JFrog

Пікірлер

@ReelsCompilation-l6z 3 күн бұрын

how to setup multiple repository connection ?. I am trying {"repository":[" pac/git-1"," pac/git-2"]}, not working ?

@jerikho04 Ай бұрын

Dear Jfrog folks, this video, just like the rest of your documentation, is horrible. Do you want to improve developer productivity? Well stop wasting people's time searching for trivial things in your documentation website, it looks and behaves like its a first coding project in high school, made with Dreamweaver. Surely you can do better, right?

@realspacemusicvideos Ай бұрын

Could you please elaborate on the specific issues with the Jfrog documentation?

@jerikho04 Ай бұрын

@@realspacemusicvideos Yes, here are some of my personal experiences. One has to scroll between links that lead to other links, that lead to more links for some basic info. Artifactory product documentation page has no reference of the installation, which is apparently located at a different page. The Debian/Ubuntu installer is missing some dependencies that must be installed separately. Some features are explained by a single line or so. There is no documentation available for download. Honestly, I used Chatgpt to pull the stuff I needed from the website, which kinda beats the purpose.

@Feelyourbodyallways Ай бұрын

Nice! How is the repository validated to run this action? Or rather, who can use this cli action snippet.

@JFrogInc Ай бұрын

Hi @Feelyourbodyalways, great question. We provide a straightforward example to keep things simple, with a basic verification process. However, as you can see at timestamp 2:28 in the video, we provide an example of the matching object sent by GitHub. Once GitHub sends this object, we match it against the identity mappings. If they are equal, then you are good to go. Otherwise, the claim JSON verification will fail, and the token won't be sent back. Please let us know if you have further questions.

@WanjaGich 2 ай бұрын

Hi Sowjanya,Please explain how to migrate data from default db to external postgres db?

@baraluttam 3 ай бұрын

timeestamp 5:50, Can the scan be filtered based on artifact? in the include subpath can you include only the artifact that you want the report for? if so how would you do that?

@excellencementoringclub 3 ай бұрын

thank you for the great presentations

@singh46928 4 ай бұрын

what about mastery key for 2 instances?

@fb-gu2er 4 ай бұрын

Jfrog is the worst when it comes to supporting its clients or helping them

@TristanBailey 5 ай бұрын

Here's a list of the points mentioned in the transcript: 1. Being an early adopter and providing feedback on new features. 2. Utilizing jfactory as a central place for dependency management and repository use. 3. Implementing code review processes to identify and address security vulnerabilities. 4. Automating static code analysis into the CI/CD pipeline. 5. Integrating security checks into the CI pipeline. 6. Automating security testing, potentially through nightly builds. 7. Utilizing software composition analysis (SCA) with tools like X-ray. 8. Prioritizing vulnerabilities for handling. 9. Ensuring container security by scanning container images for vulnerabilities. 10. Signing and verifying packages and pipelines. 11. Implementing access control and least privilege principles, especially in repositories. 12. Simulating purple team activities and red team challenges to the supply chain. 13. Monitoring threats, including simulating attacks. 14. Having an incident response plan in place for supply chain attacks. 15. Practicing incident response for supply chain attacks. 16. Creating an outline of steps to take in case of a security breach within the software supply chain.

@TristanBailey 5 ай бұрын

good summary of points

@obivanbeluii 5 ай бұрын

super👍

@viktorpaulsen627 5 ай бұрын

Exercises do not work!

@darthVikes 6 ай бұрын

@jfrog - is the script still the only way to verify replication success since this was created 3 years ago?

@darthVikes 6 ай бұрын

@jfrog, would be good to cover how to upgrade mysql5 to mysql8

@gargoyles9999 6 ай бұрын

What is best in life?

@user-we4du8bi7j 6 ай бұрын

Quick and dirty - nice! And thankyou!

