July 2018 Summaries
5 posts from JFrog
Filter
Month:
Year:
Post Summaries
Back to Blog
Organizations developing software increasingly use Docker, but hesitations about taking it to production often arise due to challenges related to visibility into Docker images and their management. Key concerns include understanding the contents of Docker images to avoid security and licensing vulnerabilities and effectively storing and managing these images as they scale, with traditional file systems proving inadequate. A universal binary repository manager, such as JFrog Artifactory, addresses these issues by providing a centralized solution for managing binaries, enabling secure, reliable deployment across environments. Artifactory facilitates multiple Docker registries, supports the Docker client transparently, and offers fine-grained access control, ensuring consistent and reliable access to images and promoting them confidently to production. It enhances Docker implementation through benefits like secure private registries, remote image access, and smart search capabilities, paving the way for scalability, security, and high availability in enterprise-grade environments.
Jul 26, 2018
778 words in the original blog post.
Modern software governance necessitates managing not only the quality of one's own code but also the quality, security, integrity, and legal aspects of open-source packages utilized. Various organizational teams, including security, legal, and the CTO office, address these risks based on factors such as risk severity and package popularity. JFrog Xray 2.2 introduces an enhanced mechanism for defining and enforcing governance standards on binaries, focusing on security and compliance. This system allows organizations to create policies that specify governance behavior, which can be enforced through 'Watches' that determine the resources to be monitored. A policy in Xray is contextless, meaning it defines enforcement specifications without specifying the context, and can be assigned to multiple watches. This separation of behavior from context enhances efficiency, flexibility, and accountability within organizations, allowing for streamlined governance across projects. The latest release helps manage software dependencies by providing tools for policy creation and enforcement, improving the security and compliance of software projects.
Jul 25, 2018
648 words in the original blog post.
Twistlock and JFrog have collaborated to enhance the security and efficiency of Docker builds by integrating Twistlock's security features with JFrog Artifactory's automated Docker promotion pipeline. Twistlock offers robust security for Kubernetes container environments, utilizing a rule-based access control policy system to automatically deploy defenses across numerous servers. It provides comprehensive security by scanning Docker images for vulnerabilities and tagging them with metadata that Artifactory can utilize to alert developers of potential issues. The Twistlock Container Security Console gives administrators visibility into registered containers and their security risks, allowing them to configure security settings, detect vulnerabilities, and prevent attacks. The integration process involves adding Artifactory to Twistlock, building and pushing Docker images like a JavaScript node.js runtime example, and viewing scanned registry information to assess vulnerabilities and compliance. This partnership allows for a streamlined DevOps workflow where Artifactory serves as a Docker registry, and Twistlock aids in quickly identifying and mitigating risks associated with unresolved vulnerabilities in Docker images.
Jul 16, 2018
586 words in the original blog post.
R is a prominent statistical language favored by data scientists for statistical computation and graphics, with the Comprehensive R Archive Network (CRAN) acting as its package manager. JFrog's Artifactory has expanded its capabilities to include support for R packages through CRAN repositories, offering developers advantages such as scaling, security, and visibility. With the release of Artifactory version 6.1, users have native support for CRAN repositories, which enhances the deployment and resolution process of R packages. Artifactory's integration offers secure, local CRAN repositories, proxy capabilities for remote resources, and virtual repositories that consolidate local and remote resources into a single point of access. It provides metadata viewing, direct deployment of R sources and binaries, and robust version management, making it an integral tool for consistent CI/CD workflows. Additionally, Artifactory 6.1's cross-zone sharding enhancements improve data redundancy and storage management across multiple zones.
Jul 10, 2018
614 words in the original blog post.
Integrating SonarQube and JFrog Artifactory within a CI/CD pipeline enhances code quality by detecting issues such as bugs, code smells, and security vulnerabilities before deployment. SonarQube analyzes source code and provides quality metrics that can be used to decide whether to promote builds through the pipeline, while Artifactory acts as a binary repository manager, capturing metadata from SonarQube to inform build promotion decisions. This integration can operate in two modes: WAIT mode, where the pipeline pauses for SonarQube analysis completion, and NOWAIT mode, where the analysis is performed asynchronously, suitable for large projects. A shell script, artifactory-sonar.sh, is used to facilitate this integration, allowing customization based on specific environments and CI servers such as Jenkins.
Jul 09, 2018
677 words in the original blog post.