Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on Continuous Integration and Development, and related technologies.

Now Available: Smart Archiving with the JFrog Platform

Every day development teams around the world release new software. But what happens to prior releases that are no longer in production? Most organizations save them, typically due to internal policies, external regulations, or simply the fear of losing data. Organizations typically take varied approaches to retaining their prior releases.

Preventing harmful LLM output with automated moderation

Large Language Models (LLMs) can produce impressive text responses, but they’re not immune to generating harmful or disallowed content. If you’re developing an LLM-powered application, you need a reliable way to detect and block risky outputs. Disallowed content – hate speech, explicit descriptions, harmful instructions – can damage your product’s reputation, endanger user safety, and potentially violate legal or platform guidelines.

Introducing Support for Chocolatey and PowerShell Packages

In February, we announced our support for Hex packages, which further solidified the JFrog Platform as the most universal package management solution. We’re excited to announce we’re continuing to build on our universality with our new official support of Chocolatey and PowerShell, which allows both technologies to be used with our NuGet repositories in JFrog Artifactory.

Automating vulnerability scanning for Gradle dependencies with CircleCI

Detecting dependency vulnerabilities in a Gradle-based project is crucial because it prevents applications from using libraries (dependencies) with security holes. Imagine an application as a house. Each dependency, or library used in the project, is like building material (such as wood, glass, or bricks). If there’s a flawed or easily penetrable material, the house can become unsafe, such as being more vulnerable to thieves or collapsing during an earthquake.

CI/CD preprocessing pipelines in LLM applications

In Large Language Model (LLM) applications, the quality of the training data is paramount in determining the final model performance. One of the most important steps in preparing datasets is cleaning and transforming raw data into similar and usable formats. However, this process can be tedious and time-consuming when done manually. Automating these data cleaning workflows is essential to improve efficiency and maintain consistency across multiple datasets.

OWASP CI/CD Top 10: Inadequate Flow Control in CI/CD Pipelines

With the recent shake-up around CVE funding and broader questions about long-term support for cybersecurity infrastructure, one thing is clear: controlling what you can is more important than ever. This is abundantly clear in modern software development practices which rely heavily on CI/CD systems, which in turn serve as the primary conduit from a developer’s local environment to production.

Creating and testing a RAG-powered AI app with Gemini and CircleCI

Have you ever asked an AI model a question and received an outdated or completely off-base response? I’ve been there too. The problem is that most AI models rely solely on their pre-trained knowledge, which becomes obsolete over time. This is where RAG can help: RAG is a hybrid AI technique that combines the advantages of retrieval systems and generative models. It bridges the gap by bringing in real-time information from external knowledge sources to improve the generation quality.

Introducing token rotation for access tokens

As part of Atlassian’s ongoing investment in security, we’re excited to introduce token rotation for access tokens in Bitbucket Cloud. Building on recent updates, like adding expiration dates to access tokens, this new capability allows you to rotate your tokens, which generates a new secret while maintaining the same access and scopes.