Operations | Monitoring | ITSM | DevOps | Cloud

July 2021

Bring Xray Out of the Box with Dependency and Binary Scanning

Shifting left security means you, the developer, catching and fixing vulnerabilities and license violations early in the SDLC. That’s why Xray scans binaries pushed to Artifactory by your builds, and alerts you when there are issues with your dependencies. But catching them earlier, even before checking in code, can be important for developers shifting left.

How to Use Cargo Repositories in Artifactory

For five years running, Rust has taken the top spot in Stackoverflow’s survey of most loved programming languages. Seen by many as the next step after C/C++, the language is fast becoming embraced by embedded device developers and as a robust system for IoT. At JFrog, we took notice and are eager to welcome Rust developers to the empowerment of robust binaries management and how it contributes to continuous integration.

JFrog detects malicious PyPI packages stealing credit cards and injecting code

Software package repositories are becoming a popular target for supply chain attacks. Recently, there has been news about malware attacks on popular repositories like npm, PyPI, and RubyGems. Developers are blindly trusting repositories and installing packages from these sources, assuming they are secure.

JFrog and Vdoo: Better Together

JFrog customers will soon enjoy end-to-end, holistic security across their software lifecycle — from development to devices — as the technology of recently-acquired Vdoo gets integrated into the JFrog DevOps Platform. That was the pledge made by JFrog and Vdoo leaders during their first joint webinar, in which they explained why JFrog acquired Vdoo, how the platform’s security and compliance capabilities will expand, and what’s the integration timeline.

Knative - deploy, and manage modern container-based serverless workloads - Elad Hirsch

Yalla! DevOps 2021 -- The first, in-person DevOps conference of the year! Driven by the DevOps community. All about the DevOps community. Knative is the new kid in town in the Serverless community. As Kubernetes is de facto our cloud infrastructure Knative is allowing us to focus more on our business logic and less on infrastructure ,All while committing to the new paradigm of Serverless computing.

Vdoo & JFrog - Enhanced Security From Code To The Edge

Join this webinar to learn more about JFrog’s announced acquisition of Vdoo! Together JFrog and Vdoo are the creators of a hybrid product security platform that automates multidimensional security tasks throughout the entire build and release cycle - and how JFrog and Vdoo plan to integrate their technologies to further the secure Liquid Software vision. Imagine if you had access to streamlined, consolidated and comprehensive security data in one platform that helped developers and security teams identify and fix their most critical issues rapidly.

After analyzing 600,000 SQL queries, these are the top mistakes developers make - Oded Valin

Yalla! DevOps 2021 -- The first, in-person DevOps conference of the year! Driven by the DevOps community. All about the DevOps community. Users want to see their data fast, immediately, now. Whether you’re working with an ORM or writing native SQL, you probably had a “scratching-my-head-trying-to-figure-out-why-this-database-is-so-slow” moment. The team at EverSQL analyzed more than 600,000 SQL queries from thousands of different companies, to lay down the most common mistakes developers do when writing SQL queries. This talk focuses on writing SQL the right way, the fast way.

Deep-dive into Open Policy Agent + Conftest + GateKeeper - Shimon Tolts & Noaa Barki

Yalla! DevOps 2021 -- The first, in-person DevOps conference of the year! Driven by the DevOps community. All about the DevOps community. Deep-dive into Open Policy Agent + Conftest + GateKeeper: Kubernetes Policy in action In this session, we will do a deep-dive session into: Open Policy Agent, Conftest, and GateKeeper. We will show real-life use cases of how to use those technologies in production in order to configure and enforce a centralized policy for Kubernetes Shimon and Noaa will present both sides of the dev stack, DevOps and Developers.

The Peopleware Running Cloud DevOps

Early this year, we set out on a journey to onboard a new cloud engineering team at JFrog. Many can relate to the challenges involved with onboarding a new team, these were amplified even more during the pandemic. However this blog post is not about COVID-19, it is about sharing our experience of fine-tuning the onboarding path for this unbeatable group. TL/DR: What it takes to build and onboard a team of junior engineers into the existing JFrog Cloud engineering team.

How to Accelerate Software Delivery with Hybrid Cloud CI/CD

Are you looking for solutions to deliver rapid application development and iterations? You’re not alone. To accomplish this, many organizations are embracing cloud native containers across multiple cloud providers. The reason? This strategy reduces the risk of vendor lock-in, and helps you scale the application infrastructure horizontally.

Influencing DevOps without Authority - How a DevOps Engineer can advance real DevOps

In this talk, Baruch will show how some proven influencing and negotiating techniques can be used to convince critical stakeholders in your organization in the necessity of DevOps. We look at the arguments, the techniques, and the small tricks, which work in particular situations with particular engineering and business leadership positions and will prepare you to deliver the message of DevOps most convincingly to each.

JFrog And Red Hat DevSecOps Security Series

Accurately detecting and mitigating security vulnerabilities is critical for any enterprise. JFrog’s ongoing collaboration with Red Hat provides the DevOps community with enterprise-grade DevSecOps capabilities, enabling you to deliver high-quality, and more secure software, anywhere. As part of the Red Hat DevSecOps Security Series, Join us on July 1st for JFrog & Red Hat’s perspective on application analysis and how JFrog’s recently achieved Vulnerability Scanner Certification helps identify vulnerabilities in applications, images and configurations early in your lifecycle.