Introducing JFrog Advanced Security, the world’s first DevOps-centric security solution designed to control and protect your software supply chain from code to containers to production. As part of JFrog Xray and integrated into the universal JFrog DevOps Platform, these security features focus at the binary level, revealing issues that are not visible in source code alone. These new features go beyond the traditional software composition analysis (SCA) capabilities of JFrog Xray, with a focus on container security.

In this interview, we speak with Carlos Sanchez @csanchez Senior Cloud Software Engineer at Adobe, member at the Apache Software Foundation, author of Jenkins Kubernetes plugin about Kubernetes!! How moving to Kubernetes opens the door to a world of possibilities, the amount of workloads that can be run and the flexibility it provides. However this comes at a cost on managing the resources used by many applications and teams. Java applications can be specially challenging when running in containers.

In this interview, we speak to Eyal Ben Moshe, Head of the Ecosystem Engineering Group at JFrog, about the importance of shifting left and providing tools for developers to keep their software secure. He specifically discusses the release of Frogbit and Docker Desktop Extension and teases the BuildInfo resource, the metadata associated with a build in Artifactory.

Tony Loehr, Developer Advocate at CyCode, discusses the strengths of the CyCode platform in the software development life cycle to secure software delivery.

With OSS, not knowing where all your software comes from means hard-to-spot risks to the integrity of your services. Without constant identity checks and safety protocols for keys and secrets, open-source dependencies can open the door to breaches, exploits, and supply chain attacks. Enter Pyrsia -- your torch that lights up the open-source supply chain!

Nuno Do Carmo, Technical Writer for SUSE Rancher, discusses bringing the Cloud Native technologies to Windows and more specifically Windows Subsystem for Linux.

Denis Rosa, Developer Advocate Manager at Couchbase, talks about the challenge of external dependencies with continuous integration and delivery

Tools to package your applications and services into container images are abound. They’re easier to use and integrate into your CI/CD pipelines now more than ever. We can appreciate these advancements in the form of time savings and decreasing complexity when deploying to a cloud native environment, but we cannot completely ignore the details involved in these technologies. It’s tempting to take simplicity for granted, but sometimes we do this at the expense of keeping our software safe and secure!

GitHub Security Alerts! Support for Yarn 2... Frogbot scans every pull request created for security vulnerabilities with JFrog Xray and in version 2.3.2 it even opens pull requests for upgrading vulnerable dependencies to a version with a fix! With Frogbot installed, you can make sure that new pull requests don’t add new security vulnerabilities to your code base alongside them. If they do, the creator of the pull request has the opportunity to change the code before it is merged.