Crista Perlton on April 16th, 2026.
Having uncontrolled package dependencies can lead to some unintended consequences, like version conflict and even malicious and vulnerable packages. Let’s see what happens when you let those dependency trees go unchecked.
Crista Perlton on April 2nd, 2026.
Python package licenses can have huge consequences when not vetted and approved by stakeholders. Read about expanding your third-party software policy to include packages.
Crista Perlton on March 26th, 2026.
Versioning in Python is tricky due to its range of complex versioning schemes. Follow these best practices to speed up the development process, keep things organized, and avoid future headaches.
Crista Perlton on March 19th, 2026.
There are a number of choices to make when cultivating the best environment for your Python project. This article will explain best practices to follow and common mistakes to avoid when cultivating your Python environment.
Crista Perlton on January 28th, 2026.
This article is part of a series on Migrating from Artifactory to ProGet, also available as an eBook. JFrog Curation manages vulnerable in your development pipeline using configured policies and waivers, blocking those with high CVSS scores. However, these scores alone don’t tell you what you should actually do when a newly...
Crista Perlton on December 24th, 2025.
If you work with CI/CD pipelines, artifact repositories, or DevOps workflows, you’ll be familiar with Amazon S3. It’s flexible and widely used, but as your repository grows, costs can add up fast. Storage is just one piece of it; request charges and egress fees can catch teams off guard, especially when traffic spikes. As you...
Crista Perlton on December 11th, 2025.
If you’re managing projects that rely on multiple teams delivering consistent components, you’ve probably noticed the chaos that comes from storing build artifacts and libraries in shared folders. Each team has its own way of organizing files, versions get mixed up, and no one really knows which asset the project should be using....
Crista Perlton on December 9th, 2025.
You’re likely pulling OSS packages straight from NuGet.org, npmjs.com, or PyPI.org, via the CLI. It’s the path of least resistance and the fastest way to get what your teams need. But without something sitting in the middle, it’s hard to know exactly what’s being pulled in or whether it meets your org’s requirements. When you pull OSS...
Crista Perlton on December 4th, 2025.
Internal registries are a smart way to manage OSS packages. They let you curate reusable code for your apps and cut down on risky repeat pulls from the wild. But when every team spins up its own siloed registry and tooling sprawls across the org, you end up with duplicate work, outdated packages, and security headaches that didn’t need...
Crista Perlton on November 28th, 2025.
Inedo’s newest whitepaper, “Migrating from Sonatype to ProGet“ releases this month, available both as a free PDF eBook, or as a series of articles on our blog. Migrating from Sonatype Nexus to ProGet is more than just copying your packages over. Nexus spreads its features across different products—Repository, Lifecycle,...
