We've gone through many iterations of ways to build, deploy and distribute applications written in Go at Cloud 66. Unlike Rails, Go applications can be web applications, daemons or CLIs and therefore have different requirements. I'll share some of what we've learned with you in this post.

Software testing is important enough to have its own phase in the software development life cycle (SDLC). The software testing life cycle (STLC) is a step-by-step process that improves the quality of software by applying rigorous planning and analysis to the testing process. Testing is a development tool that adds value to your team’s applications. Embracing testing as a vital component of software development can save you and your team a lot of time debugging and fixing errors in the future.

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to detect and avert potential software supply chain security threats. After validating the findings, the team reports any security vulnerabilities or malicious packages discovered to repository maintainers and the wider community.

Before continuous integration came to be, setting up builds was no fun because the complexity and overhead involved in a release cycle was compounded by inflexible, manual processes. The release cycle was slow and often resulted in breaking changes. Continuous integration and continuous delivery (CI/CD) has changed much of that through pipelines that automate how we build and test software—today, we can deploy, have builds fail, and resolve any errors faster than ever.

With security now a critical “must have” for DevOps teams, JFrog significantly deepened and extended our platform’s already solid security capabilities in 2021. In this post, we’ll look back at our major advances last year – and look forward at what’s to come in 2022.

The software testing data provided by CI/CD tools is valuable, but it is not always comprehensive enough to give managers the insights they need to make improvements. To make effective business decisions, managers need visibility into the entire testing process, in a way that will help them understand what needs to be done and how.

Recently, a critical out-of-bounds vulnerability, assigned to CVE-2021-44142, was disclosed in Samba versions prior to 4.13.17. The Samba vulnerability carries a critical CVSS of 9.9 and allows attackers to remotely execute code on machines running a Samba server with a vulnerable configuration. The vulnerability was disclosed as part of the Pwn2Own Austin competition where researchers are challenged to exploit widely-used software and devices with unknown vulnerabilities.

Just like many other production DevOps engineering teams, our JFrog team deploys new version releases several times a day to AWS, Azure and GCP, across more than 20 cloud regions. This process used to take us many hours and could have even failed if it was done alongside maintenance by other teams.

Recently, we introduced support for default values in custom pipeline variables. Today, we're happy to announce the ability to make pipeline variables configuration more flexible with predefined values. We added a property to predefine values that can be assigned to a variable. It helps avoid errors, and improves the user experience. Instead of typing a variable value, you can choose it from a dropdown.

Has your team worked on an API and wanted (somehow) to implement more powerful security features? If you are dissatisfied with the level of security in an API, there are solutions for improving it! In this tutorial, I will lead you through the process of creating API endpoints that are secured with authentication tokens. Using these endpoints, we will be able to make requests to the Flask API only for authenticated users.