Sunnyvale, CA, USA
  |  By Paul Garden
Regulatory compliance is a common and critical part of today’s rapidly evolving financial services landscape. One new regulation that EU financial institutions must adhere to is the Digital Operational Resilience Act (DORA), enacted to enhance the operational resilience of digital financial services. The BCI Supply Chain Resilience Report 2023 highlighted that 45.7% of organizations experienced supply chain disruptions with their closest suppliers, which is more than double the pre-pandemic levels.
  |  By Andrey Polkovnichenko
The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub.
  |  By Natan Nehorai
In the rapidly evolving fields of large language models (LLMs) and machine learning, new frameworks and applications emerge daily, pushing the boundaries of these technologies. While exploring libraries and frameworks that leverage LLMs for user-facing applications, we came across the Vanna.AI library – which offers a text-to-SQL interface for users – where we discovered CVE-2024-5565, a remote code execution vulnerability via prompt injection techniques.
  |  By Batel Zohar
Developers simply want to write code without interruption, while operations wish to build as fast as possible and deploy without restrictions. On the other hand, security professionals want to protect every step of the software supply chain from any potential security threats and vulnerabilities. In software development, every piece of code can potentially introduce vulnerabilities into the software supply chain.
  |  By Thomas Dohmke
As the volume of code continues to grow exponentially, software developers, DevOps engineers, operations teams, security specialists, and everyone else who touches code are increasingly spending their time in the weeds of securing, delivering, and scaling software. This bottles up creativity and ultimately slows software development for every organization.
  |  By Sean Pratt
With the rapid adoption of AI-enabled services into production applications, it’s important that organizations are able to secure the AI/ML components coming into their software supply chain. The good news is that even if you don’t have a tool specifically for scanning models themselves, you can still apply the same DevSecOps best practices to securing model development.
  |  By Paul Davis
The impact of the 2024 RSA Conference on security in San Francisco was beyond expectations. It was really a fantastic opportunity to meet an amazing group of individuals from all stages of the software supply chain from CISOs to researchers to development and security teams.
  |  By Shani Achwal
An organization’s software supply chain includes all the elements involved in developing and distributing software, such as components, tools, processes, and dependencies. Each link in this important chain presents the potential for security threats. Recent research conducted by Gartner shows a major increase in attacks targeting code, tools, open-source components, and development processes, particularly in areas where organizations lack visibility.
  |  By Elana Marom
It’s a wrap! RSA 2024 brought together cybersecurity experts, industry leaders, and innovators to delve into critical topics defining the future of digital security. One of the key themes that garnered significant attention at RSA 2024 was software supply chain security.
  |  By Sean Wright
Removing friction between DevOps and Security teams can only lead to good things. By pulling in the same direction, DevOps can make sure developers continue to work with minimum interruption, while automation and background processes make security more effective and consistent than before. And, security teams have the visibility and understanding of the software development life cycle (SDLC), to improve developer experience and reduce risks and incidents for the organization.
  |  By JFrog
The JFrog Software Supply Chain Platform is the single source of truth to accelerate delivery of trusted software releases.
  |  By JFrog
Together, JFrog and Qwak instill governance, transparency, visibility, and security into every facet of the development and deployment lifecycle for ML models. From managing dependencies to ensuring compliance and optimizing storage, this integration empowers your organization to embrace the future of machine learning with confidence and efficiency. Watch this demo for an overview of the integration.
  |  By JFrog
Carmine Acanfora, Solutions Architect at JFrog in the EMEA region, leads this security best practices webinar. In this webinar, we discuss the advanced features of the JFrog Advanced Security solution, now available in self-hosted mode. We will take the time to address your questions, particularly on topics crucial for all developers, such as: Don't miss this opportunity to explore JFrog's latest security solution and learn how to accelerate and secure your software supply chain with the first DevOps-oriented security solution on the market.
  |  By JFrog
Curious to see what all the AI/ML hype is about? Watch our DevSecOps Hangout and hear how ML Model management benefits organizations by providing a single place to manage ALL software binaries, bringing DevOps best practices to ML development, and allowing organizations to ensure the integrity and security of ML models – all while leveraging an existing solution they already have in place. Watch our expert educational talks and panel discussion with our Technology Partner Qwak on MLOps, DevSecOps, AI, and Machine Learning.
