Sunnyvale, CA, USA
  |  By Shailendra Dhamankar
The software supply chain today runs differently than it did just five years ago. The number of available tools, languages, and packages used have exploded. Further, the growing mix of OSS packages puts organizations at risk of outdated software, untracked dependencies, and non-compliant licenses. To add to the chaos, teams are now increasingly distributed and greater in number. All of this dramatically increases the number of inputs within the software supply chain.
  |  By Kristian Taernhed
With the proliferation of CVEs (Common Vulnerabilities and Exposures), we have witnessed a remarkable surge in associated risks over the past five years. 2022 was a record-breaking year with 25,096 new CVEs found, the most discovered CVEs ever. Unfortunately, 2023 is on track to beat that record.
  |  By Kate Kwiatkowski
At JFrog, we talk about being universal and too integrated to fail. In addition to more than 30 technologies and package types supported natively, this also means supporting our customers in their hybrid and cloud infrastructure. One such key integration capability for customers leveraging Amazon Web Services (AWS) is AWS PrivateLink.
  |  By Moran Ashkenazi
Securing your software supply chain is crucial for ensuring the integrity and security of the software you develop and deliver. Here are the top 8 security best practices for a secure software supply chain.
  |  By Uriya Yavnieli
The JFrog Security research team constantly monitors open-source projects to find new vulnerabilities or malicious packages and share them with the wider community to help improve their overall security posture. As part of this effort, the team recently discovered a new security vulnerability in plexus-archiver, an archive creation and extraction package.
  |  By Michael Sverdlov
In today’s interconnected world, secrets are the keys to unlocking sensitive data and systems. Like hidden gems for attackers, any inadvertent exposure of these secrets could lead to data breaches, unauthorized access, and security compromises. As organizations adopt DevOps practices, artifacts containing secrets are often stored and shared across various stages of the software supply chain, amplifying the risk of exposure.
  |  By Yair Mizrahi
On Wednesday, October 4th 2023, Daniel Stenberg, one of Curl’s core maintainers announced that a forthcoming release of Curl, version 8.4.0, is scheduled to be available on October 11th 2023 at approximately 06:00 UTC. The upcoming release will include fixes for two Curl vulnerabilities that they had discovered. One of these vulnerabilities is rated as having low severity (CVE-2023-38546), whereas the second one is considered high severity (CVE-2023-38545).
  |  By Yoav Landman
Every year, JFrog brings the DevOps community and some of the world’s leading corporations together for the annual swampUP conference, aimed at providing real solutions to developers and development teams in practical ways to prepare us all for what’s coming next.
  |  By Zohar Sacks
AI and machine learning (ML) have hit the mainstream as the tools people use everyday – from making restaurant reservations to shopping online – are all powered by machine learning. In fact, according to Morgan Stanley, 56% of CIOs say that recent innovations in AI are having a direct impact on investment priorities. It’s no surprise, then, that the ML Engineer role is one of the fastest growing jobs.
  |  By Paul Garden
Today’s software applications power almost every aspect of our lives, and ensuring the security of these applications is paramount. Threat actors can cause devastating consequences for companies, leading to financial losses, reputational damage, and legal repercussions. Companies building commercial or in-house applications must adopt robust security measures throughout their software development lifecycle to avoid releasing vulnerable code.
  |  By JFrog
Moran dives into what her view is on Developers and the relationship they have with security today. As security gets more complex, the Developer's job today isn't easy and they are asked to do a lot more than they are used to.
  |  By JFrog
The four things the CSO of today's modern organization wishes their Developers did more of and how to do them.
  |  By JFrog
Let's debunk some common myths around how the industry thinks a CSO views organization-wide security.
  |  By JFrog
JFrog CSO, Moran Ashkenazi answers the question around what she thinks about most when it comes to software supply chain (ssc) security.
  |  By JFrog
Watch the recording of the second workshop in the JFrog DevNext series - JFrog Security. The live audience experienced a real-time, hands-on event to help them develop their skills with the JFrog platform and how to easily secure their software supply chain.
  |  By JFrog
Repetitive tasks are the antithesis of speed. The only way to deliver software rapidly, securely and with quality is to automate software packages across the software supply chain to drive enhanced testing, improve decision-making, eliminate bottlenecks and holistically manage your software resources. Join Yossi Shaul, SVP of R&D, JFrog, and Gali Zisman, VP of Product, JFrog, to explore JFrog’s new release-first approach, including exclusive swampUP announcements, first-time demonstrations & key product advancements!
  |  By JFrog
