wonderfully unique software solutions

Hop on to JFrog secrets management with granular access permissions

JFrog has outlined how Pipelines integrations can protect credentials for each integrated component – as JFrog‘s Gianni Truzzi says, a mission-critical CI/CD tool needs to keep its secrets.

“Keeping secrets can be a challenge for CI/CD tools, since they need to connect to such a variety of other services. Each one needs its own password or token that must be kept hidden from prying eyes. Revealing this sensitive data in the plain-text files that define your workflows is a huge security risk,” notes Truzzi via the JFrog blog.

Yet many CI solutions that provide plugins or add-ons need to be specially installed and maintained. Instead, secrets management should be built in – as in JFrog Pipelines, he says.

“Pipelines integrations combine central secrets management with fine-grained access permissions of JFrog Platform to provide convenience, security, and administrator control,” explains Truzzi.

“Adding an integration is often just giving it a friendly name, providing an API endpoint, and entering user credentials. Integrations ready to connect include GitHub, Bitbucket, Docker, Kubernetes, and Slack, as well as cloud services like AWS, GCP, and Azure.”

JFrog can be understood as an end-to-end universal devops platform, offering a universal package repository, security operations, CI/CD, and software distribution on a cloud platform or self-hosted solution.

One customer success story is Redbox, an American movie rentals business that, in addition to streaming, sends DVDs and Blu-ray discs to customers via some 41,000 kiosks.

Redbox relies on JFrog on AWS to manage packages and security across its cloud devops pipelines, which grapple with different programming languages and package formats – from Docker and Debian to PyPi, ReactJS (npm), .NET (NuGet) and more.

“They therefore require a single source of truth for their package management across their many pipelines, with full visibility into both CI/CD processes and security standards,” according to JFrog’s published case study. “Redbox was looking for an environment that supports their rapid development cycles.”

Hosting their toolchain on AWS has helped ease the hosting, managing, and uptime maintenance of their infrastructure, according to JFrog.

Redbox is quickly able to scale workloads and deploy changes to ensure a great customer experience. After adoption of Artifactory and Xray on AWS, Redbox has seen a 5-10 times increase in monthly deployments,” it says.

Learn more about JFrog at virtual event SwampUP 2020, targeting devops and user requirements focusing on EMEA and APAC 30 June, and the Americas on 23 June.

Recent Articles

Why storing all your enterprise data enables ROT at the core

Data is everywhere -- and increasingly difficult to track and manage. Worse still -- as Lepide's Philip Robinson notes -- much of...

Diverse file exploits isolated in HP-Bromium threat report for Q4

Hackers and other malicious actors could be increasingly targeting diverse files and applications, according to HP-Bromium's threat intelligence report.

‘Zero trust’ cybersecurity approach is misunderstood: Stormshield

Trusting nothing and no one when it comes to network access is impractical if not completely impossible, endpoint security vendor Stormshield has...

Firmware hackers target embedded systems and IoT apps

Microsoft's report of a a rise in firmware attacks partly reflects the rise of embedded systems and the Internet of Things (IoT),...

Netsparker and Acunetix web scanning apps get design and brand revamp

Invicti Security - the parent brand of web scanners Acunetix and Netsparker - has flagged changes to its product design and user...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox