Welcome to the JFrog Blog

Latest:

Navigating DORA Compliance: Software Development Requirements for Financial Services Companies

July 10, 2024 Paul Garden, JFrog DevOps & Security Industry Solutions Danny Parizada, JFrog Senior Solution Engineer

8 min read

Regulatory compliance is a common and critical part of today's rapidly evolving financial services landscape. One new regulation that EU financial institutions must adhere to is the Digital Operational Resilience Act (DORA), enacted to enhance the operational resilience of digital financial services. The BCI Supply Chain Resilience Report 2023 highlighted that 45.7% of organizations experienced…

Read More

All Blogs

Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagineBinary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine

Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine

July 9, 2024 Andrey Polkovnichenko, JFrog Security Researcher Brian Moussalli, JFrog Malware Research Team Leader Shachar Menashe, JFrog Senior Director Security Research | 8 min read

The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub. As a community service, the JFrog Security Research team continuously scans public repositories such as Docker Hub,…
Read More
Doing DevOps Your Way On SaaS Solutions: Connecting JFrog CLI to Your JFrog WorkersDoing DevOps Your Way On SaaS Solutions: Connecting JFrog CLI to Your JFrog Workers

Doing DevOps Your Way On SaaS Solutions: Connecting JFrog CLI to Your JFrog Workers

July 8, 2024 Batel Zohar, JFrog Developer Advocate Herve Esteguet, JFrog Software Engineer | 5 min read

In our previous blog post, we explored JFrog Workers, a JFrog Cloud Platform service that allows you to create customized workers that can respond to events in the platform. These workers can perform various tasks, from running code to adjusting functions, giving you more flexibility and control over your workflows. Allowing you to automate processes…
Read More
Embracing Complexity in DevOps: Software Supply Chain State of the Union 2024Embracing Complexity in DevOps: Software Supply Chain State of the Union 2024

Embracing Complexity in DevOps: Software Supply Chain State of the Union 2024

July 5, 2024 Sean Pratt, JFrog Senior Product Marketing Manager | 4 min read

As we delve deeper into the era of software reliance, the 2024 JFrog Software Supply Chain report emerges as required reading for developers and DevOps professionals who are at the frontline of today’s technological innovations. DevOps and development themes from the 2024 report The report combines Artifactory data, analysis from the JFrog Security Research team,…
Read More
JCenter Sunset on August 15th, 2024JCenter Sunset on August 15th, 2024

JCenter Sunset on August 15th, 2024

July 2, 2024 Melissa McKay, JFrog Developer Advocate | 5 min read

JFrog supported the Java community as the host of the JCenter repository for Java OSS libraries, packages and components as part of JFrog’s Bintray service for several years. When Bintray was deprecated on May 1st, 2021, to make way for the development and further advancement of the JFrog Platform, JFrog decided to continue the support…
Read More
When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AIWhen Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI

When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI

June 27, 2024 Natan Nehorai, JFrog Application Security Researcher | 12 min read

In the rapidly evolving fields of large language models (LLMs) and machine learning, new frameworks and applications emerge daily, pushing the boundaries of these technologies. While exploring libraries and frameworks that leverage LLMs for user-facing applications, we came across the Vanna.AI library - which offers a text-to-SQL interface for users - where we discovered CVE-2024-5565, a…
Read More
JFrog & Qwak: Accelerating Models Into Production – The DevOps WayJFrog & Qwak: Accelerating Models Into Production – The DevOps Way

JFrog & Qwak: Accelerating Models Into Production – The DevOps Way

June 25, 2024 Yuval Fernbach, CTO & Co-founder, Qwak | 9 min read

We are collectively thrilled to share some exciting news: Qwak will be joining the JFrog family! Nearly four years ago, Qwak was founded with the vision to empower Machine Learning (ML) engineers to drive real impact with their ML-based products and achieve meaningful business results. Our mission has always been to accelerate, scale, and secure…
Read More
The Agenda is Live for swampUP 2024!The Agenda is Live for swampUP 2024!

The Agenda is Live for swampUP 2024!

June 19, 2024 The JFrog swampUP Team | 3 min read

The excitement is building. JFrog is pleased to announce the awesome agenda we have assembled for swampUP 2024 at the Omni Barton Creek Resort & Spa in Austin. Join us Sep 9-11 for one of the premier DevOps conferences of the year, focusing on the latest trends in software development platforms, supply chain security, OSS…
Read More
JFrog4JFrog: DevSecOps Made SimpleJFrog4JFrog: DevSecOps Made Simple

JFrog4JFrog: DevSecOps Made Simple

June 17, 2024 Batel Zohar, JFrog Developer Advocate Dana Rozen, JFrog Senior IR SecOps Engineer | 6 min read

Developers simply want to write code without interruption, while operations wish to build as fast as possible and deploy without restrictions. On the other hand, security professionals want to protect every step of the software supply chain from any potential security threats and vulnerabilities. In software development, every piece of code can potentially introduce vulnerabilities…
Read More
Taking a GenAI Project to ProductionTaking a GenAI Project to Production

Taking a GenAI Project to Production

June 10, 2024 Shaked Zychlinski, JFrog AI Architect | 6 min read

Generative AI and Large Language Models (LLMs) are the new revolution of Artificial Intelligence, bringing the world capabilities that we could only dream about less than two years ago. Unlike previous milestones, such as Deep Learning, in the current AI revolution, everything is happening faster than ever before. Many feel that the train is about…
Read More
How to Connect the JFrog Platform to Your GitHub Environment to Create a Seamless IntegrationHow to Connect the JFrog Platform to Your GitHub Environment to Create a Seamless Integration

How to Connect the JFrog Platform to Your GitHub Environment to Create a Seamless Integration

May 30, 2024 Batel Zohar, JFrog Developer Advocate Carmit Hershman, JFrog Senior Software Architect, CTO Office | 8 min read

The latest JFrog collaboration with GitHub enables you to easily combine your favorite solutions for source code and binaries in a seamless integration. This means you now have a unified comprehensive and secure end-to-end experience that supports your software projects. This integration covers everything from curating open source packages, coding, CI, release management, deployment and…
Read More

Popular Tags

Try the JFrog Platform

In the cloud or self-hosted

Start Free

or Book a Demo