May 2019 Summaries
2 posts from JFrog
Filter
Month:
Year:
Post Summaries
Back to Blog
"Forewarned is forearmed," an adage from the 16th century, is particularly relevant to modern DevSecOps practices, which advocate for a "Shift Left" strategy where developers proactively address vulnerabilities early in the software development process. JFrog Xray, a tool integrated within IDEs such as IntelliJ IDEA, Visual Studio, and Eclipse, assists developers by scanning dependencies from package managers like Maven, Gradle, and npm to identify known vulnerabilities and license compliance issues. This integration enables developers to make informed decisions about dependencies directly within their coding environment. Xray's continuous impact analysis further ensures that even deployed components are regularly assessed for new vulnerabilities, enhancing the overall security posture by allowing developers to address issues promptly. By integrating vulnerability scanning into the developer's workflow, JFrog Xray helps streamline the DevSecOps process, making it easier to maintain secure and compliant software applications.
May 28, 2019
741 words in the original blog post.
The presentation at DockerCon 2019, inspired by a line from Star Trek: First Contact, focused on the efficient management of Docker images, particularly in handling data and configuration changes without creating new images for each update. By capturing a container’s persistent data from a Docker volume, this data can be versioned and promoted in Artifactory, facilitating deployment while maintaining security through JFrog Xray scans. The discussion included practical examples using Jenkins servers, showcasing how Docker volumes streamline updates for plugins and jobs without necessitating frequent image changes. This method not only reduces the number of updates in a Docker registry but also enhances data security, making it highly beneficial for maintaining consistent environments. The talk encouraged users to explore JFrog Artifactory for managing these processes and provided guidance on utilizing Docker volumes effectively in conjunction with Artifactory for optimized software deployment.
May 06, 2019
968 words in the original blog post.