MoreCommon Vulnerability Scoring System. A numerical score on a scale from 1 to 10, representing the potential severity of a software...
Learn MoreDynamic Application Security Testing is designed to test applications in real-time under operating conditions.
Learn MoreCode, librarties, or tools that your application relies on to operate. May or may not be written by a third party.
Learn MoreDevOps pertains to software development and is a contraction of the words “Development” and...
Learn MoreDevSecOps is the incorporation of continuous security testing into all stages of the software development lifecycle (SDLC). Development,...
Learn MoreA virtualization tool that allows you to deliver your software in a particular type of package called a container, which includes an...
Learn MoreDocker alternatives are containerization tools and platforms that provide functionalities similar to...
Learn MoreFine-tuning LLMs on narrowly focused datasets enables them to acquire deep domain expertise, significantly improving their accuracy and...
Learn MoreA package manager for Kubernetes. Written in YAML, a Helm chart allows you to define, install, and upgrade complex Kubernetes...
Learn MoreAn HTTP proxy, also known as an Internet proxy, is a special type of server that sits between Web servers and clients, intercepting...
Learn MoreIdentity and Access Management (IAM) is the practice of ensuring the right users and devices have appropriate access to technology...
Learn MoreInfrastructure as Code (IaC) is the practice of managing and provisioning computing infrastructure, such as virtual machines, networks,...
Learn MoreInsider threats refer to security risks that originate from individuals within an organization, such as current employees, former...
Learn MoreA type of testing that verifies entire parts of an application work when combined with other parts of an application.
Learn MoreA tool that translates source code in a higher-level language into a lower-level language for execution, line-by-line, at runtime....
Learn MoreA container orchestration tool designed to make the deployment and management of containerized applications easier. Think of it like the...
Learn MoreLLMOps is a systematic approach to developing, deploying, and operating Large Language Models (LLMs). By bringing consistency to this...
Learn MoreA legal document that defines how a piece of software may be used, and what the implications are for using it. Licenses may define rules...
Learn MoreIn the context of JFrog Artifactory, a particular type of repository that contains code originating on your local machine. Does not...
Learn MoreA Machine Learning (ML) model is a program that has been trained on a dataset using an algorithm. By...
Learn MoreA software development architecture that breaks your application up into multiple independent services that interact with one another....
Learn MoreMicroservices security refers to the practices, tools, and strategies used to protect distributed applications built with a...
Learn MoreAn ML experiment tracking tool helps to manage all the activities related to experiment runs and streamlines the research process.
Learn MoreML model interpretability refers to easily a human being can interpret and understand how the model arrived at its decision or...
Learn MoreMLOps is a combination of practices and tools designed to bridge the gap between data science and operations, encompassing the...
Learn MoreModel deployment is the step within the machine learning life cycle where a new model moves into a...
Learn MoreA model registry in MLOps (Machine Learning Operations) is a centralized repository that manages the lifecycle of machine learning...
Learn MoreModelOps is a set of practices that businesses can use to derive maximum value from machine learning...
Learn MoreA software development architecture wherein your application is built as a single unit -- front-end, back-end, and database. Until...
Learn MoreNuGet is a commonly-used package manager that simplifies dependency management by enabling developers to easily add, remove, and update...
Learn MoreOperational Risk Management (ORM) refers to the practices and processes for identifying, assessing, and mitigating risks associated with...
Learn MorePackages are bundles of code used to extend the functionality of an application.
Learn MoreRole-Based Access Control (RBAC) is a method for restricting system access to authorized users. Instead of assigning permissions...
Learn MoreReal-time machine learning is the capability of ML systems to make predictions and adapt to new data instantaneously. This real-time...
Learn MoreIn the context of JFrog Artifactory, a repository type that contains only remote code with an original source outside of your local...
Learn MoreA place to organize your source code or artifacts into one cohesive, organized group by application or project. Tools like GitHub are...
