The JFrog Security research team constantly monitors open-source projects to find new vulnerabilities or malicious packages and share them with the wider community to help improve their overall security posture. As part of this effort, the team recently discovered a new security vulnerability in plexus-archiver, an archive creation and extraction package. plexus-archiver is used in …
The high risk associated with newly discovered vulnerabilities in the highly popular Apache Log4j library – CVE-2021-44228 (also known as Log4Shell) and CVE-2021-45046 – has led to a security frenzy of unusual scale and urgency. Developers and security teams are pressed to investigate the impact of Log4j vulnerabilities on their software, revealing multiple technical challenges …
The simplest way to manage and organize your Java dependencies is with a Maven or Gradle repository. You need reliable, secure, consistent and efficient access to your dependencies that are shared across your team, in a central location. Including a place to set up multiple registries, that work transparently with the Maven and Gradle clients. …
In 2020, JFrog’s experts published a treasure trove of content — blogs, articles, infographics, and more — to share insights and advice with our customers and the DevOps community at large. In case you missed them — or want to re-read them — here’s a list of the most popular ones. They range from a …
Apache Maven is a commonly used build tool. It has many cool features such as default processing steps that are included out of the box, and is particularly good for compiling and packaging Java code. But this blog post is not an introduction to Maven. There are plenty of great books that provide that, and …
“Private repositories”, “Teams and Organizations”, “Permissions”…, sounds like that’s all you need to provide secure private downloads. Well, not quite. Those are great features that fit the bill if your consumer is a Bintray user. But what if she isn’t? Well, then there are signed URLs. Those should do the trick. Just sign your file …
UPDATE: As of May 1, 2021 Bintray services will no longer be available (ConanCenter and JCenter are not affected) for more information read the Centers Deprecation Blog Bintray gives you everything you need to share your Maven project, and much more: you will be able to monitor downloads and users with the statistics that …
UPDATE: As of May 1, 2021 Bintray services will no longer be available (ConanCenter and JCenter are not affected) for more information read the Centers Deprecation Blog What does it means when some tool or framework has literally dozens of guides, pages long each? It probably means that it is popular, or complicated to …
New release, new features! Focus on what’s important You know, Bintray supports various repository types, like Maven, YUM and Debs, and more types to come. But sometimes all those goodies are just too much. You want to see and search for only certain type of packages (e.g. focus only on Maven jars to use Bintray …
If you already distribute your Maven packages via Bintray, your packages can gain further exposure by including them in Bintray’s JCenter! (if you are not very familiar with Bintray’s support for Maven, please refer to the user guide and to my previous post). JCenter is the repository with the biggest collection of Maven artifacts in …
