Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on Continuous Integration and Development, and related technologies.

How to think about quality in the age of cheap prototypes

When AI makes prototyping incredibly cheap, your old quality standards become a bottleneck. The key mindset shift? Quality doesn't matter equally everywhere. You can experiment with lower-quality prototypes to learn faster, then apply high standards only to what customers actually see. This isn't about lowering standards - it's about applying the right quality mindset at the right stage. Stop letting perfectionism slow down your learning phase.

Security is a leading priority for 2025

The Cloudsmith 2025 Artifact Management Report offers timely insights into how engineering and DevOps teams are evolving their approach to software artifact management and software supply chain security. With supply chain attacks on the rise and Generative AI reshaping development practices, teams are reevaluating how they manage, secure, and scale their artifact repository infrastructure.

Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients

The JFrog Security Research team has recently discovered and disclosed CVE-2025-6514 – a critical (CVSS 9.6) security vulnerability in the mcp-remote project – a popular tool used by Model Context Protocol clients. The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it initiates a connection to an untrusted MCP server, posing a significant risk to users – a full system compromise.

The Artifact Management Market Is Up For Grabs

The enterprise artifact management market - which has belonged for a while to JFrog and Sonatype - is now truly up for grabs. Cloudsmith was built on the core principle that cloud-native architecture matters. So does simplicity in design and workflow. Partnerships matter, too. We’ve built a comprehensive platform that controls and secures every artifact as it’s built, scanned, signed, stored, and shipped across the software supply chain.

Self-hosted runners vs cloud CI/CD: A complete decision guide

Your CFO just asked about operational efficiencies across the engineering org. Tooling budgets are under the microscope, and suddenly CI/CD costs are getting attention. Sound familiar? When the pressure’s on to cut software spend, CI/CD often looks like a tempting target. It’s visible, measurable, and seemingly easy to move.

SwiftPM, CocoaPods, and the Future of Enterprise Development for Apple Platforms

Swift is the default and preferred language for developing applications within the Apple ecosystem. The Swift Package Manager (SwiftPM) has become the de-facto dependency manager for Swift, enabling developers to share and reuse code effortlessly. While its elegance lies in its simplicity, there’s a common concern about integrating SwiftPM into robust, enterprise-grade development workflows. This is where JFrog Artifactory shines.

Is it time to switch CI/CD platforms? 7 warning signs

Every engineering team eventually faces this question: “Is our CI/CD setup actually helping us, or is it getting in the way?” The answer isn’t always obvious. CI/CD problems often develop gradually: small issues become accepted workarounds, and those workarounds become standard practice. What once worked well for your team might not fit your current needs or scale. The decision to evaluate new tooling usually builds over time as pain points accumulate and priorities shift.