Operations | Monitoring | ITSM | DevOps | Cloud
The Place Where Modern Operations & Technology Come Together
Trusted SBOMs delivered with the JFrog Platform and Azure
SBOMs provide essential visibility into all the components that make up a piece of software and detail how it was put together. With an SBOM in hand it’s possible to determine if software contains existing security and compliance issues or is impacted by newly discovered vulnerabilities. The SBOM is imperative due to the White House’s cybersecurity executive order from May 2021 requiring them for all government software purchases and many private organizations following suit.
Supply Chain Security Meetup June 21 2022 (Sponsored by JFrog)
Software Supply Chain Security Virtual Meetup Open-source vulnerabilities are in many applications. While finding them is critical, even more, critical is remediating them as fast as possible. Securing your software supply chain is absolutely critical as attackers are getting more sophisticated in their ability to infect software at all stages of the development lifecycle, as seen with Log4j and Solarwinds.
Part I: A Journey of a Thousand Binaries - Types of Software Dependencies
As software developers, one of the things that we worry a lot about is our software dependencies. To speed up delivery time of new functionality within our code we reuse software – we don’t have time to reinvent the wheel. We stand on the shoulders of giants and leverage all the hard work and lessons learned from the software developers of our past. Sounds great right! Well mostly great because we are faced with the underlying trials intrinsec to software development.
JFrog Frogbot version 2
Frogbot scans every pull request created for security vulnerabilities with JFrog Xray and in version 2 it even opens pull requests for upgrading vulnerable dependencies to a version with a fix!. With Frogbot installed, you can make sure that new pull requests don’t add new security vulnerabilities to your code base alongside them. If they do, the creator of the pull request has the opportunity to change the code before it is merged.
5 Takeaways From "Behind the Curtain: The Road to Terraform"
How much time are you wasting initializing your Terraform environments? If your answer is, “more than we should,” then we have some tips for you. Terraform is a popular infrastructure-as-code (IaC) tool for anyone who deploys to the cloud. We use it here at JFrog to help manage infrastructure for our SaaS customers, and recently added support in Artifactory to manage your Terraform files (provider, modules, and backend).
Artifactory, Your Swift Package Repository
If you’re looking forward to WWDC 2022 for some exciting Swift news, we have just the thing. JFrog now offers the first and only Swift binary package repository, enabling developers to use JFrog Artifactory for resolving Swift dependencies instead of enterprise source control (Git) systems. Swift developers can benefit from Artifactory’s robust binary management and the ways that it contributes to stable and efficient CI/CD, massive scalability, and securing the software supply chain..
The Road to Terraform with JFrog
Transitioning to a new DevOps technology can be a daunting task, especially when it potentially impacts a solution being used by millions of developers around the globe. JFrog’s own DevOps team recently adopted Terraform in support of the JFrog SaaS offering and in the process helped guide creation of Artifactory’s support for Terraform modules, provider, and state files.
5 Experiences from JFrog swampUP 2022 San Diego that will Get You Excited for What's Next
Last week hundreds of community leaders, customers, and partners gathered in San Diego for the first stop of JFrog’s multi-city swampUp world tour! It was my first in-person swampUP and I can’t tell you how invigorating it was to see everyone back together, in-person again. As I was walking the halls and sitting in on the keynote sessions, I felt like I was at a big reunion of old colleagues and friends who have not seen each other in years.
JFrog Connect: Ready for What's Next for DevSecOps, Edge and IoT
Today at swampUP, our annual DevOps conference, JFrog CTO Yoav Landman unveiled the next step toward making the Liquid Software vision of continuous, secure updates a truly universal reality. We’ve introduced JFrog Connect, a new solution designed to help developers update, manage, monitor, and secure remote Linux & Internet of Things (IoT) devices at scale.