Developers are now the target of the attacker, with binaries available publicly. While it's unlikely that the concept of security point solutions will completely disappear, it’s clear that the market is demanding a consolidated, comprehensive approach to pipeline security across the attack surface. With the increasing complexity of software supply chains, security and governance are becoming critical on developer’s machines, at the C-level and in boardrooms. In this session, Eyal Dyment, VP of Security Product for JFrog, details how next-gen software supply chain solutions must incorporate robust, holistic security or risk being the next tool to be consolidated.
  |  By JFrog
  |  By JFrog
Developers are now the target of the attacker, with binaries available publicly. While it's unlikely that the concept of security point solutions will completely disappear, it’s clear that the market is demanding a consolidated, comprehensive approach to pipeline security across the attack surface. With the increasing complexity of software supply chains, security and governance are becoming critical on developer’s machines, at the C-level and in boardrooms.
  |  By JFrog
JFrog is on a mission to create a world of software delivered without friction from developer to device. Driven by a “Liquid Software” vision, the JFrog Software Supply Chain Platform is a single system of record that powers organizations to build, manage, and distribute software quickly and securely, ensuring it is available, traceable, and tamper-proof. The integrated security features also help identify, protect, and remediate against threats and vulnerabilities. JFrog’s hybrid, universal, multi-cloud platform is available as both self-hosted and SaaS services across major cloud service providers.
  |  By JFrog
Cloud DevOps tools offer greater flexibility, rapid deployment, cloud automation, reduced IT costs, and low upfront costs with subscription pricing. Setting up your environment with Artifactory on the cloud on your choice provides unlimited scalability allowing you to grow according to your needs and is easily achieved by using cloud storage providers (Amazon AWS, Google GCP or Microsoft Azure) in your environment with Artifactory.
  |  By JFrog
Software businesses of every industry and all sizes, from small startups to large enterprises, are looking for ways to accelerate their software development process in the race to innovate and deliver their offerings to their customers ahead of their competition.
  |  By JFrog
Today, we live in a very connected world, where our devices, homes and cars all communicate with each other, and every company with a product or service has the need to develop software. It is one of the primary mediums by which they strive to provide better products, services and solutions, and has become paramount to a company's success. To continuously improve their software, companies must have sound DevOps or DevSecOps practices in place.
  |  By JFrog
In today's enterprises, software is your company's everyday face, whether through the desktop, the cloud, or a mobile device, to all parts of the globe. Cars are computers on wheels. Thermostats are data terminals. Banks live in your phone. In this new world, software updates serve customer's demands. Each one you deliver is your opportunity to renew - or, if botched, destroy - their trust. How can you make every update top-notch at top speed?
  |  By JFrog
Over the last several years, software development has evolved from deploying products periodically to building them on an ongoing basis using CI servers. A company's end product may be built on a daily or even hourly basis. This means that DevOps must support the continual flow of code from the individual developer's machine to the organization's production environment.
  |  By JFrog
Two numbers are shaking the foundations of business. What do these two figures mean to your business? They mean that, odds are your competitive landscape is irrevocably changed - already. To start, expectations for delivery speed for new products, services, and everything are faster. The new table stakes in the DevOps world have raised the bar on collaboration, cross-organizational visibility, efficiency, even company culture. Another thing these two simple stats mean is that most businesses are already there, or heading there now.

JFrog products seamlessly integrate with practically any development environment on Earth, from legacy code to the most recent containers and micro-services.

JFrog's end-to-end platform provides a fully automated pipeline for distributing trusted software releases. Connecting all developers, DevOps engineers and product owners to end devices, the JFrog Platform ensures software flows quickly and free from interruption.

End-to-End Universal DevOps Platform:

  • JFrog Artifactory: The undisputed software repository leader for integrated, universal artifact management at enterprise scale.
  • JFrog Container Registry: The world’s most flexible, hybrid container registry, with enterprise-grade resiliency backed by JFrog Artifactory.
  • JFrog XRay: Universal security vulnerability & compliance analysis, natively integrated with Artifactory for continuous governance across the DevOps pipeline.
  • JFrog Pipelines: Universally orchestrate software releases and master the entire CI/CD pipeline from code to production.
  • JFrog Distribution: Secure and validate your software releases, allowing trusted, optimized software distribution on a global scale.
  • JFrog Mission Control: A single access point providing a centralized dashboard to oversee your DevOps pipeline.

Universal Artifact Management for DevOps Acceleration.