Welcome to the JFrog Blog

Latest:

Attackers are starting to target .NET developers with malicious-code NuGet packages

March 20, 2023 Natan Nehorai, Application Security Researcher Brian Moussalli, Security Research Tech Lead

12 min read

Update 2023-03-21 - We've talked with members of the NuGet team and they had already detected and removed the malicious packages in question. Malicious packages are often spread by the open source NPM and PyPI package repositories, with few other repositories affected. Specifically - there was no public evidence of severe malicious activity in the…

Read More

FILTER BY

All
Products
Solutions
Other
Gain real-time observability into your software supply chain with the New Relic Log Analytics Integration

Gain real-time observability into your software supply chain with the New Relic Log Analytics Integration

March 15, 2023 Kristian Taernhed, Sr. Technical Alliance Manager and Mahitha Byreddy, Senior Software Engineer | 4 min read

JFrog’s new log analytics integration with New Relic brings together powerful observability capabilities to monitor, analyze, and visualize logs and metrics from self-hosted JFrog environments. The integration is free for all tiers of self-hosted JFrog customers and utilizes the powerful, open source log management tool, Fluentd, to collect, process, and surface data in New Relic…
Read More
Examining OpenSSH Sandboxing and Privilege Separation – Attack Surface Analysis

Examining OpenSSH Sandboxing and Privilege Separation – Attack Surface Analysis

March 14, 2023 Yair Mizrahi, Senior Security Researcher | 18 min read

The recent OpenSSH double-free vulnerability - CVE-2023-25136, created a lot of interest and confusion regarding OpenSSH’s custom security mechanisms - Sandbox and Privilege Separation. Until now, both of these security mechanisms were somewhat unnoticed and only partially documented. The double-free vulnerability raised interest for those who were affected and those controlling servers that use OpenSSH.…
Read More
Release Trusted Software Faster – Our New release Lifecycle Management Beta Is Here

Release Trusted Software Faster – Our New release Lifecycle Management Beta Is Here

March 9, 2023 Sean Pratt, Senior Product Marketing Manager | 4 min read

Releasing production-ready software is a complicated tangle of tools and processes lacking visibility, traceability, and consistency. This leads to custom integrations and human intervention, which create opportunities for mistakes, impede automation, and increase the likelihood of insecure software being released. JFrog's release lifecycle management capabilities enable "release first" software supply chain (SSC) management, delivering trusted…
Read More
How to Onboard to a Federated Repository

How to Onboard to a Federated Repository

March 8, 2023 Muhammed Kashif, Enterprise Solution Lead, JFrog | 7 min read

Scaling up your development organization typically involves spreading development across multiple locations around the globe. One of the key challenges with multisite development is ensuring reliable access to required software packages and artifacts for teams collaborating across time zones. The JFrog Software Supply Chain Platform solves this challenge with federated repositories in JFrog Artifactory. What…
Read More
Striving for a “DigitALL” World That Empowers Everyone on International Women’s Day

Striving for a “DigitALL” World That Empowers Everyone on International Women’s Day

March 8, 2023 Shlomi Ben Haim, CEO, JFrog | 5 min read

As I pondered the theme of this year’s International Women’s Day - DigitALL and Embracing Equality - it struck me how much we take for granted in our always-on, always-connected world. Technology has opened up countless opportunities for everyone, including women. At least those who have the necessary digital access to take advantage of it.…
Read More
Advanced DevOps Security With Development Flexibility

Advanced DevOps Security With Development Flexibility

March 7, 2023 Paul Garden, Security Product Marketing | 9 min read

Announcing the general availability of JFrog Xray’s advanced security features in self-hosted subscriptions, organizations have the flexibility to manage and secure their software development pipelines in-house and in the cloud. Since Developers and the DevOps infrastructure are the primary attack vector in the software supply chain, we designed our platform and the advanced security features…
Read More
Testing the actual security of the most insecure Docker application

Testing the actual security of the most insecure Docker application

February 28, 2023 David Fadida, JFrog Security Researcher | 15 min read

Our previous research on CVE exploitability in the top DockerHub images discovered that 78% of the reported CVEs were actually not exploitable. This time, the JFrog Security Research team used JFrog Xray’s Contextual Analysis feature, automatically analyzing the applicability of reported CVEs, to scan OWASP WebGoat - a deliberately insecure application. The results identified that…
Read More
Complete your Software Supply Chain with GitLab CI/CD and JFrog

Complete your Software Supply Chain with GitLab CI/CD and JFrog

February 27, 2023 Robi Nino, Software Engineer Eyal Ben Moshe | 4 min read

Software is more than building code. Developing software and ensuring quality builds requires managing a complete software supply chain. With the many security threats across the supply chain, managing each and every aspect of the software you deliver to your customers, including the entire process of how it was made, is critical to your organization.…
Read More
Automate Your Deployments on Kubernetes Using GitHub Workflows and JFrog Artifactory Custom Webhooks

Automate Your Deployments on Kubernetes Using GitHub Workflows and JFrog Artifactory Custom Webhooks

February 21, 2023 Yann Chaysinh, DevOps Solution Architect Cyril Chene, Senior Software Engineer | 7 min read

Full automation makes your Continuous Deployment (CD) faster, seamless and less error prone. For example, triggering the deployment of your Helm Chart when a Docker image is pushed to production. The latest JFrog Artifactory release makes this easy! With a new Custom Webhook feature that enables a direct integration with a variety of services such…
Read More

Popular Tags

Try the JFrog Platform

In the cloud or self-hosted

Start a Trial

or Book a Demo