
Why openness always matters
Proprietary software isn’t evil, but open source is a remarkable force for good. The transparent, community-driven approach to development is driving innovation in every industry today.

Most reported CVEs for Docker Hub images are harmless
JFrog used Xray Container Contextual Analysis to scan the 200 most popular community images in Docker Hub, then tallied the results for the 10 most common CVEs. 78% were not exploitable.

Public package repos expose thousands of API security tokens—and they’re active
JFrog’s new Xray Secrets Detection uncovered active access tokens in popular open-source software registries including Docker, npm, and PyPI. Here are our findings and takeaways.

How intelligent automation changes CI/CD
A new paradigm for continuous delivery is emerging that enables it to serve as the foundation for improving devops and increasing development productivity.

Why CIOs should make the leap to Flutter now
Despite the duopoly of the current app marketplace, businesses should not be maintaining two development teams. Flutter and cross-platform apps are the future.

Why developers hold the key to cloud security
Developer-first security is the future in the cloud. Because the responsibility for cloud security rests with developers and devops teams, not IT security.

The ever-widening world of Wasm
Bringing WebAssembly and OCI containers together could enable us to run the same container image on any hardware or operating system we want—wherever it runs best, fastest, or cheapest.

5 steps to lower Kubernetes costs
Granular visibility can help enterprises keep cloud costs in check. Follow these best practices when using monitoring methods to control Kubernetes-related spending.

A vision for making open source more equitable and secure
An immutable package registry on the blockchain offers an opportunity for fairly compensating open source developers based on their contributions.

An AI alternative to code search tools
COBOL Colleague uses symbolic machine learning and static analysis to help developers understand and maintain COBOL source code. The same technology could be applied to other programming languages.

The benefits and challenges of event-driven architecture
Event-driven architecture allows developers to create powerful, real-time digital experiences. Ably’s edge messaging platform helps them deliver these experiences at scale.

Why Apache Iceberg will rule data in the cloud
Apache Iceberg is an open table format that offers scalability, usability, and performance advantages for very large data sets. Here are five reasons Iceberg is optimal for cloud data workloads.

Why edge computing matters for modern software development
The next stage of cloud computing brings computing power closer to users, paving the way to better user experiences and more intelligent applications.

Why devops needs a better approach to cloud networking
A full-stack networking platform with machine learning, autonomous capabilities, and multicloud support allows devops engineers to focus on what matters most—building applications.

Partitioning for performance in a sharding database system
Partitioning can provide a number of benefits to a sharding system, including faster query execution. Let’s see how it works.

Why database design choices matter to developers
Rather than punt database design decisions to a cloud service or third-party provider, understand what you want to achieve and how best to deliver on that goal.

7 biggest Kubernetes security mistakes
The most dangerous security holes are often the most basic. Start improving your Kubernetes security posture by fixing these simple mistakes.

How we’ll solve software supply chain security
Security teams need a standard set of processes for locking down roots of trust for software artifacts, and developers need a clear path to balance open source selection against security policies. Open source has answers.

Software developers have a supply chain security problem
Every day, software developers implicitly trust software packages, container images, dependency maintainers, repository operators, and build systems that we don’t know anything about. It’s the opposite of Zero Trust.

5 tips for writing better API documentation
Great API documentation is essential to a good developer experience. But your documentation should be great for non-developers too.
Top Blog Posts