From the Frog's mouth

Ensure your models flow with the JFrog plugin for MLflow

April 25, 2024 Yonatan Arbel, Developer Advocate | 6 min read

Just a few years back, developing AI/ML (Machine Learning) models was a secluded endeavor, primarily undertaken by small teams of developers and data scientists away from public scrutiny. However, with the surge in GenAI/LLMs, open-source models, and ML development tools, there's been a significant democratization of model creation, with more developers and organizations engaging in…

OpenTofu support comes to JFrog Artifactory

April 23, 2024 Sean Pratt, Senior Product Marketing Manager | 3 min read

If you deploy container-based services in Kubernetes, chances are you’re also using infrastructure-as-code to help automate the provisioning and maintenance of the cloud environments where your applications will run. Up until recently, Terraform was “the name” in infrastructure-as-code. However, HashiCorp’s decision in the second half of 2023 to change Terraform from an open source license…

Supporting Next-Level Enterprise Scale in Software Development

April 22, 2024 Sean Pratt, Senior Product Marketing Manager | 6 min read

What it means to be “enterprise grade” has changed. In software development, the size of new artifacts and the pace of development has increased dramatically. Developers are now releasing new components daily, if not multiple times a day. With containerization, and now AI/ML models, new pieces of software can be multiple GBs or larger. In…

Live Panel Recap: Women in DevOps

April 22, 2024 Melissa McKay, Developer Advocate | 8 min read

In celebration of International Women’s Day, I had the pleasure of speaking with two incredible female leaders in the software industry on our live panel session, “Women in DevOps: Moments of Leadership and Tech Evolution.” During the conversation with Jyostna Seelam, Senior Manager at Capital One, and Tracy Ragan, CEO of DeployHub, we discussed the…

Elevate and Streamline Your Developer Experience with JFrog-Coder Fusion

April 10, 2024 Yonatan Arbel, Developer Advocate | 5 min read

It’s a scenario many developers know all too well: a configuration works flawlessly for one team member but doesn’t work for you. Starting a new job brings with it the excitement of fresh challenges and opportunities. However, it also entails the often painful task of setting up your development environment—a process that can be both…

Friction between DevOps and Security – Here’s Why it Can’t be Ignored

April 3, 2024 Sean Wright, Head of Application Security, Featurespace Paul Davis, Field CISO, JFrog | 5 min read

Note: This post is co-authored by JFrog and Sean Wright and has also been published on Sean Wright's blog. DevOps engineers and Security professionals are passionate about their responsibilities, with the first mostly dedicated to ensuring the fast release and the latter responsible for the security of their company's software applications. They have many common…

CVE-2024-3094 XZ Backdoor: All you need to know

March 31, 2024 Shachar Menashe, Senior Director Security Research Jonathan Sar Shalom, Director of Threat Research Brian Moussalli, Malware Research Team Leader | 14 min read

Update April 1st - Updated "What is the malicious payload of CVE-2024-3094?" due to newly released OSS tools Update April 7th - Updated "What is the malicious payload of CVE-2024-3094?" due to more published payload research On March 29th, it was reported that malicious code enabling unauthorized remote SSH access has been detected within…

The State of Software Supply Chain Security in 2024

March 27, 2024 Sean Pratt, Senior Product Marketing Manager | 4 min read

In today's fast-paced software development landscape, managing and securing the software supply chain is crucial for delivering reliable and trusted software releases. With that in mind, it’s important to assess whether your organization is set up to handle the continuous expansion of the open-source ecosystem and an ever-growing array of tools to incorporate into your…

NPM Manifest Confusion: Six Months Later

March 26, 2024 Andrey Polkovnichenko, Security Researcher | 9 min read

Several months ago, Darcy Clarke, a former Staff Engineering Manager at GitHub, discovered the “Manifest Confusion” bug in the npm ecosystem. The bug was caused by the npm registry not validating whether the manifest file contained in the tarball (package.json) matches the manifest data published to the npm server. Clarke claims this to be a…

Tips from a CSO: How to Secure Your Software Supply Chain

March 25, 2024 Moran Ashkenazi, Chief Security Officer | 8 min read

Trust is vital to success in our industry. Whether you’re creating and managing software for use internally, by other businesses, or direct-to-consumer, you need to be able to create trust with your end users. This can be accomplished, in part, by showing evidence of security measures, bringing the right people and tactics to the table,…

Welcome to the JFrog Blog

Latest:

JFrog research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories

FILTER BY

Products

Solutions

Other