A Peek at JFrog's Iron Bank Accreditation for Xray and Artifactory

JFrog Artifactory and JFrog Xray recently underwent a rigorous hardening process to earn accreditation for inclusion in the U.S. Department of Defense’s Iron Bank, a centralized repository of digitally-signed and hardened container images. In this blog post, we’re pulling back the curtain on the process, in order to share our insights and lessons learned with our customers and with the DevOps community at large.


Head-to-Head: Penetration Testing vs. Vulnerability Scanning

To release reasonably secure products, vendors must integrate software security processes throughout all stages of the software development lifecycle. That would include product architecture and design; implementation and verification; deployment and monitoring in the field; and back again to design to address the changing threat landscape, market needs, and product issues.


Set Up a Remote Repository in Artifactory To Proxy Iron Bank Images

U.S. Department of Defense (DoD) teams that manage DevSecOps software factories or that use DevSecOps factories to develop, secure and operate mission applications, need a trusted repository management system to store their local artifacts as well as artifacts pulled from Iron Bank, the DoD’s central repository of hardened container images. Artifacts that are stored include VM images, container images, binary executables, archives, documentation and many more package types.


Delivering on Our Commitments to the Public Sector with Iron Bank Certification

Serving our customers in the public sector, including government agencies and contractors, is both a great honor and a major responsibility for JFrog. The applications and digital services that they release have a direct impact on the well-being of our communities, across critical areas including national defense, healthcare, public safety, education and more. Today, I’m proud to share that JFrog is further strengthening its position in the government sector with the U.S.

What's New in Software Supply Chain Security

With new software supply chain attacks reaching the spotlight at an accelerating pace, security research uncovering novel attack methods, and new mandates and guidelines starting to come into effect -- it can be hard to stay on top of the latest developments and their implications. Catch this session as we break down the recent news related to software supply chain security and what you can do to meet new requirements and protect your software from such attacks.

Managing IoT Software Updates at Scale: Our Acquisition of Upswift

With the increasing proliferation of connected devices, it might be assumed that deploying software to devices, providing incremental updates, application security and IoT device management at scale are all rolled into companies’ DevOps pipelines as one big happy portfolio. Sadly, this has not been the case to date. Most IoT software updates and management solutions today are operated in a complete silo from corporations’ DevOps processes.


International Programmers Day 2021: Celebrating Those on the Front Lines of Digital Transformation

Happy International Day of the Programmer to the coders out there programming our digital world. It is your work and commitment that make the technical community thrive. You create the foundation for the innovations transforming the way we work and live.

Trusted SBOMs Delivered with the JFrog Platform and AWS

In this webinar, you’ll learn what an SBOM is, how it will benefit you, the misconceptions that exist around it and why it must be a key element of your software development life cycle's (SDLC) security and compliance. We’d also like to invite you to register for a joint JFrog-AWS webinar, where we’ll do a deep dive on SBOMs and share insights and best practices on SBOM creation and usage.