From the Frog's mouth

Live Panel Recap: Women in DevOps

April 22, 2024 Melissa McKay, Developer Advocate | 8 min read

In celebration of International Women’s Day, I had the pleasure of speaking with two incredible female leaders in the software industry on our live panel session, “Women in DevOps: Moments of Leadership and Tech Evolution.” During the conversation with Jyostna Seelam, Senior Manager at Capital One, and Tracy Ragan, CEO of DeployHub, we discussed the…

Elevate and Streamline Your Developer Experience with JFrog-Coder Fusion

April 10, 2024 Yonatan Arbel, Developer Advocate | 5 min read

It’s a scenario many developers know all too well: a configuration works flawlessly for one team member but doesn’t work for you. Starting a new job brings with it the excitement of fresh challenges and opportunities. However, it also entails the often painful task of setting up your development environment—a process that can be both…

Friction between DevOps and Security – Here’s Why it Can’t be Ignored

April 3, 2024 Sean Wright, Head of Application Security, Featurespace Paul Davis, Field CISO, JFrog | 5 min read

Note: This post is co-authored by JFrog and Sean Wright and has also been published on Sean Wright's blog. DevOps engineers and Security professionals are passionate about their responsibilities, with the first mostly dedicated to ensuring the fast release and the latter responsible for the security of their company's software applications. They have many common…

CVE-2024-3094 XZ Backdoor: All you need to know

March 31, 2024 Shachar Menashe, Senior Director Security Research Jonathan Sar Shalom, Director of Threat Research Brian Moussalli, Malware Research Team Leader | 14 min read

Update April 1st - Updated "What is the malicious payload of CVE-2024-3094?" due to newly released OSS tools Update April 7th - Updated "What is the malicious payload of CVE-2024-3094?" due to more published payload research On March 29th, it was reported that malicious code enabling unauthorized remote SSH access has been detected within…

The State of Software Supply Chain Security in 2024

March 27, 2024 Sean Pratt, Senior Product Marketing Manager | 4 min read

In today's fast-paced software development landscape, managing and securing the software supply chain is crucial for delivering reliable and trusted software releases. With that in mind, it’s important to assess whether your organization is set up to handle the continuous expansion of the open-source ecosystem and an ever-growing array of tools to incorporate into your…

NPM Manifest Confusion: Six Months Later

March 26, 2024 Andrey Polkovnichenko, Security Researcher | 9 min read

Several months ago, Darcy Clarke, a former Staff Engineering Manager at GitHub, discovered the “Manifest Confusion” bug in the npm ecosystem. The bug was caused by the npm registry not validating whether the manifest file contained in the tarball (package.json) matches the manifest data published to the npm server. Clarke claims this to be a…

Tips from a CSO: How to Secure Your Software Supply Chain

March 25, 2024 Moran Ashkenazi, Chief Security Officer | 8 min read

Trust is vital to success in our industry. Whether you’re creating and managing software for use internally, by other businesses, or direct-to-consumer, you need to be able to create trust with your end users. This can be accomplished, in part, by showing evidence of security measures, bringing the right people and tactics to the table,…

Software Ate the World, but Digital Transformation Can Give You Indigestion

March 14, 2024 Paul Garden, DevOps & Security Industry Solutions | 7 min read

In today's digitally-driven world, organizations rely heavily on software applications to streamline services, provide operations, engage customers, and drive innovation through digital transformation. Software has also become the lynchpin for securing an entire business’ services and keeping them up and running. Yet, this omnipresent force comes with its own set of challenges. The importance of…

How a DevOps Company Does DevOps

March 6, 2024 Noam Zilberman, Sr. Director of Engineering Productivity/DevX | 6 min read

At JFrog, we believe in practicing what we preach by "drinking our own champagne." This means that we not only develop and deliver market-leading products but also utilize our own solutions in our development processes. When it comes to managing development environments, we aim to implement the best-in-class approaches. By adopting these top-tier practices, we…

How to set up a Private, Remote and Virtual Docker Registry

March 5, 2024 Melissa McKay, Developer Advocate | 7 min read

The simplest way to manage and organize your Docker images is with a Docker registry. You need reliable, secure, consistent and efficient access to your Docker images that's shared across your team in a central location, including a place to set up multiple registries that work transparently with the Docker client. There are three different…

Welcome to the JFrog Blog

Latest:

Supporting Next-Level Enterprise Scale in Software Development

FILTER BY

Products

Solutions

Other