Welcome to the JFrog Blog

Latest:

JFrog swampUP 2022 City Tour Scholarship Program – Apply now!

September 8, 2022 The JFrog Team

2 min read

JFrog is committed to building a culture of diversity and inclusion. Our robust JFrog community brings together a broad group of DevOps and SecOps participants to share the latest and greatest ideas in the world of open source thought leadership. Ensuring open source education and community participation reaches a diverse population is critical for continued…

Read More

FILTER BY

All
Products
Solutions
Other
JFrog Joins Rust Foundation as Platinum Member

JFrog Joins Rust Foundation as Platinum Member

September 6, 2022 Lori Lorusso, JFrog Open Source Program Manager & Stephen Chin, JFrog VP of Developer Relations | 3 min read

The technology ecosystem is continually evolving but one truth remains, if there is a new and emerging coding language that captures the heart and minds of developers JFrog will be there. JFrog provides a DevOps Platform to store and secure its artifacts while engaging with the community and foundations that support developers using that language.…
Read More
The Software Supply Chain Risks You Need to Know

The Software Supply Chain Risks You Need to Know

September 6, 2022 Nati Davidi, SVP JFrog Security | 10 min read

Code that an organization’s developers create is only the beginning of modern software development. In fact, first-party code is likely to be only a small portion of an application – sometimes as little as 10% of the application’s artifact ecosystem. An enterprise’s software supply chain is made of many parts, accumulated from many sources: open…
Read More
Foundations and JFrog – Meeting Developers at the Source

Foundations and JFrog – Meeting Developers at the Source

September 5, 2022 Lori Lorusso | 6 min read

TL;DR JFrog is a proud supporter of non-profit, technology foundations and consortiums that focus on helping developers advance the tech ecosystem. If there is one thing I know about JFrog it's that we are committed to developers and making software that enhances productivity, ingenuity and gives software creators the freedom to ‘set it and forget…
Read More
4 Operational Risks to Not Leave to Chance

4 Operational Risks to Not Leave to Chance

September 1, 2022 JFrog Team | 5 min read

Not all of the recognizable risks in your software supply chain can be identified by their known vulnerabilities recorded as CVEs. A component that is outdated or inactive may present risks to your application that no one has had cause to investigate. Yet these components could still harbor threats. Security teams and developers must also…
Read More
JFrog Providers Support the Terraform Community

JFrog Providers Support the Terraform Community

August 29, 2022 Sean Pratt, Product Marketing Manager | 4 min read

If you’re reading this blog you’re probably at least somewhat familiar with Hashicorp Terraform and the value it brings to managing the deployment and provisioning of infrastructure resources at scale. We’re big fans and users of it ourselves here at JFrog (see how in our recent webinar!).   Terraform is one of the most, if…
Read More
CVE-2021-38297 – Analysis of a Go Web Assembly vulnerability

CVE-2021-38297 – Analysis of a Go Web Assembly vulnerability

August 30, 2022 Uriya Yavnieli | 9 min read

The JFrog Security Research team continuously monitors reported vulnerabilities in open-source software (OSS) to help our customers and the wider community be aware of potential software supply chain security threats and their impact. In doing so, we often notice important trends and key learnings worth highlighting. The following analysis of a vulnerability discovered in the…
Read More
SATisfying our way into remote code execution in the OPC UA industrial stack

SATisfying our way into remote code execution in the OPC UA industrial stack

August 25, 2022 Or Peles, Omer Kaspi and Uriya Yavnieli | 18 min read

The JFrog Security team recently competed in the Pwn2Own Miami 2022 hacking competition which focuses on Industrial Control Systems (ICS) security. One of our research targets for the competition was the Unified Automation C++-based OPC UA Server SDK. Other than the vulnerabilities we disclosed as part of the pwn2own competition, we managed to find and…
Read More
Crashing Industrial Control Systems at Pwn2Own Miami 2022

Crashing Industrial Control Systems at Pwn2Own Miami 2022

August 25, 2022 Or Peles, Omer Kaspi and Uriya Yavnieli | 13 min read

Earlier this year, the JFrog Security research team competed in the Pwn2Own Miami 2022 hacking competition which focuses on Industrial Control Systems (ICS) security. We were proud to take part in this competition and join other researchers in the effort to make mission-critical industrial environments safe and secure. During the Pwn2Own Miami competition we competed…
Read More
swampUP 2022 is Going on the Road – Sign up for the Tour

swampUP 2022 is Going on the Road – Sign up for the Tour

August 24, 2022 The JFrog Team | 4 min read

Did you miss our info-packed keynote session at swampUP San Diego? Take a breath, swampUp is back and coming live to a city near you this October 2022. From New York to London to Munich, swampUP has you and your DevOps needs at heart. But, before you take the leap, what’s the 2022 swampUP city…
Read More
How To Put Cloud Nimble to Work to Segment Dev/Test from Production

How To Put Cloud Nimble to Work to Segment Dev/Test from Production

August 23, 2022 John Cabaniss and Gianni Truzzi | 7 min read

In every workplace, most work gets done at the most cluttered desks. Yet the business also requires an orderly front office to run efficiently. It’s much the same with your DevOps pipeline environments, as the rough and tumble process of innovating code must ultimately produce cleanly released applications. Continuous integration means that developers perform many…
Read More

Popular Tags

Try the JFrog Platform

In the cloud or self-hosted

Start for Free

or Book a Demo