Operations | Monitoring | ITSM | DevOps | Cloud

June 2021

Featured Post

6 Ways to Support a Remote DevOps Team

Remote working is here to stay, so it's vital that businesses understand how to get the best out of their staff. For some roles, working remotely is easier than others - DevOps employees, for example, can face challenges if they're not fully supported within the organisation. In a distributed workforce, there's a higher risk of security issues and application problems, so it's crucial that organisations support them to keep the organisation running smoothly. Here are 6 ways to do just that.

DevSecOps is a practice. Make it visible

Security should be embedded in DevOps by default, but for many organizations, it is not. Enter “DevSecOps”. What is DevSecOps? It is a practice to build more secure applications, secure the software factory, and secure cloud workloads. Because it is a practice it needs to be visible. In this session hear about the ways tech-enabled enterprises approach a DevSecOps practice, how they make it visible, and how Splunk + JFrog can accelerate your journey.

Securing pipelines through secret management

Secrets management plays a critical role in keeping your pipelines and applications secure. While secrets management tools help, you need to implement best practices and processes to successfully manage secrets in a DevOps environment. Standardizing, automating and integrating these processes also helps secure secrets by reducing the chance of human error.

Reducing microservice overhead with shared libraries

It’s a common story: the product team gets early success and grows into a large monolithic code base. While everything is in a single code base, features can be added quickly. This is partly due to the ability to leverage shared code across each feature in the codebase. When your team is adding a new feature, a developer can leverage the existing codebase for needs such as logging or special error handling.

We've Agreed to Acquire Vdoo, Unifying Developers and Security Teams from Source to Device

We’re extremely excited to announce we’ve agreed to acquire Vdoo, a leading, Israeli-based product security company with its roots in binaries and IoT/devices. Vdoo’s team and entire technology portfolio will be incorporated into JFrog, delivering a solution that truly unifies development and security teams with a holistic security approach.

Understanding and tracking the impact of your ever-changing k8s deployments

As developers we’re not always fully aware of security implications stipulated from changes to our code whether these are done in the CI, CD or an artifact database. It is always challenging to predict the impact of a changed 3rd party library, a security context or an RBAC permission, accessing a different network to the same resource or even using an API in a different way than we used to. Understanding the impact immediately and being able to make a change without disrupting the pipeline is therefore an important requirement. This session will present best practices to cope with these day to day changes and will propose a set of tools to address them cohesively.
Featured Post

3 ways to motivate your developer team with metrics

Metrics are essential to assess how developer teams and organisations can work smarter and improve software delivery as a whole. Execution metrics, including the likes of throughput, delivery and number of deploys, are mostly looked at to determine how a team performs, and if overall, they are efficient. But, while useful, these metrics alone can sometimes be a distraction. For individuals, they may not be inspiring to achieve, and for businesses, they may not provide a complete picture of results - at least not without connecting them to a bigger goal or vision.

The Top 4 DevOps Headlines of 2025

Welcome to swampUP 2021! A year ago, we said that in 2020, every company would be a DevOps company. We couldn’t have imagined the news stories 2020 would bring, both globally and in our industry, with DevOps now affecting all business stakeholders. While the worldwide pandemic has shaped the immediate future of DevOps and digital transformation, we move ever-closer to a post-pandemic world, where the foundations laid today will have ripple effects across the marketplace. Join Shlomi Ben Haim, CEO of JFrog, as he kicks off swampUP with some unexpected headlines, taken directly (probably) from the pages of 2025’s news cycle.

The Biggest DevSecOps Hits From swampUP 2021

In the wake of recent events like the SolarWinds hack and the White House executive order on cybersecurity, DevSecOps and security are top-of-mind for most DevOps and security professionals. How to efficiently adapt or adopt a sound DevSecOps practice has become a priority, especially with the U.S. government’s impending mandate requiring software applications to be vetted, and to create a trusted Software Bill Of Materials (SBOM) for each one.