@ashishmundra 6 ай бұрын

Not useful video. - JFrog CLI basic demo is missing, would be good to show some commands to publish or consume, preferably from Github action - Example of Custom User Plugin not provided. It says cleanup plugin, but what exactly it cleans? No enterprise use case is provided that when I should write it. An example states Perform Searches but what does it even mean to perform searches by Custom User Plugin. Also, does not give example on how to make one, upload one and demo. Will be good to re-record as really did not receive much info after spending 18:56 mins (except that I looked up file-spec documentation which went to a site which says documentation moved so not frutiful).

@HelloWorld-lj5xg 6 ай бұрын

How GC work ok checksome and deletd data is not affecting on disk space

@rohanbari 6 ай бұрын

Right now, I'm reading his book. 😂 Love to have such an author!

@user-hk9cn1vf8r 6 ай бұрын

Great Video!

@andrejflieger4182 7 ай бұрын

Is there any suitable IDE integration for developing user-plugins to have code complein available? I can't find anythig

@JFrogInc 7 ай бұрын

Hi! Are you looking for IDE integrations to build user plugins for code completion (you wrote "complein" above) or IDE integrations that support code completion for developing user plugins?

@andrejflieger4182 7 ай бұрын

@@JFrogInc Damn autocompletion. I mean Code completion. Especially vscode. Furthermore also a suitable documentation probably. The documentation on the Website is really poor

@irshviralvideo 7 ай бұрын

opsera and circleci is way better. dont use froggies

@rahithyareddy6248 7 ай бұрын

Could you please tell which version ur using. I am unable to find system import and export options in jrog latest 7x version

@rbaleksandar 7 ай бұрын

The free tier of this tool is useless.

@vajjabageeradha6740 7 ай бұрын

How to export these details from IntelliJ

@sarvo-tha-man 7 ай бұрын

is JFrog Curation SAST, DAST or SCA tool. What category does JFrog Curation fall under

@andrewlarsen7074 7 ай бұрын

It's none of the above. Curation would be used to prevent SCA violations. So rather than running an SCA scan and finding a bunch of vulnerabilities, curation would prevent developers from pulling the vulnerable packages in to begin with. That assumes you set the policies up properly. It wouldn't catch everything, but it would keep known malicious packages out.

@sarvo-tha-man 7 ай бұрын

So what's the category Curation falls under. Any term exists or needs to be coined

@sarvo-tha-man 7 ай бұрын

What are the competitor products for Curation

@andrewlarsen7074 7 ай бұрын

@@sarvo-tha-man Not sure there's a term for this type of thing. I've just started using curation, so I really can't say what it's competitors are.

@user-de2pd6qe1m 7 ай бұрын

אני ירון חפץ אני חושב שהסרטון לא ברמה לא מכבד מעליב מאוד כמה אתה שוקל?

@Pilouface95 7 ай бұрын

Still have no idea of what it is and what does it do after watching it...

@shitshow_1 8 ай бұрын

Amazing, this is really a good starter video to understand how Jenkins can be integrated with C/C++ for CI/CD.

@varaprasad6050 8 ай бұрын

How to download the conda install python 3.9.5 through jfrog conda

@EmmanuelOuzan 9 ай бұрын

Still relevent for today?

@LucasHildenbrand256 9 ай бұрын

this helped a lot

@user-dl5ph5bv4u 9 ай бұрын

Thanks for this Very useful

@user-qc6bb1mi4i 9 ай бұрын

ammm.... aaaammmm....

@2707marcel 9 ай бұрын

also ich spreche nochmal für die Jäger unter uns..... Du DaRfSt dA ObEn NeD DrAuF💀🤬

@strato824 9 ай бұрын

This is fine and well but what if your user is not admin

@sivakumarl31 9 ай бұрын

Appreciable, Presentation is very clear and understandable.

@davehaertel5011 10 ай бұрын

When I run the install script, I receive "Jq is mandatory to download latest version of jfrog xray native package". Can you explain how to resolve this?

@bruceedge 10 ай бұрын

Does not make up the the lack of adequate documentation. Similarly, highlighting commands does not explain the "why" or the context around it. Not to mention the inexplicable use of curl to shore up the glaring missing helm upload support.