Safeguard
Tag

jfrog

Safeguard articles tagged "jfrog" — guides, analysis, and best practices for software supply chain and application security.

11 articles

Cloud Security

Container registries explained: Docker Hub vs private/ent...

Docker Hub vs. private/enterprise registries explained, with a look at where JFrog Artifactory fits — and why registry choice alone doesn't solve supply chain security.

May 31, 20268 min read
Vulnerability Management

CVE Numbering Authority (CNA) status: why it matters when...

JFrog has issued its own CVEs since 2021 as a CVE Numbering Authority. Here's what CNA status really controls, where it falls short, and how to verify vendor-disclosed vulnerabilities.

May 29, 20267 min read
Software Supply Chain Security

What is a Software Bill of Materials (SBOM) and why it ma...

A software bill of materials (SBOM) is a live inventory of every dependency in your software. Here's why it matters, how JFrog handles it, and how Safeguard does better.

May 28, 20267 min read
Tools

JFrog Xray vs Prisma Cloud: A 2026 Comparison

Where JFrog Xray and Prisma Cloud actually compete, where they don't, and how to pick between them for software supply chain and runtime security in 2026.

May 5, 20266 min read
Supply Chain

Private Registry Hardening in 2026: How Nexus Firewall and JFrog Curation Closed the Mirror-Pass-Through Gap

Through 2025-2026, Sonatype Nexus Firewall, JFrog Curation, and Harness Artifact Registry shipped policy features specifically aimed at the Shai-Hulud pass-through problem, where private mirrors silently replicated malicious upstream packages.

Apr 22, 20267 min read
Tools

JFrog Curation 2026: Time-Based Waivers and On-Demand Policies

JFrog Curation shipped time-bound waivers, on-demand policy application, group-based scope, and ChainGuard hardened-Maven support in 2026. We tested the upgrade on an Artifactory estate.

Apr 2, 20267 min read
DevSecOps

JFrog Xray Deployment Blueprint 2026

A pragmatic blueprint for deploying JFrog Xray in 2026: indexing strategy, watch policies, build promotion gates, and the operational pitfalls to avoid.

Mar 2, 20265 min read
Tools

JFrog Xray Alternatives: A 2026 Buyer's Guide

Where JFrog Xray fits, where it falls short, and which alternatives actually deserve a seat at the evaluation table in 2026 for SCA, container scanning, and policy enforcement.

Feb 12, 20265 min read
DevSecOps

JFrog Artifactory Hardening Guide

Artifactory is the most common artifact repository in enterprise. It is also a default-permissive system where misconfigurations compound. A concrete hardening guide.

Dec 14, 20236 min read
Tool Reviews

JFrog Xray: Vulnerability Scanning Built Into Your Artifact Pipeline

A review of JFrog Xray for vulnerability scanning and license compliance, covering its deep integration with Artifactory, impact analysis, and binary-level scanning.

Jun 12, 20235 min read
Infrastructure Security

Artifactory Security Best Practices for Enterprise Teams

JFrog Artifactory is a universal artifact manager. Getting its security right requires understanding its permission model, Xray integration, and access token management.

May 12, 20235 min read
jfrog — Safeguard Blog