Operations | Monitoring | ITSM | DevOps | Cloud

International Programmers Day 2021: Celebrating Those on the Front Lines of Digital Transformation

Happy International Day of the Programmer to the coders out there programming our digital world. It is your work and commitment that make the technical community thrive. You create the foundation for the innovations transforming the way we work and live.

Managing IoT Software Updates at Scale: Our Acquisition of Upswift

With the increasing proliferation of connected devices, it might be assumed that deploying software to devices, providing incremental updates, application security and IoT device management at scale are all rolled into companies’ DevOps pipelines as one big happy portfolio. Sadly, this has not been the case to date. Most IoT software updates and management solutions today are operated in a complete silo from corporations’ DevOps processes.

Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling

JFrog Security research teams are constantly looking for new and previously unknown vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered a potentially critical vulnerability in HAProxy, a widely used open-source load balancer proxy server that is particularly suited for very high traffic web sites and used by many leading companies.

Scanning Dependencies in your sources using JFrog CLI and Xray

Security vulnerabilities and license violations should be found as early as possible and the earlier in the SDLC , the better. As part of the “ Shift Left ” vision, JFrog CLI and Xray now allow scanning dependencies directly from sources , on-demand, using a simple command line. This functionality allows benefiting from the same JFrog Xray vulnerability and license scanning capabilities, even before deployment to JFrog Artifactory.

The More the Merrier: Multi-Arch Docker Manifests with Buildx and Artifactory

The cloud native promise to be able to “build once, deploy anywhere” is nearly fulfilled. With containerization and Docker , we can build our applications and services for any environment, and set configuration at runtime. Well,… almost. Operating systems and apps still need to be compiled to execute on specific architecture types. Your software that’s been compiled for an AMD64 processor can’t run on an ARM-based machine, nor can one built for Linux run on Windows.

It's Time to Get Hip to the SBOM

The DevOps, IT security and IT governance communities will remember 2021 as the year when the Software Bill of Materials , or SBOM, graduated from a “nice to have” to a “must have.” Around for years, the SBOM has now become a critical DevSecOps piece, which everyone must thoroughly understand and incorporate into their SDLC (Software Development Lifecycle).

A Year of Supply Chain Attacks: How to Protect Your SDLC

One of the most worrisome trends in cybersecurity today is the skyrocketing incidence of supply chain attacks, such as the ones that hit SolarWinds last year and Kaseya more recently. Because they focus on compromising software development and delivery, supply chain attacks have forced developers and DevOps teams to scramble for solutions. Unfortunately, supply chain attacks are particularly challenging to prevent, detect and remediate, and, because of their stealthy nature, are often devastating.

Simplifying App Deployments for Developers - A Short History from Timesharing to Serverless

I have been in the IT industry for a few decades now and have helped launch waves of technology in the constant pursuit of making computing easier, cheaper and with greater uptime. This all started well before my entry into the IT industry and will continue to well past the time I retire. However, it is always good to understand where we have been and look how far we have come to understand how we can continue to make it even better.

How to protect your secrets with Spectral and JFrog Pipelines

Thousands of secrets leak daily on public git repositories, including over two million corporate secrets in 2020 alone. This can happen to anyone! For example, in January 2021, an Amazon cloud engineer accidentally committed almost a gigabyte worth of sensitive data that included their own personal documents, as well as passwords and cryptographic keys to various AWS environments on his personal GitHub repository.

No Internet? No Problem. Use Artifactory with an Air Gap - Part I

Virtually all development organizations need access to remote public resources such as Maven Central, NuGet Gallery, npmjs.org, Docker Hub etc., to download dependencies needed for a build. One of the big benefits of using Artifactory is its remote repositories which proxy these remote resources and cache artifacts that are downloaded.