Sunnyvale, CA, USA
Jan 7, 2022   |  By Lori Lorusso
JFrog has been hard at work behind the scenes restructuring how we share information with the developer community. We wanted to create a one-stop resource for developers who code in a variety of languages, with a focus on DevOps, DevSecOps, and cloud native technologies. So without further ado … let me introduce you to our new JFrog Community site!
Very recently, the JFrog security research team has disclosed an issue in the H2 database console which was issued a critical CVE – CVE-2021-42392. This issue has the same root cause as the infamous Log4Shell vulnerability in Apache Log4j (JNDI remote class loading). H2 is a very popular open-source Java SQL database offering a lightweight in-memory solution that doesn’t require data to be stored on disk.
Jan 5, 2022   |  By Shlomi Ben Haim, CEO
Together with the community, JFrog pioneered what we now know as DevOps with a focus on binaries (aka software packages, artifacts or images). A decade ago, no one thought binary management would be a thing — now it’s a standard most companies can’t live without. Back then, we said software universality would be necessary, and now others follow suit. People thought cloud would be a single-vendor decision.
Jan 4, 2022   |  By Gianni Truzzi
Over the last several years, systems architects have had to make sure their systems are cloud native, with applications that are optimized for scalable cloud technology infrastructure. In today’s environment, you should be asking whether your solutions are cloud nimble as well. For the modern enterprise, cloud computing is now the default model for applications, storage, and compute.
There are many benefits to working with JFrog Artifactory as your private Docker registry, allowing you to store, share and deploy your binary artifacts in a single source of truth. This blog post will focus on using Artifactory in Kubernetes. Specifically, we’ll walk through the steps for configuring Kubernetes to pull images from Artifactory and most importantly – scale up! It will also describe how you can enable cluster-wide authenticated access to Artifactory behind the scenes.
Dec 30, 2021   |  By Nitzan Gotlib
Dealing with hundreds of security alerts on a daily basis is a challenge. Especially when many are false positives that waste our time and all take up too much of our valuable time to sift through. Let me tell you how our security team fixed this, as we built security around the JFrog products. First, let me tell you a little bit about our team.
Dec 30, 2021   |  By Ilya Khivrich
The high risk associated with newly discovered vulnerabilities in the highly popular Apache Log4j library – CVE-2021-44228 (also known as Log4Shell) and CVE-2021-45046 – has led to a security frenzy of unusual scale and urgency. Developers and security teams are pressed to investigate the impact of Log4j vulnerabilities on their software, revealing multiple technical challenges in the process.
Dec 28, 2021   |  By Ilya Khivrich
The discovery of the Log4Shell vulnerability in the ubiquitous Apache Log4j package is a singular event in terms of both its impact and severity. Over 1 million attack attempts exploiting the Log4Shell vulnerability were detected within days after it was exposed, and it may take years before we see its full impact.
Dec 23, 2021   |  By Gianni Truzzi
At many organizations, the surprise discovery that the widely used Apache log4j open source software has harbored a longtime critical vulnerability was as if Scrooge and the Grinch had teamed up for the biggest holiday heist of all. Incident response teams across the globe have scrambled to remediate thousands, if not millions of applications. “For cybercriminals this is Christmas come early,” explained Theresa Payton, former White House CIO and current CEO of Fortalice Solutions.
Dec 22, 2021   |  By Avigail Ofer
Accelerating software distribution is a critical part to enabling enterprise delivery at scale. Throughout the SDLC processes, we’re required to continuously distribute software packages — either to remote development teams as part of CI cycles, to production environments or devices for deployments, or for public downloads by your developers or partners ecosystem. The key attributes of Distribution workflows create network challenges around bandwidth, resiliency and availability.
Jan 12, 2022   |  By JFrog
* Are you using Azure DevOps as the starting point of your delivery process on the Azure cloud? Join this webinar to learn advanced tips and tricks for simplifying and accelerating your CI/CD pipelines with Azure DevOps and the JFrog Platform. Sharing a detailed demo of a real-world release pipeline triggered from Azure DevOps, we’ll review best practices and hard-won lessons for how you can streamline your end-to-end process and ensure it meets the security and quality requirements of large-scale enterprise delivery.
Jan 6, 2022   |  By JFrog
Want a glimpse at what it is like to be a CTO of a DevOps company? Join JFrog’s CTO Yoav Landman for our new CTO Corner Series. Each episode will feature a topic that is at the forefront of every technologist's mind… or should be. Yoav will be discussing hot topics in tech with other industry leaders giving you an opportunity to see behind the curtain of the decision makers.
Jan 5, 2022   |  By JFrog
JFrog Artifactory is a scalable, universal, binary repository manager that automatically manages your artifacts and dependencies throughout the application development and delivery process. Artifactory supports Kubernetes, the de facto orchestration tool in the industry, for automating deployment, scaling, and management of microservices and containerized applications..
Dec 15, 2021   |  By JFrog
