JFrog

JFrog Advanced Security

Oct 18, 2022 By JFrog In JFrog

Introducing JFrog Advanced Security, the world’s first DevOps-centric security solution designed to control and protect your software supply chain from code to containers to production. As part of JFrog Xray and integrated into the universal JFrog DevOps Platform, these security features focus at the binary level, revealing issues that are not visible in source code alone. These new features go beyond the traditional software composition analysis (SCA) capabilities of JFrog Xray, with a focus on container security.

View Video

JFrog

Read more about JFrog Advanced Security

#DevOpsSpeakeasy at #devoxxMA 2022 with Carlos Sanchez @csanchez

Oct 6, 2022 By JFrog In JFrog

In this interview, we speak with Carlos Sanchez @csanchez Senior Cloud Software Engineer at Adobe, member at the Apache Software Foundation, author of Jenkins Kubernetes plugin about Kubernetes!! How moving to Kubernetes opens the door to a world of possibilities, the amount of workloads that can be run and the flexibility it provides. However this comes at a cost on managing the resources used by many applications and teams. Java applications can be specially challenging when running in containers.

View Video

JFrog

Read more about #DevOpsSpeakeasy at #devoxxMA 2022 with Carlos Sanchez @csanchez

#DevOpsSpeakeasy at #swampUP San Diego 2022 with Eyal Ben Moshe

Oct 3, 2022 By JFrog In JFrog

In this interview, we speak to Eyal Ben Moshe, Head of the Ecosystem Engineering Group at JFrog, about the importance of shifting left and providing tools for developers to keep their software secure. He specifically discusses the release of Frogbit and Docker Desktop Extension and teases the BuildInfo resource, the metadata associated with a build in Artifactory.

View Video

JFrog

DevOps

Read more about #DevOpsSpeakeasy at #swampUP San Diego 2022 with Eyal Ben Moshe

#DevOpsSpeakeasy at #swampUP San Diego 2022 with Tony Loehr

Sep 9, 2022 By JFrog In JFrog

Tony Loehr, Developer Advocate at CyCode, discusses the strengths of the CyCode platform in the software development life cycle to secure software delivery.

View Video

JFrog

Read more about #DevOpsSpeakeasy at #swampUP San Diego 2022 with Tony Loehr

Pyrsia - Securing your OSS Supply Chain

Sep 7, 2022 By JFrog In JFrog

With OSS, not knowing where all your software comes from means hard-to-spot risks to the integrity of your services. Without constant identity checks and safety protocols for keys and secrets, open-source dependencies can open the door to breaches, exploits, and supply chain attacks. Enter Pyrsia -- your torch that lights up the open-source supply chain!

View Video

JFrog

Read more about Pyrsia - Securing your OSS Supply Chain

#DevOpsSpeakeasy at #KubeCon EU 2022 with Nuno Do Carmo

Sep 7, 2022 By JFrog In JFrog

Nuno Do Carmo, Technical Writer for SUSE Rancher, discusses bringing the Cloud Native technologies to Windows and more specifically Windows Subsystem for Linux.

View Video

JFrog

Read more about #DevOpsSpeakeasy at #KubeCon EU 2022 with Nuno Do Carmo

Supply Chain Security Exposed @ JFrog Private Event Sydney

Sep 6, 2022 By JFrog In JFrog

View Video

JFrog

Read more about Supply Chain Security Exposed @ JFrog Private Event Sydney

The Software Supply Chain Risks You Need to Know

Sep 6, 2022 By Nati Davidi, SVP JFrog Security In JFrog

Code that an organization’s developers create is only the beginning of modern software development. In fact, first-party code is likely to be only a small proportion of an application – sometimes as little as 10% of the application’s artifact ecosystem. An enterprise’s software supply chain is made of many parts, from many sources: open source packages, commercial software, infrastructure-as-code (IaC) files, and more.

Read Post

JFrog

Read more about The Software Supply Chain Risks You Need to Know

4 Operational Risks to Not Leave to Chance

Sep 1, 2022 By JFrog Team In JFrog

Not all of the recognizable risks in your software supply chain can be identified by their known vulnerabilities recorded as CVEs. A component that is outdated or inactive may present risks to your application that no one has had cause to investigate. Yet these components could still harbor threats.

Read Post