Sunnyvale, CA, USA
Oct 20, 2021   |  By Jagdish Mirani
With the trend towards smaller but more frequent software releases, your binaries and artifacts keep accumulating faster. Our enterprise customers each maintain an average of 20 million unique artifacts, adding 130% more each year. Eventually, a clutter of outdated binaries forms, and fInding the binaries you need becomes unwieldy, difficult, and confusing. Over time, your artifact repository’s performance can suffer from degradation.
Oct 19, 2021   |  By Denys Vozniuk and Shachar Menashe
JFrog has recently disclosed a directory traversal issue in CivetWeb, a very popular embeddable web server/library that can either be used as a standalone web server or included as a library to add web server functionality to an existing application. The issue has been assigned to CVE-2020-27304.
Oct 18, 2021   |  By JFrog Team
Like the historic space race, the competition to plant the flag of DevOps is blasting off. According to market intelligence firm IDC, global business will invest $6.8 trillion in digital transformation by 2023. Yet research also suggests that 70 percent of them will fail to meet their goals. JFrog was the first company to offer a universal, hybrid, end-to-end DevOps platform.
Prometheus is an open-source, metrics-based event monitoring and alerting solution for cloud applications. It is used by nearly 800 cloud-native organizations including Uber, Slack, Robinhood, and more. By scraping real-time metrics from various endpoints, Prometheus allows easy observation of a system’s state in addition to observation of hardware and software metrics such as memory usage, network usage and software-specific defined metrics (ex.
Oct 7, 2021   |  By Maharshi Patel
While DevOps automation aims to eliminate most human intervention in the CI/CD DevOps pipeline, you can’t always cut people completely out of the process. There are still times when you’ll want an expert, hands-on review to assure that everything is as it should be before allowing your pipeline to proceed further.
JFrog security research team (formerly Vdoo) has recently disclosed a code injection issue in Yamale, a popular schema validator for YAML that’s used by over 200 repositories. The issue has been assigned to CVE-2021-38305.
We live in a world of increasingly connected devices – phones, digital assistants, smart watches, cars, thermostats, refrigerators, windmills, and more. More than 50% of the world’s population is now online and two-thirds own a mobile device, according to the World Economic Forum. Additionally, the codebase of today’s applications typically consists mainly of open source components – exposing them to greater risk of hacking than ever before.
The vulnerability disclosure process involves reporting security flaws in software or hardware, and can be complex. Cooperation between the organization responsible for the software or hardware, and the security researcher who discovers the vulnerability can be complicated. In this blog we’ll look at the vulnerability disclosure process, the parties involved and how they can collaborate productively.
Oct 1, 2021   |  By Barak Hacham and Gianni Truzzi
If you’re among the nearly one in four professional developers using PHP (according to StackOverflow’s 2021 survey), then the maintainers of Composer would really like you to migrate from v1 of the PHP package manager to v2. On October 24 2020, Composer 2.0.0 was released with some major improvements.Since almost eight out of every ten websites on the internet use PHP in some way, that’s a change with big impact.
Sep 30, 2021   |  By Sarit Tager, VP Product, JFrog Security
Achieving comprehensive security for the products delivered and deployed by organizations is becoming more difficult, due to a variety of factors. A key one is the growing volume, variety and complexity of software and connected devices in use. Another is the overwhelming risk of inherited software supply chain exposures. The result: Companies struggle every day to provide software with optimal security and protection against malicious activities, takeovers, data theft, and commercial sabotage.
Oct 12, 2021   |  By JFrog
Enterprises came to expect that software that underpins their business can change at the speed of the market. Cloud-native technologies and modern DevOps tools enable enterprises to continuously deploy software updates across data centers and public clouds. But things often get slowed down when trying to update applications across mixed environments and large fleets of edges and IoT devices.
Oct 8, 2021   |  By JFrog
JFrog has acquired Upswift to bring the world of connected devices into the DevOps pipeline! Managing fleets of devices and edge applications remotely - including over-the-air (OTA) updates, security, monitoring, controlling and more - has quickly become unwieldy for most companies, with growth of connected devices expected to reach 24 billion in 2026. But, most of today’s DevOps solutions are not optimized or built to deliver software updates to distributed edge and IoT environments.
Sep 17, 2021   |  By JFrog
These meetups will educate you on best practices and where to start and also aspire to build a community of others like you who are looking to improve their DevOps game.
Sep 15, 2021   |  By JFrog
With new software supply chain attacks reaching the spotlight at an accelerating pace, security research uncovering novel attack methods, and new mandates and guidelines starting to come into effect -- it can be hard to stay on top of the latest developments and their implications. Catch this session as we break down the recent news related to software supply chain security and what you can do to meet new requirements and protect your software from such attacks.
Sep 10, 2021   |  By JFrog
In this webinar, you’ll learn what an SBOM is, how it will benefit you, the misconceptions that exist around it and why it must be a key element of your software development life cycle's (SDLC) security and compliance. We’d also like to invite you to register for a joint JFrog-AWS webinar, where we’ll do a deep dive on SBOMs and share insights and best practices on SBOM creation and usage.
