Operations | Monitoring | ITSM | DevOps | Cloud

June 2021

DevSecOps is a practice. Make it visible

Security should be embedded in DevOps by default, but for many organizations, it is not. Enter “DevSecOps”. What is DevSecOps? It is a practice to build more secure applications, secure the software factory, and secure cloud workloads. Because it is a practice it needs to be visible. In this session hear about the ways tech-enabled enterprises approach a DevSecOps practice, how they make it visible, and how Splunk + JFrog can accelerate your journey.

We've Agreed to Acquire Vdoo, Unifying Developers and Security Teams from Source to Device

We’re extremely excited to announce we’ve agreed to acquire Vdoo, a leading, Israeli-based product security company with its roots in binaries and IoT/devices. Vdoo’s team and entire technology portfolio will be incorporated into JFrog, delivering a solution that truly unifies development and security teams with a holistic security approach.

Understanding and tracking the impact of your ever-changing k8s deployments

As developers we’re not always fully aware of security implications stipulated from changes to our code whether these are done in the CI, CD or an artifact database. It is always challenging to predict the impact of a changed 3rd party library, a security context or an RBAC permission, accessing a different network to the same resource or even using an API in a different way than we used to. Understanding the impact immediately and being able to make a change without disrupting the pipeline is therefore an important requirement. This session will present best practices to cope with these day to day changes and will propose a set of tools to address them cohesively.

The Top 4 DevOps Headlines of 2025

Welcome to swampUP 2021! A year ago, we said that in 2020, every company would be a DevOps company. We couldn’t have imagined the news stories 2020 would bring, both globally and in our industry, with DevOps now affecting all business stakeholders. While the worldwide pandemic has shaped the immediate future of DevOps and digital transformation, we move ever-closer to a post-pandemic world, where the foundations laid today will have ripple effects across the marketplace. Join Shlomi Ben Haim, CEO of JFrog, as he kicks off swampUP with some unexpected headlines, taken directly (probably) from the pages of 2025’s news cycle.

The Biggest DevSecOps Hits From swampUP 2021

In the wake of recent events like the SolarWinds hack and the White House executive order on cybersecurity, DevSecOps and security are top-of-mind for most DevOps and security professionals. How to efficiently adapt or adopt a sound DevSecOps practice has become a priority, especially with the U.S. government’s impending mandate requiring software applications to be vetted, and to create a trusted Software Bill Of Materials (SBOM) for each one.

Drive DevSecOps Visibility with JFrog Partner Integrations

If you need your teams to act, you need to alert them where they’re already looking. Yet yesterday’s DevOps practices demand individuals to wrangle with uncorrelated events, multiple UIs, and siloed technologies. Tomorrow’s DevOps must enable teams with: To practice DevSecOps, you’ll need to know where a vulnerable build has been deployed into production, and where to find the corrected build that should replace it.

JFrog How To's - How to Set Up Xray to Scan Repositories, Builds or Bundles

In this video, I'll show you how to get started with JFrog Xray. You will see how to create rules, policies and watches and what the individual components mean. We will also take a look at the Vulnerabilities Reports. Here I will show you how to create, evaluate and export them. This introduction gives you all the essential elements you can use to start looking for vulnerabilities in your project.

How to set up a Private, Remote and Virtual Maven/Gradle Registry

The simplest way to manage and organize your Java dependencies is with a Maven or Gradle repository. You need reliable, secure, consistent and efficient access to your dependencies that are shared across your team, in a central location. Including a place to set up multiple registries, that work transparently with the Maven and Gradle clients.

JFrog Artifactory: Administration (2020+) - Course Sneak Peek

The focus of this topic is the architecture of Artifactory and the benefits of checksum-based storage. In this woucrse we give you a full overview of the Artifactory architecture so that you can deploy the solution faster. Installation from beginning to end including configurations is also included in this course so that administrators can use the course to get the solution.