Learn MoreStatic Application Security Testing (SAST), is a type of application security testing that scans applications in a static state to...
Learn MoreAn SBOM is a list of all of the components used to build and run an application. They include an inventory of any modules, libraries,...
Learn MoreSoftware Composition Analysis (SCA) is the use of automated tools to identify open source components within an application’s code...
Learn MoreThe software development life cycle, or SDLC, is the set of phases that occur as developers create software. It includes a series of...
Learn MoreSecrets Management, vital in Application Security (AppSec), protects sensitive credentials like API keys and passwords across their...
Learn MoreSecurity Misconfigurations refer to the incorrect or suboptimal configuration of a system component or security control, leading to a...
Learn MoreA tool that makes it easier to monitor and control the flow of information between the microservices that make up your application. This...
Learn MoreShift Left is a software development security strategy and practice that integrates security measures as...
Learn MoreA software artifact repository is a centralized storage system used in software development to manage...
Learn MoreA software artifact is any item produced during the development of software, whether tangible or...
Learn MoreSoftware provenance is the metadata that records the origin, development, and delivery of software components.
Learn MoreThe software supply chain is an aggregation of all the people, processes, and technologies involved in producing or updating a piece of...
Learn MoreA tool that helps manage your uncompiled source code into repositories. Examples are GitHub or Bitbucket.
Learn MoreThe Secure Software Development Framework (SSDF) is a set of practices from NIST designed to embed security throughout the software...
Learn MoreA type of test that aims to verify functionality within a very specific, narrow scope, e.g., a specific function or class.
Learn MoreIn the context of JFrog Artifactory, a type of repository that acts as an envelope around the local and remote repositories that make up...
Learn MoreVulnerability Management is the process of discovering, identifying, prioritizing and ultimately remediating vulnerabilities and risk in...
Learn MoreVulnerability scanning is the process of using automation to crawl a system, network, or application to find known weaknesses or...
Learn MoreA data serialization language designed to be human-readable, frequently used for configuration files in DevOps and beyond.
Learn MoreA Zero Day is a security vulnerability that hasn't been discovered by or disclosed to the public. There are no known detections or...
Learn MoreCI/CD streamlines and automates the process of integrating, testing, and delivering code changes to applications.
Learn MoreDocker alternatives are containerization tools and platforms that provide functionalities similar to...
Learn MoreModel deployment is the step within the machine learning life cycle where a new model moves into a...
Learn MoreNuGet is a commonly-used package manager that simplifies dependency management by enabling developers to easily add, remove, and update...
Learn MorePackages are bundles of code used to extend the functionality of an application.
Learn MoreA software artifact repository is a centralized storage system used in software development to manage...
Learn MoreA software artifact is any item produced during the development of software, whether tangible or...
Learn MoreAccess control defines and enforces who can access or modify digital resources to protect data and ensure compliance.
Learn MoreAPI security mitigates attackers' abuse of an Application Programming Interface to disrupt systems or steal data.
Learn MoreApplication security refers to the measures taken to protect software applications from threats and vulnerabilities.
Learn MoreApplication Security Testing (AST) identifies, reports, and detects vulnerabilities in software applications throughout the SDLC.
Learn MoreA backdoor attack is a technique used by threat actors to create a hidden entry point into an application or environment.
Learn MoreCode signing is a cryptographic process that uses a digital signature to confirm a software artifact’s origin and integrity.
Learn MoreContainer runtime security is a component of application security, helping to detect/mitigate issues that impact running containers.
Learn MoreContract testing is a type of software testing that evaluates interactions between software services. It...
Learn MoreCloud environments typically include a large number of diverse workloads running across multiple cloud services, with thousands of human...
Learn MoreCommon Vulnerabilities and Exposures (CVE) are a dictionary of unique identifiers (CVE ID) assigned to publicly disclosed cybersecurity...
