Integrate JFrog Xray with Slack

The need to protect your software and to be updated about vulnerabilities is getting stronger. JFrog Xray is unique in its capabilities to perform analysis of all the binaries you are consuming in your project. It works with Artifactory to perform a deep analysis of binary components at any stage of the application lifecycle. Xray provides great visibility into issues lurking in components anywhere in your organization and there are many cases where you wish to get notified on a security violation (or a license breach) directly to Slack.

Getting Started

We will use Xray’s Webhooks to define our server’s and base on the policies/rules our Webhook will be notified with the alerts about violations (security or licenses).

Continue reading →

Export Violations From JFrog Xray to CSV

The trend of #DevSecOps is growing fast and it is no longer just part of your security team. More and more organizations wish to integrate their security team in all the phases of development and operations. To achieve it, there are cases where you need to export data from JFrog Xray (in our case to a CSV format) so you can ingest it to your current logging/monitoring system. 

What is Xray?

In a nutshell, JFrog Xray works with JFrog Artifactory to perform a deep analysis of binary components at any stage of the application lifecycle. It provides full transparency that leads to more trust in your software. 

By scanning binary components and their metadata, recursively going through dependencies at any level (think on the layers you have in any Docker container), JFrog Xray provides great visibility into issues lurking in components anywhere in your organization.

Xray API

One of the best parts is that JFrog Xray is also fully automated through a rich REST API. We will use it to create this Exporter. Please feel free to clone/fork the code below and use it, but remember you might need to add pagination and a watchdog for a real system.

Continue reading →

Continuous Software Updates With JFrog Pipelines

“Liquid Software” release practices are rapidly becoming the standard in many companies. However, as software shapes digital transformation, DevOps teams are feeling challenged to manage their growing influence on corporations’ success or failure. In a talk I gave last week, we looked into the growing pains that most enterprises (many of them JFrog customers) face when adopting and consolidating DevOps at scale, and how these challenges are being mitigated with end-to-end platform solutions. We also wrap up with some DevOps best practices that will help you address emerging trends that your bosses’ bosses care about.

The slides

The Future of Continuous Software Updates Is Here from Ido Green

Continue reading →

How To Build An Integration With JFrog Xray?

The trend of DevSecOps is not new but it’s growing fast. More and more organizations wish to integrate their security team in all the phases of development and operation. 

Many security products keep your code safe from vulnerabilities at different stages (dev, test, qa and prod). However, JFrog Xray is unique in its capabilities to perform analysis of all the binaries you are consuming in your project.

JFrog Xray works with JFrog Artifactory to perform a deep analysis of binary components at any stage of the application lifecycle. It provides full transparency that leads to (more) trust in your software. By scanning binary components and their metadata, recursively going through dependencies at any level (think on the layers you have in any Docker container), JFrog Xray provides great visibility into issues lurking in components anywhere in your organization.

One of the best parts is that JFrog Xray is also fully automated through a rich REST API that lets it integrate with a CI/CD pipeline and allows other binary analysis tools to build on its unique capabilities.

Continue reading →

What is the JFrog Container Registry? And Why Will You Want One?

---

These days, where many developers are working with containers and all their ‘outcomes’ are bundled in a Docker container, it is becoming challenging to manage and control them.

Moreover, as more containers and Kubernetes enter the party, the job gets that much harder. Now, you have a tool that can help you jump to the next level. The JFrog Container Registry is a new Docker, Helm, and generic registry that is scalable and reliable. 

What’s even better? 
It’s free… and gives you some unique features you can’t find anywhere else.

Give it a try at: jfrog.com/container-registry and/or continue to read below.

Continue reading →

JFrog Artifactory REST API in 5min

A good API is like a classic car – You want to use it again and again.

Most of the interactions with Artifactory will be from your CI/CD tools. It might be your build engine or from your log aggregator. This powerful API can be invoked in any of the standard ways you like to work with any other RESTful APIs (e.g. curl, CLI, your source code, etc’).
In many cases, it’s the preferred ‘glue’ for developers when it comes to automation. The options are extensive and you can do many useful things with this API. However, in this short post, we will cover the most popular actions you ‘must have’.

Let’s start with the most common action: “upload/download binaries“. This action could run automatically from the build machine to Artifactory using:

Continue reading →

VP Of Technology At JFrog

At last SwampUP, I had the opportunity to talk with Alan Shimel, Founder and Editor at DevOps.com. We covered what I do at JFrog and spoke about the definition of the role “VP of Technology”. We also covered some interesting new products we offering these days to help developers move faster.

I told Alan that I define the role as “finding leverage points in (JFrog) technology to support the business”.

Continue reading →

Market Trends Talk – swampUp 2019

The world has many buzzwords that people like to use. Some are more relevant to the real world and some aren’t. If yesterday was powered by new products and features, today is going to be filled by insights from our communities.

There are around 37 million developers in the world (according to GitHub last report) so it’s a substantial community. Moreover, DevOps is growing at a rapid pace. Btw, according to StackOverflow last survey – DevOps developers and site reliability engineers are among the highest paid, most experienced developers most satisfied with their jobs, and are looking for new jobs at the lowest levels.

I think we can all agree that data is stronger than opinions, rights?
This is what I really like about the special point of view that we have at JFrog. As the “database of DevOps“, we are sitting in a unique place – holding the output of what developers producing.
This is giving us excellent visibility into trends and the real world.

What does this mean?

It’s about contrasting perception with reality.
We combined our own data from 5000 customers with internal and external researches in an effort to give you a clear picture of the current state and what are the DevOps trends for the next 12-18 months.

The main challenges

Continue reading →