Drive DevSecOps Visibility with JFrog Partner Integrations

If you need your teams to act, you need to alert them where they’re already looking. Yet yesterday’s DevOps practices demand individuals to wrangle with uncorrelated events, multiple UIs, and siloed technologies. Tomorrow’s DevOps must enable teams with: To practice DevSecOps, you’ll need to know where a vulnerable build has been deployed into production, and where to find the corrected build that should replace it.

The Confident Commit | Episode 5: Software engineering with a purpose ft. Brad Henrickson

Rob is joined by Brad Henrickson to discuss the interaction between human motivations and delivering great software. Brad and Rob dive into the leadership skill of cultivating space for employees to share their work motivations as a means to operating well together. Tune in today! Subscribe to The Confident Commit Podcast playlist for alerts to new episodes published bi-weekly. The Confident Commit: A podcast for developers, engineering managers, and business leaders alike to join in the conversation on how to deliver software better and faster.

JFrog How To's - How to Set Up Xray to Scan Repositories, Builds or Bundles

In this video, I'll show you how to get started with JFrog Xray. You will see how to create rules, policies and watches and what the individual components mean. We will also take a look at the Vulnerabilities Reports. Here I will show you how to create, evaluate and export them. This introduction gives you all the essential elements you can use to start looking for vulnerabilities in your project.

How to Create Docker Images for ASP.NET Core

Microsoft has begun working with the Docker team and community so Docker can be used for the following: If you would like to run an ASP.NET Core web app in a Docker container and learn how to create images, we will explain all the steps on how to do the following: A Docker container image is a standalone, lightweight package that can be executed and contains all the requirements you need to run an application, such as: code, runtime, libraries, and settings.

How to set up a Private, Remote and Virtual Maven/Gradle Registry

The simplest way to manage and organize your Java dependencies is with a Maven or Gradle repository. You need reliable, secure, consistent and efficient access to your dependencies that are shared across your team, in a central location. Including a place to set up multiple registries, that work transparently with the Maven and Gradle clients.

JFrog Artifactory: Administration (2020+) - Course Sneak Peek

The focus of this topic is the architecture of Artifactory and the benefits of checksum-based storage. In this woucrse we give you a full overview of the Artifactory architecture so that you can deploy the solution faster. Installation from beginning to end including configurations is also included in this course so that administrators can use the course to get the solution.

JFrog CloudFormation Modules Make Provisioning to AWS Easy and Secure

A routine cloud operations task should have a routine solution. That’s why we’ve just made it a lot easier to install and maintain self-hosted instances of the JFrog DevOps Platform on AWS, through AWS CloudFormation. To further simplify the effort of self-hosting Artifactory and Xray on AWS, we’ve just published a set of AWS CloudFormation modules to the AWS CloudFormation Public Registry.

Jenkins Kubernetes Plugin: Running Agents In Other Clusters

At Moogsoft we use Jenkins to implement our CICD Pipelines. We run Jenkins where we run most everything else; Kubernetes, but you don’t need to have Jenkins running on Kubernetes to use this plugin. This is made possible by the community maintained Kubernetes plugin. Recently we had the need to not only run agents local to the same cluster that Jenkins runs in, but in other clusters across different regions.

Jenkins Kubernetes Plugin: Using the plugin in your pipelines

In our first post we went over setting up the Kubernetes Plugin. This described the basic setup of getting the plugin configured, and set with the proper perms to function. In this post we will go over how to leverage the plugin to generate agent pods. At Moogsoft most of our pipelines are scripted and are built inside of, or from parts of, Jenkins shared functions library we maintain.

Artifactory DevOps Tool Overview - Online Course SNEAK PEEK

In this DevOps course, we will introduce you to Artifactory and review some of the controls offered as well as supported services. JFrog Academy provides free self paced online courses! JFrog is providing a universal, hybrid, and end-to-end DevOps platform. Enabling IT professionals and developers to manage, maintain, and secure their worflows.

