Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

JFrog

SDLC Security: It's Personal for JFrog

The SolarWinds hack, which has affected high-profile Fortune 500 companies and large U.S. federal government agencies, has put the spotlight on software development security — a critical issue for the DevOps community and for JFrog. At a fundamental level, if the code released via CI/CD pipelines is unsafe, all other DevOps benefits are for naught.

Adding Helm Chart Security Mitigation Notes to ChartCenter

Earlier this year, we launched ChartCenter, our newest community platform to help Kubernetes developers find Helm charts. This new free Helm central repository was built with chart immutability  in mind— meaning every version of a Helm chart and every version in ChartCenter will always be available even if the original source goes down.

How The JFrog Platform Drives DevSecOps At Scale

With the JFrog Platform at the core of your DevSecOps tool chain, you will over achieve your deployment frequency and change lead time metrics. By integrating JFrog into your existing CI environment current skills (people) and processes are maximized, while aggregating all the commercial and open source software artifacts, dependencies and documentation for re-use across all of your development projects to drive consistency and quality of the build.

A Few Minutes More: Add Xray DevSecOps to Artifactory Enterprise on Azure

In a prior blog post, we explained how to install or update Artifactory through the Azure Marketplace in the amount of time it takes for your coffee order to arrive on the counter. Now you can add to your self-managed (BYOL) Artifactory deployment Xray, the cream of software component analysis (SCA) tools, through the Azure Marketplace as well.

Air Gap Distribution Delivers Peace of Mind to Isolated Environments

The best way to stay out of danger is to keep far away from where danger lurks. But in the internet age, the global network means risk to your systems is from everywhere, at all times. With estimates that worldwide damage from cybercrime will exceed 6 trillion dollars by 2021, many companies choose, or are required by regulations to isolate their most sensitive systems to avoid any type of security breach.

Best Practices: Onboarding Jfrog Xray

JFrog Xray is a Software Composition Analysis tool (SCA) which is tightly integrated with JFrog Artifactory to ensure security and compliance governance for the organization binaries throughout the SDLC. This video provides best practices learned from customers for successfully deploying JFrog Xray into your organization and performing a real Shift-Left. It will focus on two keys to success, 1. involving R&D and 2. starting small and working in cycles.

Securing Your Kubernetes Journey with ChartCenter

Adopting cloud native technologies like Kubernetes and Helm means your company’s operations can sail swiftly across the globe’s oceans to reach teams and customers. But there are dangers in the deep. With many components in Kubernetes, securing every dimension can be quite challenging and require a bit of learning curve. Let’s identify some important best practices that can help you to steer straight.

Helm Chart Security Mitigation: Talking Back to CVEs in ChartCenter

If your Helm charts could talk, what would they say to potential users? Would they boast of the power in the Kubernetes apps they deploy? Would they warn of their dangers? Would they offer advice? In JFrog’s new ChartCenter, a community repository of publicly available Helm charts, that’s exactly what they’ll do. ChartCenter reveals to users what known risks lie within the container images deployed by every Helm chart.