A CI/CD pipeline is the most fundamental component of automated software development. While the term has been used to describe many different aspects of computer science, at CircleCI, and within much of the DevOps industry, we use “pipeline” to illustrate the broad applications of behaviors and processes involved in continuous integration (CI).

Last updated 2/22/2022 Argo CD is used by some of the largest and most secure companies on earth with sensitive and very important workloads. In 2022, it’s all the more critical to make sure Argo CD is running securely within your organization. As Argo continues the process of CNCF graduation, additional security audits and improvements to project security are underway.

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to avert potential software supply chain security threats, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. Most recently we disclosed 25 malicious packages in the npm repository that were picked up by our automated scanning tools.

Many enterprises still struggle to get security right. To protect their business, it is critical they focus on security during the entire infrastructure and application lifecycle, including continuous integration (CI). Developers are becoming more autonomous as they transition to a DevOps way of working, with more people requiring access to production systems.

Who would have thought software could rattle the White House? But a vulnerability in Log4J, a popular open source software project, exposed critical digital infrastructure to remote code execution attacks. This prompted the US Government to engage big tech, infosec professionals, and open source organizations to come together to help secure open source software.

Dedicated hosts for macOS are now available on CircleCI. This new layer of support is built exclusively for macOS and offers Apple developers unprecedented storage, security, and scalability on CircleCI. By reserving a dedicated host, teams can unlock access to a bare metal instance that provides exclusive access to an entire host machine for 24 hours.

As part of our ongoing efforts to offer you the most comprehensive and advanced SDLC protection capabilities, JFrog continues to boost the capabilities of our Xray security and compliance product. In this blog, we offer an overview of recent Xray improvements, all aimed at helping you fortify your software, reduce risk, scale security, streamline compliance and accelerate releases with confidence.