JFrog CloudFormation Modules Make Provisioning to AWS Easy and Secure

A routine cloud operations task should have a routine solution. That’s why we’ve just made it a lot easier to install and maintain self-hosted instances of the JFrog DevOps Platform on AWS, through AWS CloudFormation. To further simplify the effort of self-hosting Artifactory and Xray on AWS, we’ve just published a set of AWS CloudFormation modules to the AWS CloudFormation Public Registry.

Artifactory DevOps Tool Overview - Online Course SNEAK PEEK

In this DevOps course, we will introduce you to Artifactory and review some of the controls offered as well as supported services. JFrog Academy provides free self paced online courses! JFrog is providing a universal, hybrid, and end-to-end DevOps platform. Enabling IT professionals and developers to manage, maintain, and secure their worflows.

JFrog Product Leaders Answer swampUP Attendees' Burning Questions

In a live, unscripted “ask me anything” session, a group of JFrog product leaders candidly answered questions from swampUP attendees, with topics ranging from newly-announced JFrog products and capabilities to current cybersecurity concerns that impact DevOps teams. Because the lively discussion yielded so many great questions and answers, we’ve put together here a summary of the session.

Developer, Transform Yourself: Digital Transformation Starts with You

As technical professionals we spend a lot of time developing technical skills. Checking the right boxes of experience with languages, tools, and technologies is what typically lands us a job interview for our specialty. But what wins the job in DevOps — and carries you to success in it — are your human skills. Even more than technical chops, personal traits like mindset, communication skills, and work habits are your strongest assets in making DevOps work.

Joe Biden's Security Order: What it Means for DevOps

What the Executive Order says today Anticipated further actions by the White House Reasons the software bill of materials (SBOM) will become the source of truth Differences between a SBOM and an “ingredients list” How tools and methods will position developers for success How securing and certifying processes - not just components - may be the key to future compliance

Leaping Forward With Our Partners: JFrog Unveils Tech Partner Program

We’re delighted to announce the freshly-updated JFrog Technology Partner Program, a powerful initiative that will elevate our already large and vibrant ecosystem of integration partners and strengthen JFrog’s “too integrated to fail” commitment to its customers and the DevOps community. The program is a natural next step for JFrog.

Best Practices for Migrating to Helm v3 for the Enterprise

At JFrog, we rely on Kubernetes and Helm to orchestrate our systems and keep our workloads running and up-to-date. Our JFrog Cloud services had initially been deployed with Helm v2 and Tillerless plugin for enhanced security, but we have now successfully migrated our many thousands of releases to Helm v3. Like many SaaS service providers, JFrog Cloud runs with many Kubernetes clusters in different regions, across different cloud providers.

The Future Demands Full Stack DevOps Engineers at the Epicenter

As we wrap up swampUP 2021, I have never felt more excited about being part of the global DevOps community. My greatest takeaway from swampUP 2021, with all of its great presentations and the participation of thousands of our community peers, is that DevOps today finds itself at a historical inflection point. Let me explain.

The Epicenter of the Developer Community: swampUP 2021

We’ve just concluded another fantastic swampUP conference, which saw thousands of global developers, DevOps Engineers, community leaders, CIOs and security professionals come together to explore the true epicenter of global business: DevOps. In the words of our CEO, Shlomi Ben Haim, community is more powerful than any pandemic, and we were honored and humbled to be joined by Amazon, Capital One, Salesforce, PagerDuty, Elastic, HashiCorp, Google, Red Hat and many more.

2021 swampUP Technical Announcements in Just 8 Minutes

swampUP is where JFrog reveals the following year's roadmap and direction. But if you don't have time to watch the whole keynote, take 8 minutes and see all about the world's first Private Distribution Network (PDN) and Binary Lifecycle Management solutions. Includes PDN, Signed Pipelines, Federated Repositories, third-party dependency scanning, Cold Artifact Storage and more. Drawn from the technical keynote at swampUP in May 2021.

Going Beyond Exclude Patterns: Safe Repositories With Priority Resolution

You probably remember the Namespace Shadowing a.k.a. “Dependency Confusion” attack that was in the news a couple of weeks ago. I blogged back then about the Exclude Patterns feature of JFrog Artifactory which we’ve had forever and was always intended to protect you against those kinds of attacks.