It was over a month ago that I promised we would tie together Splunk Security Content and the Splunk Attack Range to automatically test detections. Ultimately, using these projects together in a Continuous Integration / Continuous Delivery (CI/CD) workflow with CircleCI brings the rigors of software development to the SOC and truly treats 🛡detection as code. Well, I want to share how we have failed at achieving this goal.

The most well-known security flaw in Docker is that it requires root access to build your Docker images with the Docker daemon. We have all read at least once that you should be careful using root access. This tutorial will take a look at the downsides of using Docker and Docker alternatives to combat those.

We’re delighted to announce that, after a rigorous evaluation by the AWS Service Ready Program, JFrog Artifactory and Xray have been validated as following best practices for AWS Outposts. What additional engineering did we do to get our core DevOps solutions to perform on AWS Outposts? None at all. We’re proud of meeting AWS’s strict standards, but it was no surprise.

A package manager wins on the strength of its warriors — those developer leaders who passionately advocate for it to be adopted by their teams and organizations. In just two years, Conan quickly found its champions among C/C++ developers, and their feedback and code contributions have been vital in making the open source software package manager a powerful solution.

In this article, we will show you how to connect ArgoCD and Codefresh so that you get the full observability experience for GitOps. ArgoCD provides the underlying deployment mechanism and Codefresh the visual dashboard to provide high-level information for deployments. We assume that the following are in place GitOps is a way to do Kubernetes cluster management and application delivery.

SonarQube is a universal tool for code analysis that provides continuous inspection of your code to highlight existing and newly introduced issues. This allows you to “Clean as You Code”, which aims to reach the maximum code quality in your newly written code. This post will: The SonarQube architecture consists of a server and a SonarScanner. The Scanner is a separate client type application that is used to analyze projects in connection with SonarQube.

Lock your sights on the black box hiding untold vulnerabilities in your repository and shine a light inside to find out what monsters lurk within. Yes, I'm talking about running on-demand security scans against supported packages within your repository. If you are a Velocity or Ultra customer, you can start making use of security scanning today!

We’re a little late to the party. Fashionably late. By now the world knows that DockerHub has removed the free, untraceable goodness of anonymous pulls. How dare they? How dare they build a revolutionary technology, open-source it and give it away for free at a substantial cost to themselves. It’s worth calculating what a couple of petabytes of CloudFront bandwidth would cost, even with a substantial discount. It’s mind-blowing.

Let me share with you my story about finding the right AI Solution to improve our support self service. The starting point of my journey was pretty common, many will read this and think “Yes! I suffer the same pain”. At JFrog we produce tons of relevant and clever documentation. It’s all out there, available. And yet, we struggle to get to the right piece of information when looking for something specific.

Today Amazon, Codefresh, GitHub, Microsoft, and Weaveworks are announcing the creation of the GitOps Working Group. This will be an open CNCF community project created inside the CNCF fluxcd GitHub organization as the initial venue for collaboration and open governance.