Welcome to the JFrog Blog

All Blogs

Multi-Stage Malware Attack on PyPI: “chimera-sandbox-extensions” Malicious Package Threatens Chimera Sandbox Users

Multi-Stage Malware Attack on PyPI: “chimera-sandbox-extensions” Malicious Package Threatens Chimera Sandbox Users

Open-source package repositories like the Python Package Index (PyPI) play a crucial role in software development. However, these platforms are also potential targets for malicious actors attempting to exploit application software vulnerabilities. The JFrog Security Research team regularly monitors open source software repositories using advanced automated tools, in order to detect malicious packages. In cases…
Meet Sunny Rao, JFrog’s New SVP of Asia Pacific

Meet Sunny Rao, JFrog’s New SVP of Asia Pacific

With APAC economies rapidly going digital, businesses are hyper-focused on becoming more efficient, agile, and customer-focused. Software is playing an increasingly critical role in their success. At the same time, today’s software development landscape is more complex than ever, driven by cybersecurity concerns, emerging and constantly evolving regulatory requirements, plus AI-assisted coding trends that have…
How JFrog Delivers Self-Service Cloud Environments for our Developers

How JFrog Delivers Self-Service Cloud Environments for our Developers

The internal DevOps team at JFrog needed to provision cloud resources, create environments, and manage infrastructure for our developers.  Unfortunately, it involved wasting a significant amount of time on repetitive tasks, that was slowing down the pace of innovation and taking away our developers' focus from building new features and industry leading products. Here is…
JFrog’s SPOF Framework for SaaS Ecosystems

JFrog’s SPOF Framework for SaaS Ecosystems

As Software as a Service (SaaS) solutions evolve, organizations face increasing pressure to ensure uninterrupted service delivery. One of the most significant threats to SaaS Service delivery and operational continuity is the presence of known and unknown Single Points of Failure (SPOFs). As a SaaS organization, the team at JFrog deeply understands the risks of…
RSAC 2025 Recap: Software Supply Chain Security Takes Center Stage

RSAC 2025 Recap: Software Supply Chain Security Takes Center Stage

The RSA Conference 2025 at the Moscone Center in San Francisco on April 28 - May 1, brought together over 44,000 cybersecurity professionals from around the world. This year's event, marking the 34th annual flagship conference, placed significant emphasis on software supply chain security and secure software development lifecycle (SDLC) practices. From the keynotes, speaking…
A Vulnerable Future: MITRE’s Close Call in CVE Management

A Vulnerable Future: MITRE’s Close Call in CVE Management

Last week, one of the biggest concerns in the cybersecurity industry created a crisis that was avoided at the last minute. On April 16th, 2025, the MITRE Corporation announced:  “The current contracting pathway for MITRE to develop, operate, and modernize CVE and several other related programs, such as CWE, will expire.” Official letter from MITRE…
JFrog’s Journey with AWS Graviton

JFrog’s Journey with AWS Graviton

Every business strives to optimize operational costs and efficiency. In the DevOps world, where cloud-scale operations are the norm, this becomes even more critical. At JFrog, while delivering a robust and highly scalable SaaS solution to our customers, we are equally focused on optimizing operational costs and maximizing infrastructure efficiency. Our recent transition to AWS…
Now Available: Smart Archiving with the JFrog Platform

Now Available: Smart Archiving with the JFrog Platform

Every day development teams around the world release new software. But what happens to prior releases that are no longer in production? Most organizations save them, typically due to internal policies, external regulations, or simply the fear of losing data. Organizations typically take varied approaches to retaining their prior releases. Some use a dedicated repository…
Introducing Support for Chocolatey and PowerShell Packages

Introducing Support for Chocolatey and PowerShell Packages

In February, we announced our support for Hex packages, which further solidified the JFrog Platform as the most universal package management solution. We’re excited to announce we’re continuing to build on our universality with our new official support of Chocolatey and PowerShell, which allows both technologies to be used with our NuGet repositories in JFrog…