JFrog Product Leaders Answer swampUP Attendees' Burning Questions

In a live, unscripted “ask me anything” session, a group of JFrog product leaders candidly answered questions from swampUP attendees, with topics ranging from newly-announced JFrog products and capabilities to current cybersecurity concerns that impact DevOps teams. Because the lively discussion yielded so many great questions and answers, we’ve put together here a summary of the session.

Developer, Transform Yourself: Digital Transformation Starts with You

As technical professionals we spend a lot of time developing technical skills. Checking the right boxes of experience with languages, tools, and technologies is what typically lands us a job interview for our specialty. But what wins the job in DevOps — and carries you to success in it — are your human skills. Even more than technical chops, personal traits like mindset, communication skills, and work habits are your strongest assets in making DevOps work.

Leaping Forward With Our Partners: JFrog Unveils Tech Partner Program

We’re delighted to announce the freshly-updated JFrog Technology Partner Program, a powerful initiative that will elevate our already large and vibrant ecosystem of integration partners and strengthen JFrog’s “too integrated to fail” commitment to its customers and the DevOps community. The program is a natural next step for JFrog.

Go Cloud-Native or Go Home

The movement away from on-premise and towards the Cloud is unstoppable. Even the US government is on board with their plans to “accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).” On-prem software is deployed, hosted, and maintained by your organization.

Continuously deploy Rust applications

Rust, a blazing fast and memory-efficient language, made its first appearance about ten years ago. Rust has gained a lot of momentum recently with the popularity of WebAssembly, a language that allows languages like C++, C, and Rust to run in web browsers. This enables developers to build highly performant applications and provide web apps with native functionalities that are not available on the web platform. In this tutorial, you will learn how to deploy a Rust application to a hosting platform.

Continuously deploy custom images to an Azure container registry

The Azure container registry is Microsoft’s own hosting platform for Docker images. It is a private registry where you can store and manage private docker container images and other related artifacts. These images can then be pulled and run locally or used for container-based deployments to hosting platforms. In this tutorial, you will learn how to create a custom docker image and continuously deploy it to an Azure container registry.

Best Practices for Migrating to Helm v3 for the Enterprise

At JFrog, we rely on Kubernetes and Helm to orchestrate our systems and keep our workloads running and up-to-date. Our JFrog Cloud services had initially been deployed with Helm v2 and Tillerless plugin for enhanced security, but we have now successfully migrated our many thousands of releases to Helm v3. Like many SaaS service providers, JFrog Cloud runs with many Kubernetes clusters in different regions, across different cloud providers.

The Confident Commit | Episode 4: Systems and Flow with Elisabeth Hendrickson

Rob interviews Elisabeth Hendrickson on the best practices of system and flow. Elisabeth shares how to get your team to understand the system of software delivery and how to measure success properly. Subscribe to The Confident Commit Podcast playlist for alerts to new episodes published bi-weekly. The Confident Commit: A podcast for developers, engineering managers and business leaders alike to join in the conversation on how to deliver software better and faster.

Enterprise CI/CD Best Practices - Part 1

If you are trying to learn your way around Continuous Integration/Delivery/Deployment, you might notice that there are mostly two categories of resources: We believe that there is a gap between those two extremes. We are missing a proper guide that sits between those two categories by talking about best practices, but not in an abstract way.

Completing the security testing automation cycle

DevOps, DevSecOps and CI/CD are synonymous with one word - automation. Automating their workflows gives developers the ability to deliver consistency, time savings, and useful insights into their software development life cycle (SDLC). But automation is only as efficient as your weakest link or most cumbersome bottleneck, which can sometimes be security testing. Security testing has traditionally been carried out either manually or quite late in the process.

