One of the most critical activities for a developer is reviewing code. Code review helps developers fix bugs before shipping, learn about the codebase, and pass along a team’s values to new (and longstanding) developers. To double down on these benefits, we’re releasing a new tool to facilitate communication between pull request reviewers and authors: PR Reviewer Status. Until now, Bitbucket has only had one reviewer status: Approved.

Research firm IDC has recently published an infographic (check it out below!) outlining the new requirements for modern software distribution and key guidance for organizations to meet future needs and overcome the bottlenecks in the next era of large-scale application delivery. With the advent of DevOps and modern delivery practices, organizations are becoming better at rapidly developing and deploying new applications to better serve their customers and stay competitive in today’s digital age.

DigitalOcean has just announced the DigitalOcean Container Registry, which is directly integrated into the DigitalOcean Dashboard. While you can use any Container Registry in your DigitalOcean resources, the goal of the Container Registry is to provide for easy connection between the Container Registry and DigitalOcean Kubernetes resources.

If you’re using the JFrog DevOps Platform to manage your software artifacts, then there’s a good chance that one of the clients you’re already using is JFrog CLI. JFrog CLI is a robust tool, which enhances and extends the capabilities of the JFrog Platform, by connecting it to your build and automation agents.

Figma is a web-based graphic editor and prototyping tool that is commonly used for UI design. Independent of the size of your organization, it is considered good practice to use design components. This post provides a case study on how we utilize Figma components to manage different states in the Codefresh UI. Note that this blog post was written before the release of variants and the new auto-layout features. We will update the blog after we update our style guide with these new amazing features.

Earlier this year, we launched ChartCenter, our newest community platform to help Kubernetes developers find Helm charts. This new free Helm central repository was built with chart immutability  in mind— meaning every version of a Helm chart and every version in ChartCenter will always be available even if the original source goes down.

Progressive delivery is arguably the most reliable and advanced set of deployment practices based on a simple idea. Instead of shutting down the old release and deploying a new one in its place, progressive delivery takes an iterative approach. It gradually increases the reach of a new release. That gives us quite a few benefits like zero-downtime deployments, reduced blast radius, increased security, and so on and so forth. I will not go into depth about what progressive delivery is.

It was over a month ago that I promised we would tie together Splunk Security Content and the Splunk Attack Range to automatically test detections. Ultimately, using these projects together in a Continuous Integration / Continuous Delivery (CI/CD) workflow with CircleCI brings the rigors of software development to the SOC and truly treats 🛡detection as code. Well, I want to share how we have failed at achieving this goal.

The most well-known security flaw in Docker is that it requires root access to build your Docker images with the Docker daemon. We have all read at least once that you should be careful using root access. This tutorial will take a look at the downsides of using Docker and Docker alternatives to combat those.

We’re delighted to announce that, after a rigorous evaluation by the AWS Service Ready Program, JFrog Artifactory and Xray have been validated as following best practices for AWS Outposts. What additional engineering did we do to get our core DevOps solutions to perform on AWS Outposts? None at all. We’re proud of meeting AWS’s strict standards, but it was no surprise.