Welcome to the JFrog Blog

FILTER BY

All
Products
Solutions
Other
CVE-2022-25845 – Analyzing the Fastjson “Auto Type Bypass” RCE vulnerability

CVE-2022-25845 – Analyzing the Fastjson “Auto Type Bypass” RCE vulnerability

A few weeks ago, a new version for Fastjson was released (1.2.83) which contains a fix for a security vulnerability that allegedly allows an attacker to execute code on a remote machine. According to several publications, this vulnerability allows an attacker to bypass the “AutoTypeCheck” mechanism in Fastjson and achieve remote code execution. This Fastjson…
5 Takeaways From “Behind the Curtain: The Road to Terraform”

5 Takeaways From “Behind the Curtain: The Road to Terraform”

How much time are you wasting initializing your Terraform environments? If your answer is, “more than we should,” then we have some tips for you.  Terraform is a popular infrastructure-as-code (IaC) tool for anyone who deploys to the cloud. We use it here at JFrog to help manage infrastructure for our SaaS customers, and recently…
Denial of Service Vulnerability in Envoy Proxy – CVE-2022-29225

Denial of Service Vulnerability in Envoy Proxy – CVE-2022-29225

The JFrog Security Research team is constantly looking for new and previously unknown software vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered a denial of service (DoS) vulnerability in Envoy Proxy, a widely used open-source edge and service proxy server, designed for cloud-native applications…
Artifactory, Your Swift Package Repository

Artifactory, Your Swift Package Repository

If you’re looking forward to WWDC 2022 for some exciting Swift news, we have just the thing. JFrog now offers the first and only Swift binary package repository, enabling developers to use JFrog Artifactory for resolving Swift dependencies instead of enterprise source control (Git) systems. Swift developers can benefit from Artifactory’s robust binary management and…
Automate Security Workflows in ServiceNow with the JFrog Xray Spoke

Automate Security Workflows in ServiceNow with the JFrog Xray Spoke

In 2022, JFrog and ServiceNow engaged in a series of meaningful conversations around the state of DevSecOps and how the industry could benefit from tighter integrations with IT-Operations tools. The idea of “DevSecOps + ServiceOps” is a theme that JFrog and ServiceNow are now exploring and today, we’re excited to announce an integration that will…
Secure your Software Supply Chain with Xray and Lightstep Incident Response

Secure your Software Supply Chain with Xray and Lightstep Incident Response

Securing your software supply chain requires proactively identifying compliance issues and security vulnerabilities early in your software development lifecycle. Additionally early detection must be coupled with an organized and agile method of response that brings together developers, operations and SRE teams to accelerate remediation workflows across the organization. To meet these challenges, we are excited…
JFrog Connect: Ready for What’s Next for DevSecOps, Edge and IoT

JFrog Connect: Ready for What’s Next for DevSecOps, Edge and IoT

Today at swampUP, our annual DevOps conference, JFrog CTO Yoav Landman unveiled the next step toward making the Liquid Software vision of continuous, secure updates a truly universal reality.  We’ve introduced JFrog Connect, a new solution designed to help developers update, manage, monitor, and secure remote Linux & Internet of Things (IoT) devices at scale.…
Pyrsia: Open Source Software that Helps Protect the Open Source Supply Chain

Pyrsia: Open Source Software that Helps Protect the Open Source Supply Chain

Stephen Chin is no stranger to having big ideas and implementing them to help the developer community. In the last twenty years he’s been involved in building open source IDEs, bootstrapping rich client libraries, maintaining JVM languages, and cultivating relationships with developers that do the same. He has also authored several books including Raspberry Pi…
Pyrsia: Decentralized Package Network that Secures the Open Source Supply Chain

Pyrsia: Decentralized Package Network that Secures the Open Source Supply Chain

State of Supply Chain Security Supply chain security has received a lot of attention in recent years. And rightly so. Software vulnerability exploitation attacks have been a key tool in the hands of the hackers to hamper businesses, compromise sensitive data, and a cause of general sense of fear around open source software. Many of…