Sep 4, 2021   |  By JFrog
JFrog in collaboration with Forescout Research Labs recently released the fourth study from Project Memoria - the industry’s most comprehensive study of TCP/IP vulnerabilities. INFRA:HALT covers 14 vulnerabilities affecting the popular closed source TCP/IP stack NicheStack. These vulnerabilities can cause Denial of Service or Remote Code Execution, allowing attackers to take targeted OT and ICS devices offline or take control of them.
Aug 30, 2021   |  By JFrog
When software teams are charged with delivering higher quality software, faster - how do you effectively enable collaboration and observability while eliminating risk and manual processes? In this webinar, Ali Sardar from JFrog and Rob Jahn from Dynatrace will address how to overcome these challenges and unlock speed, observability, and automation across your DevOps lifecycle. In addition to best practices shared by our speakers, you will also see both products in action - meeting the critical needs of development and operations teams.
Aug 20, 2021   |  By JFrog
You have mission-critical applications, JFrog and DataDog collaborated for a unified solution. Together, we ensure the dependable operation of your JFrog Platform by tracking usage data of Artifactory and Xray through Datadog’s modern SaaS-based log monitoring tool. We will show you how to boost efficiency of your DevOps pipeline to keep your software releases running seamlessly and securely.
Aug 11, 2021   |  By JFrog
When you’re new to an industry, you encounter § a lot of new concepts. We tend to use a lot of jargon, the documentation may be written for someone more experienced in mind or rely on contextual knowledge of the rest of the space, and it often doesn’t explain the “why” for the tool. This can make it really difficult to get your feet underneath you in an unfamiliar landscape, especially for junior engineers.
Jan 12, 2020   |  By JFrog
Software businesses of every industry and all sizes, from small startups to large enterprises, are looking for ways to accelerate their software development process in the race to innovate and deliver their offerings to their customers ahead of their competition.
Jan 12, 2020   |  By JFrog
Cloud DevOps tools offer greater flexibility, rapid deployment, cloud automation, reduced IT costs, and low upfront costs with subscription pricing. Setting up your environment with Artifactory on the cloud on your choice provides unlimited scalability allowing you to grow according to your needs and is easily achieved by using cloud storage providers (Amazon AWS, Google GCP or Microsoft Azure) in your environment with Artifactory.
Jan 1, 2020   |  By JFrog
In today's enterprises, software is your company's everyday face, whether through the desktop, the cloud, or a mobile device, to all parts of the globe. Cars are computers on wheels. Thermostats are data terminals. Banks live in your phone. In this new world, software updates serve customer's demands. Each one you deliver is your opportunity to renew - or, if botched, destroy - their trust. How can you make every update top-notch at top speed?
Jan 1, 2020   |  By JFrog
Today, we live in a very connected world, where our devices, homes and cars all communicate with each other, and every company with a product or service has the need to develop software. It is one of the primary mediums by which they strive to provide better products, services and solutions, and has become paramount to a company's success. To continuously improve their software, companies must have sound DevOps or DevSecOps practices in place.
Dec 1, 2019   |  By JFrog
Two numbers are shaking the foundations of business. What do these two figures mean to your business? They mean that, odds are your competitive landscape is irrevocably changed - already. To start, expectations for delivery speed for new products, services, and everything are faster. The new table stakes in the DevOps world have raised the bar on collaboration, cross-organizational visibility, efficiency, even company culture. Another thing these two simple stats mean is that most businesses are already there, or heading there now.
Dec 1, 2019   |  By JFrog
Over the last several years, software development has evolved from deploying products periodically to building them on an ongoing basis using CI servers. A company's end product may be built on a daily or even hourly basis. This means that DevOps must support the continual flow of code from the individual developer's machine to the organization's production environment.

JFrog products seamlessly integrate with practically any development environment on Earth, from legacy code to the most recent containers and micro-services.

JFrog's end-to-end platform provides a fully automated pipeline for distributing trusted software releases. Connecting all developers, DevOps engineers and product owners to end devices, the JFrog Platform ensures software flows quickly and free from interruption.

End-to-End Universal DevOps Platform:

  • JFrog Artifactory: The undisputed software repository leader for integrated, universal artifact management at enterprise scale.
  • JFrog Container Registry: The world’s most flexible, hybrid container registry, with enterprise-grade resiliency backed by JFrog Artifactory.
  • JFrog XRay: Universal security vulnerability & compliance analysis, natively integrated with Artifactory for continuous governance across the DevOps pipeline.
  • JFrog Pipelines: Universally orchestrate software releases and master the entire CI/CD pipeline from code to production.
  • JFrog Distribution: Secure and validate your software releases, allowing trusted, optimized software distribution on a global scale.
  • JFrog Mission Control: A single access point providing a centralized dashboard to oversee your DevOps pipeline.

Universal Artifact Management for DevOps Acceleration.