Learn MoreCommon Vulnerability Scoring System. A numerical score on a scale from 1 to 10, representing the potential severity of a software...
Learn MoreDynamic Application Security Testing is designed to test applications in real-time under operating conditions.
Learn MoreAn HTTP proxy, also known as an Internet proxy, is a special type of server that sits between Web servers and clients, intercepting...
Learn MoreIdentity and Access Management (IAM) is the practice of ensuring the right users and devices have appropriate access to technology...
Learn MoreInfrastructure as Code (IaC) is the practice of managing and provisioning computing infrastructure, such as virtual machines, networks,...
Learn MoreInsider threats refer to security risks that originate from individuals within an organization, such as current employees, former...
Learn MoreA legal document that defines how a piece of software may be used, and what the implications are for using it. Licenses may define rules...
Learn MoreMicroservices security refers to the practices, tools, and strategies used to protect distributed applications built with a...
Learn MoreOperational Risk Management (ORM) refers to the practices and processes for identifying, assessing, and mitigating risks associated with...
Learn MoreRole-Based Access Control (RBAC) is a method for restricting system access to authorized users. Instead of assigning permissions...
Learn MoreStatic Application Security Testing (SAST), is a type of application security testing that scans applications in a static state to...
Learn MoreSecrets Management, vital in Application Security (AppSec), protects sensitive credentials like API keys and passwords across their...
Learn MoreSecurity Misconfigurations refer to the incorrect or suboptimal configuration of a system component or security control, leading to a...
Learn MoreShift Left is a software development security strategy and practice that integrates security measures as...
Learn MoreVulnerability Management is the process of discovering, identifying, prioritizing and ultimately remediating vulnerabilities and risk in...
Learn MoreVulnerability scanning is the process of using automation to crawl a system, network, or application to find known weaknesses or...
Learn MoreA Zero Day is a security vulnerability that hasn't been discovered by or disclosed to the public. There are no known detections or...
Learn MoreAn SBOM is a list of all of the components used to build and run an application. They include an inventory of any modules, libraries,...
Learn MoreSoftware provenance is the metadata that records the origin, development, and delivery of software components.
Learn MoreThe Secure Software Development Framework (SSDF) is a set of practices from NIST designed to embed security throughout the software...
Learn MoreA CI/CD pipeline helps Machine Learning teams achieve rapid and reliable updates of models in production.
Learn MoreFine-tuning LLMs on narrowly focused datasets enables them to acquire deep domain expertise, significantly improving their accuracy and...
Learn MoreLLMOps is a systematic approach to developing, deploying, and operating Large Language Models (LLMs). By bringing consistency to this...
Learn MoreA Machine Learning (ML) model is a program that has been trained on a dataset using an algorithm. By...
Learn MoreAn ML experiment tracking tool helps to manage all the activities related to experiment runs and streamlines the research process.
Learn MoreML model interpretability refers to easily a human being can interpret and understand how the model arrived at its decision or...
Learn MoreA model registry in MLOps (Machine Learning Operations) is a centralized repository that manages the lifecycle of machine learning...
Learn MoreModelOps is a set of practices that businesses can use to derive maximum value from machine learning...
Learn MoreReal-time machine learning is the capability of ML systems to make predictions and adapt to new data instantaneously. This real-time...
Learn MoreA compiler translates an application written in a higher-level programming language into a lower-level language so it can be executed.
Learn MoreA type of testing that verifies entire parts of an application work when combined with other parts of an application.
Learn MoreA software development architecture wherein your application is built as a single unit -- front-end, back-end, and database. Until...
Learn MoreSoftware Composition Analysis (SCA) is the use of automated tools to identify open source components within an application’s code...
Learn MoreA tool that helps manage your uncompiled source code into repositories. Examples are GitHub or Bitbucket.
Learn MoreA type of test that aims to verify functionality within a very specific, narrow scope, e.g., a specific function or class.
Learn More