  |  By JFrog
JFrog is powering entire industries, including 89% of the Fortune 100, and 10 of the top 10 finance companies in the world. All of them use JFrog to deliver applications faster, and more securely. Watch this webinar to learn some of the best practices and tools used by some of the largest FinTech and FinServ enterprises in the world.
  |  By JFrog
We share JFrog's view on our own SSC security and share some best practices we use within our own organization.
  |  By JFrog
Moran answers the question, "If you were a Developer today, what do you think you'd want to hear from your CISO and CSO?".
  |  By JFrog
Common assumptions Developers tend to make around security today, that could be untrue. We unpack some of these assumptions and different way to view it that helps them adopt a security mindset and make their lives easier.
  |  By JFrog
Moran dives into what her view is on Developers and the relationship they have with security today. As security gets more complex, the Developer's job today isn't easy and they are asked to do a lot more than they are used to.
  |  By JFrog
The four things the CSO of today's modern organization wishes their Developers did more of and how to do them.
  |  By JFrog
Cloud DevOps tools offer greater flexibility, rapid deployment, cloud automation, reduced IT costs, and low upfront costs with subscription pricing. Setting up your environment with Artifactory on the cloud on your choice provides unlimited scalability allowing you to grow according to your needs and is easily achieved by using cloud storage providers (Amazon AWS, Google GCP or Microsoft Azure) in your environment with Artifactory.
  |  By JFrog
Software businesses of every industry and all sizes, from small startups to large enterprises, are looking for ways to accelerate their software development process in the race to innovate and deliver their offerings to their customers ahead of their competition.
  |  By JFrog
Today, we live in a very connected world, where our devices, homes and cars all communicate with each other, and every company with a product or service has the need to develop software. It is one of the primary mediums by which they strive to provide better products, services and solutions, and has become paramount to a company's success. To continuously improve their software, companies must have sound DevOps or DevSecOps practices in place.
  |  By JFrog
In today's enterprises, software is your company's everyday face, whether through the desktop, the cloud, or a mobile device, to all parts of the globe. Cars are computers on wheels. Thermostats are data terminals. Banks live in your phone. In this new world, software updates serve customer's demands. Each one you deliver is your opportunity to renew - or, if botched, destroy - their trust. How can you make every update top-notch at top speed?
  |  By JFrog
Over the last several years, software development has evolved from deploying products periodically to building them on an ongoing basis using CI servers. A company's end product may be built on a daily or even hourly basis. This means that DevOps must support the continual flow of code from the individual developer's machine to the organization's production environment.
  |  By JFrog
Two numbers are shaking the foundations of business. What do these two figures mean to your business? They mean that, odds are your competitive landscape is irrevocably changed - already. To start, expectations for delivery speed for new products, services, and everything are faster. The new table stakes in the DevOps world have raised the bar on collaboration, cross-organizational visibility, efficiency, even company culture. Another thing these two simple stats mean is that most businesses are already there, or heading there now.

JFrog products seamlessly integrate with practically any development environment on Earth, from legacy code to the most recent containers and micro-services.

JFrog's end-to-end platform provides a fully automated pipeline for distributing trusted software releases. Connecting all developers, DevOps engineers and product owners to end devices, the JFrog Platform ensures software flows quickly and free from interruption.

End-to-End Universal DevOps Platform:

  • JFrog Artifactory: The undisputed software repository leader for integrated, universal artifact management at enterprise scale.
  • JFrog Container Registry: The world’s most flexible, hybrid container registry, with enterprise-grade resiliency backed by JFrog Artifactory.
  • JFrog XRay: Universal security vulnerability & compliance analysis, natively integrated with Artifactory for continuous governance across the DevOps pipeline.
  • JFrog Pipelines: Universally orchestrate software releases and master the entire CI/CD pipeline from code to production.
  • JFrog Distribution: Secure and validate your software releases, allowing trusted, optimized software distribution on a global scale.
  • JFrog Mission Control: A single access point providing a centralized dashboard to oversee your DevOps pipeline.

Universal Artifact Management for DevOps Acceleration.