jfrog
Safeguard articles tagged "jfrog" — guides, analysis, and best practices for software supply chain and application security.
11 articles
Container registries explained: Docker Hub vs private/ent...
Docker Hub vs. private/enterprise registries explained, with a look at where JFrog Artifactory fits — and why registry choice alone doesn't solve supply chain security.
CVE Numbering Authority (CNA) status: why it matters when...
JFrog has issued its own CVEs since 2021 as a CVE Numbering Authority. Here's what CNA status really controls, where it falls short, and how to verify vendor-disclosed vulnerabilities.
What is a Software Bill of Materials (SBOM) and why it ma...
A software bill of materials (SBOM) is a live inventory of every dependency in your software. Here's why it matters, how JFrog handles it, and how Safeguard does better.
JFrog Xray vs Prisma Cloud: A 2026 Comparison
Where JFrog Xray and Prisma Cloud actually compete, where they don't, and how to pick between them for software supply chain and runtime security in 2026.
Private Registry Hardening in 2026: How Nexus Firewall and JFrog Curation Closed the Mirror-Pass-Through Gap
Through 2025-2026, Sonatype Nexus Firewall, JFrog Curation, and Harness Artifact Registry shipped policy features specifically aimed at the Shai-Hulud pass-through problem, where private mirrors silently replicated malicious upstream packages.
JFrog Curation 2026: Time-Based Waivers and On-Demand Policies
JFrog Curation shipped time-bound waivers, on-demand policy application, group-based scope, and ChainGuard hardened-Maven support in 2026. We tested the upgrade on an Artifactory estate.
JFrog Xray Deployment Blueprint 2026
A pragmatic blueprint for deploying JFrog Xray in 2026: indexing strategy, watch policies, build promotion gates, and the operational pitfalls to avoid.
JFrog Xray Alternatives: A 2026 Buyer's Guide
Where JFrog Xray fits, where it falls short, and which alternatives actually deserve a seat at the evaluation table in 2026 for SCA, container scanning, and policy enforcement.
JFrog Artifactory Hardening Guide
Artifactory is the most common artifact repository in enterprise. It is also a default-permissive system where misconfigurations compound. A concrete hardening guide.
JFrog Xray: Vulnerability Scanning Built Into Your Artifact Pipeline
A review of JFrog Xray for vulnerability scanning and license compliance, covering its deep integration with Artifactory, impact analysis, and binary-level scanning.
Artifactory Security Best Practices for Enterprise Teams
JFrog Artifactory is a universal artifact manager. Getting its security right requires understanding its permission model, Xray integration, and access token management.