Automate and scale your CI/CD with CircleCI orbs

For the past two and a half years as a Solutions Engineer at CircleCI, I’ve had the distinct pleasure of working with some of CircleCI’s largest customers to help them instill healthy CI/CD practices into their development processes. Leading-edge organizations are trying to make sure that their applications are scalable, reliable, and secure. Shipping products to users quickly and reliably is imperative to gaining a competitive edge.

DORA Metrics Explained

DORA metrics, also known as Accelerate metrics, are universally lauded as good metrics for tracking Engineering team productivity and software delivery performance. Learn the whats and whys of the four DORA metrics: Deployment Frequency, Change Lead Time, Change Failure Rate and Mean Time to Recovery, and how to use them the right way. LINKS SLEUTH A deploy-based Accelerate Metrics tracker both managers and developers love.

The Future Demands Full Stack DevOps Engineers at the Epicenter

As we wrap up swampUP 2021, I have never felt more excited about being part of the global DevOps community. My greatest takeaway from swampUP 2021, with all of its great presentations and the participation of thousands of our community peers, is that DevOps today finds itself at a historical inflection point. Let me explain.

SolarWinds and the Secure Software Supply Chain

In early 2020, threat actors breached the build systems of Solarwinds and used this access to add malicious code into one of SolarWinds products. The product, called “Orion”, is very widely used and deployed by tens of thousands of companies, including many Fortune 500 companies.

The startup founders' guide to software delivery

Software delivery on a team of 2 people is vastly different from software delivery on a team of 200. Over the growth of a startup, processes and tool choices will evolve naturally - but either optimizing too early or letting them evolve without a picture of where you’re headed can cost you in time and agility later. That’s why I want to talk to you about how to evolve your delivery process with purpose.

How Statuspage deploys continuously with Bitbucket and Sleuth

This post was written by Michael Knighten, Founder & COO of Sleuth There are some similarities between deploying continuously and driving in the fast lane. When driving, you need to be always on the alert, proactively looking down the road for potential hazards. When you see them, you need to be able to react immediately, hit the brakes, and change course nimbly.

The Epicenter of the Developer Community: swampUP 2021

We’ve just concluded another fantastic swampUP conference, which saw thousands of global developers, DevOps Engineers, community leaders, CIOs and security professionals come together to explore the true epicenter of global business: DevOps. In the words of our CEO, Shlomi Ben Haim, community is more powerful than any pandemic, and we were honored and humbled to be joined by Amazon, Capital One, Salesforce, PagerDuty, Elastic, HashiCorp, Google, Red Hat and many more.

Bring your own CI/CD.

As a developer I couldn’t imagine working without one of these three things. For projects on GitHub the built-in actions should do the latter job fine in most cases. But as everything else they have limits. The more PRs, the more different tests per pull request and the longer those tests run, the longer different PRs have to wait for each other for the continuous integration to run.

How to build a team that demands metrics

When we talk about metrics in software delivery, a lot of developers think of execution metrics — things like throughput, delivery and number of deploys. But in reality, those metrics don’t motivate anyone — at least not without connecting them to a bigger picture. I’ve worked in software for 23 years. I’m a three-time founder and four-time CTO, responsible for leading a 200+ member distributed engineering organization.

2021 swampUP Technical Announcements in Just 8 Minutes

swampUP is where JFrog reveals the following year's roadmap and direction. But if you don't have time to watch the whole keynote, take 8 minutes and see all about the world's first Private Distribution Network (PDN) and Binary Lifecycle Management solutions. Includes PDN, Signed Pipelines, Federated Repositories, third-party dependency scanning, Cold Artifact Storage and more. Drawn from the technical keynote at swampUP in May 2021.

Going Beyond Exclude Patterns: Safe Repositories With Priority Resolution

You probably remember the Namespace Shadowing a.k.a. “Dependency Confusion” attack that was in the news a couple of weeks ago. I blogged back then about the Exclude Patterns feature of JFrog Artifactory which we’ve had forever and was always intended to protect you against those kinds of attacks.