Welcome to the JFrog Blog

FILTER BY

All
Products
Solutions
Other
Save time fixing security vulnerabilities much earlier in your SDLC

Save time fixing security vulnerabilities much earlier in your SDLC

Are you or your development team tired of using application security tools that generate countless results, making it difficult to identify which vulnerabilities pose actual risks? Do you struggle with inefficient or incorrect prioritization due to a lack of context? What adds insult to injury is that traditional CVSS scoring methods ignore critical details like…
Gain real-time observability into your software supply chain with the New Relic Log Analytics Integration

Gain real-time observability into your software supply chain with the New Relic Log Analytics Integration

JFrog’s new log analytics integration with New Relic brings together powerful observability capabilities to monitor, analyze, and visualize logs and metrics from self-hosted JFrog environments. The integration is free for all tiers of self-hosted JFrog customers and utilizes the powerful, open source log management tool, Fluentd, to collect, process, and surface data in New Relic…
Attackers are starting to target .NET developers with malicious-code NuGet packages

Attackers are starting to target .NET developers with malicious-code NuGet packages

Update 2023-03-21 - We've talked with members of the NuGet team and they had already detected and removed the malicious packages in question. Malicious packages are often spread by the open source NPM and PyPI package repositories, with few other repositories affected. Specifically - there was no public evidence of severe malicious activity in the…
Examining OpenSSH Sandboxing and Privilege Separation – Attack Surface Analysis

Examining OpenSSH Sandboxing and Privilege Separation – Attack Surface Analysis

The recent OpenSSH double-free vulnerability - CVE-2023-25136, created a lot of interest and confusion regarding OpenSSH’s custom security mechanisms - Sandbox and Privilege Separation. Until now, both of these security mechanisms were somewhat unnoticed and only partially documented. The double-free vulnerability raised interest for those who were affected and those controlling servers that use OpenSSH.…
Release Trusted Software Faster – Our New release Lifecycle Management Beta Is Here

Release Trusted Software Faster – Our New release Lifecycle Management Beta Is Here

Releasing production-ready software is a complicated tangle of tools and processes lacking visibility, traceability, and consistency. This leads to custom integrations and human intervention, which create opportunities for mistakes, impede automation, and increase the likelihood of insecure software being released. JFrog's release lifecycle management capabilities enable "release first" software supply chain (SSC) management, delivering trusted…
How to Onboard to a Federated Repository

How to Onboard to a Federated Repository

Scaling up your development organization typically involves spreading development across multiple locations around the globe. One of the key challenges with multisite development is ensuring reliable access to required software packages and artifacts for teams collaborating across time zones. The JFrog Software Supply Chain Platform solves this challenge with federated repositories in JFrog Artifactory. What…
Striving for a “DigitALL” World That Empowers Everyone on International Women’s Day

Striving for a “DigitALL” World That Empowers Everyone on International Women’s Day

As I pondered the theme of this year’s International Women’s Day - DigitALL and Embracing Equality - it struck me how much we take for granted in our always-on, always-connected world. Technology has opened up countless opportunities for everyone, including women. At least those who have the necessary digital access to take advantage of it.…
Advanced DevOps Security With Development Flexibility

Advanced DevOps Security With Development Flexibility

Announcing the general availability of JFrog Xray’s advanced security features in self-hosted subscriptions, organizations have the flexibility to manage and secure their software development pipelines in-house and in the cloud. Since Developers and the DevOps infrastructure are the primary attack vector in the software supply chain, we designed our platform and the advanced security features…
Testing the actual security of the most insecure Docker application

Testing the actual security of the most insecure Docker application

Our previous research on CVE exploitability in the top DockerHub images discovered that 78% of the reported CVEs were actually not exploitable. This time, the JFrog Security Research team used JFrog Xray’s Contextual Analysis feature, automatically analyzing the applicability of reported CVEs, to scan OWASP WebGoat - a deliberately insecure application. The results identified that…