Operations | Monitoring | ITSM | DevOps | Cloud

Introducing parent/child pipelines

We’re excited to announce the launch of parent/child pipelines for Bitbucket Pipelines. This powerful new capability lets you define a step within a pipeline that triggers and encapsulates a whole other pipeline, which can help to streamline more complex workflows into modular pieces and achieve greater parallelism within your pipeline.

Set up preview deployments for pull requests using CircleCI and Vercel

Working in front-end development involves writing features and bug fixes in different branches. But how do you ensure that reviewers, testers, and other stakeholders find it easy to view changes? Using preview deployments is one solution. Preview deployments allow you to automatically create a live URL each time someone opens a pull request (PR). It’s like giving every branch its mini website so that changes can be tested and proven in isolation.

JFrog Deployed on AWS: The Foundation for Cloud-Native Excellence

We are delighted to share the exciting news that JFrog has earned the “Deployed on AWS” badge in AWS Marketplace, marking yet another milestone in our journey of innovation and collaboration with Amazon Web Services (AWS). This achievement underscores our commitment to providing cutting-edge solutions that leverage AWS’s robust infrastructure to enhance the user experience and drive efficiency.

Free for the Community, Built by JFrog: Introducing the DSSE Attestation Online Decoder

Attestations, or as we like to call them, evidence, are a critical piece to proving software supply chain integrity and security. However, without the right tools and processes, reviewing and verifying attestations can be time-consuming. At JFrog, we’re deeply committed to empowering developers, DevOps, and Security teams to make these complex workstreams as simple as possible.

Platform Team Toolkit: Governance that accelerates developer velocity

Platform engineering teams face a critical challenge: scaling software delivery across dozens of development teams without killing innovation and velocity. The traditional approach forces an impossible choice: rigid standardization or operational chaos. Platform teams get buried in manual configuration requests, security updates take weeks to roll out, and compliance gaps emerge from inconsistent practices and developer workarounds.

Zero downtime deployments to Render using CircleCI

Downtime during deployments can affect the performance of your work. Data can be lost, and trust in your application can be destroyed. Luckily, zero downtime deployments do not need to be complex or involve a big infrastructure. This tutorial will teach you to establish a stable CI/CD pipeline with CircleCI and Render to automatically test and deploy a basic React application.

Platform Team Toolkit demo

Platform teams face an impossible choice: rigid standardization that slows developers down, or operational chaos that creates security gaps. CircleCI's new Platform Team Toolkit eliminates this tradeoff by delivering self-service developer experiences with built-in governance. What You'll See in This Demo: Key Benefits: Perfect for platform engineers, DevOps teams, and engineering leaders who need to scale software delivery without sacrificing speed or safety.

Speed up PR reviews with actionable code suggestions

Hello, Bitbucket fans It’s Dave from the Bitbucket Cloud product team. We’re happy to introduce another enhancement to help your team better collaborate around code reviews, saving you valuable time – the ability to propose specific code suggestions within a pull request. Code authors can view and apply the proposed code changes without switching contexts, helping teams get pull requests completed even more efficiently. This feature is available today to all teams using Bitbucket Cloud.

Looking beyond dev productivity to increase speed ft. Brian Guthrie of Justworks

Speed isn't just about developer productivity—it's about market dominance. Rob sits down with Brian Guthrie, Director of Engineering at Justworks and former ThoughtWorks consultant, to explore why lead time from conception to production should be your organization's north star metric.

Introducing JFrog's MCP Server: Better vibes and easier AI automation

Good news! You no longer have to be a DevOps or JFrog expert to harness the power of the JFrog Software Supply Chain Platform. With the introduction of JFrog’s MCP Server, we’re making the JFrog Platform accessible to your favorite large language models (LLMs). Now, every developer can take advantage of the detailed security and package information available in JFrog, such as vulnerability data from the JFrog Catalog, without needing to context-switch.

Introduction to Cloudsmith: Platform Overview

Learn how to control, secure, and distribute software artifacts with this full on-demand platform demo of Cloudsmith. In this video, Solutions Engineers Dan and Ciara walk you through key features, including web app setup, logging, policy enforcement, signing, and global distribution. Through live demos, you'll see how to integrate Cloudsmith into your CI/CD pipeline, enforce security and compliance, control access with entitlement tokens, and automate everything using the API.

Playwright fixtures: A deep dive

Fixtures may be one of Playwright’s most powerful yet under-used features. Playwright fixtures can be used to simplify repetitive setup or teardown in your tests, manage test data ,and test state better. Fixtures are key if your objective is to write cleaner, maintainable and manageable Playwright tests. This tutorial is aimed at helping you master using Playwright fixtures, understand their purpose, and showing how you can use them most effectively in your tests.

Docker Layer Caching: Speed Up CI/CD Builds

Docker layer caching (DLC) is a powerful technique that can significantly accelerate your CI/CD pipelines. By reusing unchanged image layers across builds, DLC not only cuts down on build times but also reduces cloud costs and boosts developer productivity. In this article, we’ll break down how Docker layer caching works, how to implement it effectively, and how to combine it with ephemeral environments for maximum impact.

Golden Paths Made Easy With Cloudsmith

Over the past few years, Platform Engineering has taken off as more and more as enterprise organisations adopt the practice of creating a centralised, self-service interface for developers to access the tools they need in order for them to do the job they were meant to do: build amazing software. At the heart of every Golden Path lies the ability to reliably produce, store, and consume build artifacts, from container images to internal libraries.

From painted doors to real prototypes - a mindset shift

The economics of building software are changing everything. For years, entrepreneurs used "painted doors" - fake features to test demand - because building was too expensive. But when AI drops development costs, you can create real prototypes and gather genuine user data instead of pretending. This mindset revolution treats experiments like cheap option contracts - the lower the cost, the more you can explore. Ready to abandon painted doors for unlimited experimentation?

How to think about quality in the age of cheap prototypes

When AI makes prototyping incredibly cheap, your old quality standards become a bottleneck. The key mindset shift? Quality doesn't matter equally everywhere. You can experiment with lower-quality prototypes to learn faster, then apply high standards only to what customers actually see. This isn't about lowering standards - it's about applying the right quality mindset at the right stage. Stop letting perfectionism slow down your learning phase.

OWASP CI/CD Part 9: Improper Artifact Integrity Validation

Improper artifact integrity validation is a critical vulnerability in CI/CD pipelines characterised by insufficient mechanisms to cryptographically verify the authenticity and integrity of code and build artifacts traversing the pipeline. When these controls are weak or absent, adversaries with access to any pipeline stage can inject malicious or tampered artifacts that appear legitimate, enabling undetected propagation through the pipeline and eventual deployment into production environments.

Security is a leading priority for 2025

The Cloudsmith 2025 Artifact Management Report offers timely insights into how engineering and DevOps teams are evolving their approach to software artifact management and software supply chain security. With supply chain attacks on the rise and Generative AI reshaping development practices, teams are reevaluating how they manage, secure, and scale their artifact repository infrastructure.

Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients

The JFrog Security Research team has recently discovered and disclosed CVE-2025-6514 – a critical (CVSS 9.6) security vulnerability in the mcp-remote project – a popular tool used by Model Context Protocol clients. The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it initiates a connection to an untrusted MCP server, posing a significant risk to users – a full system compromise.