JFrog Xray is a universal software composition analysis (SCA) solution that natively integrates with Artifactory as part of the JFrog Platform. Xray gives developers and DevSecOps teams an easy way to proactively identify open source vulnerabilities and license compliance violations before they manifest in production.
Dec 15, 2021   |  By JFrog
On December 9, 2021, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java. Since then, the trivially exploitable (weaponized PoCs are available publicly) and extremely popular library has reportedly been massively exploited and has gotten wide coverage on media and social networks.
Dec 15, 2021   |  By JFrog
DO YOU NEED TO CONTINUOUSLY PUBLISH AND DISTRIBUTE YOUR SOFTWARE TO SHARE WITH: Then you know what a hassle it can be -- with network bottlenecks, security overhead, and operational challenges managing distribution infrastructure at scale slowing down your releases.
Dec 15, 2021   |  By JFrog
Kroger leverages the JFrog platform to give developers visibility into their software vulnerabilities and make informed decisions on what to fix. See how Kroger has implemented secure DevOps processes with automated vulnerability scanning and open-source software (OSS) license compliance capabilities to support their development and security teams.
Dec 8, 2021   |  By JFrog
Use DevOps practices to deploy your database changes seamlessly! Join Robert Reeves of Liquibase and Melissa McKay of JFrog as they discuss the advantages of using tried and true DevOps methodologies and automation to keep your database driven application up and running in production. The 2021 State of DevOps Report tells us that elite performers are 3.4 times more likely to adopt database change management practices. DevOps is for everyone including our database professional friends.
Dec 8, 2021   |  By JFrog
Dec 2, 2021   |  By JFrog
Introduction to JFrog Xray and how to reduce vulnerability and license risks of the open source and 3rd party dependencies you rely on.
Jan 12, 2020   |  By JFrog
Software businesses of every industry and all sizes, from small startups to large enterprises, are looking for ways to accelerate their software development process in the race to innovate and deliver their offerings to their customers ahead of their competition.
Jan 12, 2020   |  By JFrog
Cloud DevOps tools offer greater flexibility, rapid deployment, cloud automation, reduced IT costs, and low upfront costs with subscription pricing. Setting up your environment with Artifactory on the cloud on your choice provides unlimited scalability allowing you to grow according to your needs and is easily achieved by using cloud storage providers (Amazon AWS, Google GCP or Microsoft Azure) in your environment with Artifactory.
Jan 1, 2020   |  By JFrog
In today's enterprises, software is your company's everyday face, whether through the desktop, the cloud, or a mobile device, to all parts of the globe. Cars are computers on wheels. Thermostats are data terminals. Banks live in your phone. In this new world, software updates serve customer's demands. Each one you deliver is your opportunity to renew - or, if botched, destroy - their trust. How can you make every update top-notch at top speed?
Jan 1, 2020   |  By JFrog
Today, we live in a very connected world, where our devices, homes and cars all communicate with each other, and every company with a product or service has the need to develop software. It is one of the primary mediums by which they strive to provide better products, services and solutions, and has become paramount to a company's success. To continuously improve their software, companies must have sound DevOps or DevSecOps practices in place.
Dec 1, 2019   |  By JFrog
Two numbers are shaking the foundations of business. What do these two figures mean to your business? They mean that, odds are your competitive landscape is irrevocably changed - already. To start, expectations for delivery speed for new products, services, and everything are faster. The new table stakes in the DevOps world have raised the bar on collaboration, cross-organizational visibility, efficiency, even company culture. Another thing these two simple stats mean is that most businesses are already there, or heading there now.
Dec 1, 2019   |  By JFrog
Over the last several years, software development has evolved from deploying products periodically to building them on an ongoing basis using CI servers. A company's end product may be built on a daily or even hourly basis. This means that DevOps must support the continual flow of code from the individual developer's machine to the organization's production environment.

JFrog products seamlessly integrate with practically any development environment on Earth, from legacy code to the most recent containers and micro-services.

JFrog's end-to-end platform provides a fully automated pipeline for distributing trusted software releases. Connecting all developers, DevOps engineers and product owners to end devices, the JFrog Platform ensures software flows quickly and free from interruption.

End-to-End Universal DevOps Platform:

  • JFrog Artifactory: The undisputed software repository leader for integrated, universal artifact management at enterprise scale.
  • JFrog Container Registry: The world’s most flexible, hybrid container registry, with enterprise-grade resiliency backed by JFrog Artifactory.
  • JFrog XRay: Universal security vulnerability & compliance analysis, natively integrated with Artifactory for continuous governance across the DevOps pipeline.
  • JFrog Pipelines: Universally orchestrate software releases and master the entire CI/CD pipeline from code to production.
  • JFrog Distribution: Secure and validate your software releases, allowing trusted, optimized software distribution on a global scale.
  • JFrog Mission Control: A single access point providing a centralized dashboard to oversee your DevOps pipeline.

Universal Artifact Management for DevOps Acceleration.