Operations | Monitoring | ITSM | DevOps | Cloud

January 2022

Mind Your Dependencies: Defending against malicious npm packages

Modern software projects are mostly composed of open source code. The question of who really controls this code, and is responsible for detecting and fixing software supply chain security issues, became a significant source of concern after the discovery of the Log4Shell vulnerability.

Get the most of your .Net Builds

Give your.Net ecosystem the full power of DevOps running on AWS - The JFrog Platform covers the full application lifecycle of.NET builds from developer fingertips through distribution to consumers while covering application security, vulnerability analysis and artifact flow control. In this webinar will see how you can configure your.NET builds on AWS, so that they take full advantage of JFrog Platform for managing the lifecycle of your.NET artifacts.

No Internet? No Problem. Use Xray with an Air Gap - Part II

With software supply chain attacks on the rise, implementing DevSecOps best practices in an air gapped environment is a must. In an effort to secure an organization’s internal network, there is an increasing trend of separating the internal network from the external one. Essentially creating an enclosed and disconnected environment from the public internet. An air gapped solution provides stricter security requirements, but that’s not enough.

Continuously Securing Software Supply Chain

Catch this session to see a breakdown of the recent news related to software supply chain security and what you can do to meet new requirements and protect your software from such attacks. With new software supply chain attacks reaching the spotlight at an accelerating pace, security research uncovering novel attack methods and new mandates and guidelines starting to come into effect — it can be hard to stay on top of the latest developments and their implications.

Effective Incident Management: How to Improve Collaborative Software Development

* Are you using Azure DevOps as the starting point of your delivery process on the Azure cloud? Join this webinar to learn advanced tips and tricks for simplifying and accelerating your CI/CD pipelines with Azure DevOps and the JFrog Platform. Sharing a detailed demo of a real-world release pipeline triggered from Azure DevOps, we’ll review best practices and hard-won lessons for how you can streamline your end-to-end process and ensure it meets the security and quality requirements of large-scale enterprise delivery.

Check Out JFrog's New Community Site for Developers

JFrog has been hard at work behind the scenes restructuring how we share information with the developer community. We wanted to create a one-stop resource for developers who code in a variety of languages, with a focus on DevOps, DevSecOps, and cloud native technologies. So without further ado … let me introduce you to our new JFrog Community site!

CTO Corner with Yoav Landman, JFrog | Episode 1: Build Info

Want a glimpse at what it is like to be a CTO of a DevOps company? Join JFrog’s CTO Yoav Landman for our new CTO Corner Series. Each episode will feature a topic that is at the forefront of every technologist's mind… or should be. Yoav will be discussing hot topics in tech with other industry leaders giving you an opportunity to see behind the curtain of the decision makers.

The JNDI Strikes Back - Unauthenticated RCE in H2 Database Console

Very recently, the JFrog security research team has disclosed an issue in the H2 database console which was issued a critical CVE – CVE-2021-42392. This issue has the same root cause as the infamous Log4Shell vulnerability in Apache Log4j (JNDI remote class loading). H2 is a very popular open-source Java SQL database offering a lightweight in-memory solution that doesn’t require data to be stored on disk.

JFrog Artifactory on Your Choice of Cloud Provider

JFrog Artifactory is a scalable, universal, binary repository manager that automatically manages your artifacts and dependencies throughout the application development and delivery process. Artifactory supports Kubernetes, the de facto orchestration tool in the industry, for automating deployment, scaling, and management of microservices and containerized applications..

DevOps 2022: 5 Big Rocks to Harness the Software Supply Chain

Together with the community, JFrog pioneered what we now know as DevOps with a focus on binaries (aka software packages, artifacts or images). A decade ago, no one thought binary management would be a thing — now it’s a standard most companies can’t live without. Back then, we said software universality would be necessary, and now others follow suit. People thought cloud would be a single-vendor decision.

Cloud Nimble: The Next Evolution

Over the last several years, systems architects have had to make sure their systems are cloud native, with applications that are optimized for scalable cloud technology infrastructure. In today’s environment, you should be asking whether your solutions are cloud nimble as well. For the modern enterprise, cloud computing is now the default model for applications, storage, and compute.

Pulling All Your Kubernetes Cluster Images from a Private Artifactory Registry

There are many benefits to working with JFrog Artifactory as your private Docker registry, allowing you to store, share and deploy your binary artifacts in a single source of truth. This blog post will focus on using Artifactory in Kubernetes. Specifically, we’ll walk through the steps for configuring Kubernetes to pull images from Artifactory and most importantly – scale up! It will also describe how you can enable cluster-wide authenticated access to Artifactory behind the scenes.