Operations | Monitoring | ITSM | DevOps | Cloud

The JFrog Security Research team has recently discovered and disclosed CVE-2025-6514 – a critical (CVSS 9.6) security vulnerability in the mcp-remote project – a popular tool used by Model Context Protocol clients. The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it initiates a connection to an untrusted MCP server, posing a significant risk to users – a full system compromise.

Atlassian’s 2025 State of DevEx Survey reveals a paradox: AI is saving developers time, but they’re still losing time to organizational inefficiencies.

GoodRx, a digital healthcare platform, has released the Lifecycle project as open-source code. Lifecycle is a complete solution for temporary/ephemeral environments. The project’s build process includes built-in support for Codefresh pipelines.

The default Kubernetes scheduler works great when your cluster is destined for long running applications. At Codefresh we use our Kubernetes clusters for running Continuous Integration pipelines which means our workloads are ephemeral (they are discarded when a pipeline has finished). This allowed us to look at the Kubernetes scheduler from a different perspective and forced us to think about how Kubernetes can work for short-running workloads.

The enterprise artifact management market - which has belonged for a while to JFrog and Sonatype - is now truly up for grabs. Cloudsmith was built on the core principle that cloud-native architecture matters. So does simplicity in design and workflow. Partnerships matter, too. We’ve built a comprehensive platform that controls and secures every artifact as it’s built, scanned, signed, stored, and shipped across the software supply chain.

Your CFO just asked about operational efficiencies across the engineering org. Tooling budgets are under the microscope, and suddenly CI/CD costs are getting attention. Sound familiar? When the pressure’s on to cut software spend, CI/CD often looks like a tempting target. It’s visible, measurable, and seemingly easy to move.

Swift is the default and preferred language for developing applications within the Apple ecosystem. The Swift Package Manager (SwiftPM) has become the de-facto dependency manager for Swift, enabling developers to share and reuse code effortlessly. While its elegance lies in its simplicity, there’s a common concern about integrating SwiftPM into robust, enterprise-grade development workflows. This is where JFrog Artifactory shines.

Every engineering team eventually faces this question: “Is our CI/CD setup actually helping us, or is it getting in the way?” The answer isn’t always obvious. CI/CD problems often develop gradually: small issues become accepted workarounds, and those workarounds become standard practice. What once worked well for your team might not fit your current needs or scale. The decision to evaluate new tooling usually builds over time as pain points accumulate and priorities shift.

How do you use ArgoCD and a GitHub workflow together with an external CI/CD tool (Jenkins in our case) to trace a specific PR/commit hash code in a GitHub repository that’s external to ArgoCD? The term ‘commit tracing’ comes from Michael Crenshaw – one of the lead developers of Argo.