By now, you’re probably assessing your level of exposure — or are in the middle of remediating — the recently disclosed vulnerability known as Log4Shell. We recently introduced a native integration with Snyk, a leading provider of developer security solutions, to help you address zero-day vulnerabilities. Once enabled, Snyk scans your code and its dependencies, and alerts you about security vulnerabilities, including Log4j. All current versions of Log4j 2 up to 2.14.1 are vulnerable.

Automating the deployment of a new web application and the release of feature updates goes a long way towards improving the productivity and efficiency of your development team. Another benefit of automation is that it minimizes or even eliminates repeated manual deployments. Manual deployments introduce the risk of human error during this critical part of the development process.

If you have been following the Codefresh blog for a while, you might have noticed a common pattern in all the articles that talk about Kubernetes deployments. Almost all of them start with a Kubernetes cluster that is already there, and then the article explains how to deploy an application on top. The reason for this simplification comes mainly from brevity and simplicity. We want to focus on the deployment part of the application and not its infrastructure just to make the article easier to follow.

We’re excited to share with you that we have launched a completely new way to start using the JFrog DevOps Platform that you – as a developer – will love. We’ve provided a super-easy, developer-friendly path to discovering how Artifactory and Xray can help you produce safer apps, faster, getting started through the command line shell and IDE that you use every day.

Another amazing year in the books! And even though we’ve done the ‘By the Numbers’ series for a few years now, this year’s numbers are the best (and biggest) yet. But even better than that? The people behind the numbers. Carrying on the growth we saw in 2020, the most important number to highlight this year is the massive increase in awesome Cloudsmithers we added to the team!

Bitbucket Pipelines provides a feature that enables you to configure memory in Docker services (learn more on that here). We have related highly voted suggestion where customers would like to configure multiple Docker services, each with different memory configurations. Here’s a working example of how you can set memory limits to multiple Docker services and use the appropriate service depending on the step requirements.

It is no secret that software development is becoming an increasingly complex process. The individual elements of software like apps, libraries, and services are interconnected and dependent on many other elements. Development teams deal with a whole ecosystem of services that they develop, maintain, or depend on, which in turn are dependent on other software ecosystems, maintained by separate teams. Maintaining this ecosystem is as complex as you might imagine.

When planning our 2021 roadmap this time last year, one of the most prominent themes was security. Although we’re not solely in the security category, as a fully managed service in the heart of our customers’ software supply chains, it was always paramount for what we do and still is. Ensuring the integrity and privacy of customer data is our top priority.

Anyone who builds a lot of Argo workflows knows that after a while you end up reusing the same basic steps over and over again. While Argo Workflows has a great mechanism to prevent duplicate work, with templates, these templates have mostly stayed in people’s private repositories and haven’t been shared with the broader community.

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. Most recently we disclosed 11 malicious packages in the PyPI repository, a discovery that shows attacks are getting more sophisticated in their approach.