Welcome to the JFrog Blog

Latest:

JFrog Connect: Ready for What’s Next for DevSecOps, Edge and IoT

May 25, 2022 Amit Ezer

5 min read

Today at swampUP, our annual DevOps conference, JFrog CTO Yoav Landman unveiled the next step toward making the Liquid Software vision of continuous, secure updates a truly universal reality.  We’ve introduced JFrog Connect, a new solution designed to help developers update, manage, monitor, and secure remote Linux & Internet of Things (IoT) devices at scale.…

Read More

FILTER BY

All
Products
Solutions
Other
Pyrsia: Open Source Software that Helps Protect the Open Source Supply Chain

Pyrsia: Open Source Software that Helps Protect the Open Source Supply Chain

May 25, 2022 Lori Lorusso and Stephen Chin | 3 min read

Stephen Chin is no stranger to having big ideas and implementing them to help the developer community. In the last twenty years he’s been involved in building open source IDEs, bootstrapping rich client libraries, maintaining JVM languages, and cultivating relationships with developers that do the same. He has also authored several books including Raspberry Pi…
Read More
Pyrsia: Decentralized Package Network that Secures the Open Source Supply Chain

Pyrsia: Decentralized Package Network that Secures the Open Source Supply Chain

May 25, 2022 Sudhindra Rao | 7 min read

State of Supply Chain Security Supply chain security has received a lot of attention in recent years. And rightly so. Software vulnerability exploitation attacks have been a key tool in the hands of the hackers to hamper businesses, compromise sensitive data, and a cause of general sense of fear around open source software. Many of…
Read More
npm package hijacking through domain takeover – how bad is this “new” attack?

npm package hijacking through domain takeover – how bad is this “new” attack?

May 24, 2022 Andrey Polkovnychenko and Shachar Menashe | 11 min read

When relying on a 3rd-party package from a non-commercial entity, there is always the risk of lack of support, especially when it comes to outdated packages and versions. If the package stops being maintained, nobody will implement a new feature we might need or fix a newly-discovered security vulnerability. Consider, for example, CVE-2019-17571. A critical…
Read More
JFrog & Industry Leaders Join White House Summit on Open Source Software Security

JFrog & Industry Leaders Join White House Summit on Open Source Software Security

May 18, 2022 Stephen Chin, VP of Developer Relations, JFrog | 6 min read

There’s no question the volume, sophistication and severity of software supply chain attacks has increased in the last year. In recent months the JFrog Security Research team tracked nearly 20 different open source software supply chain attacks – two of which were zero day threats. This steady barrage of vulnerabilities and malicious packages is driving…
Read More
How to Prevent the Next Log4j Style Zero-Day Vulnerability

How to Prevent the Next Log4j Style Zero-Day Vulnerability

May 17, 2022 Asaf Karas, Oren Ish-Shalom, Ilya Khivrich | 8 min read

Note: This blog post was previously published on Dark Reading Software testing is notoriously hard. Search Google for CVEs caused by basic CRLF (newline character) issues and you’ll see thousands of entries. Humanity has been able to put a man on the moon, but it hasn’t yet found a proper way to handle line endings…
Read More
Scan your software packages for security vulnerabilities with JFrog Xray

Scan your software packages for security vulnerabilities with JFrog Xray

May 17, 2022 Robi Nino and Michael Sverdlov | 4 min read

Scanning your packages for security vulnerabilities and license violations should be done as early as possible in your SDLC, and the earlier the better. This concept is also known as “Shifting Left”, which helps your organization comply with security policies and standards early on in the software development process. As developers, this may seem like…
Read More
npm supply chain attack targets Germany-based companies with dangerous backdoor malware

npm supply chain attack targets Germany-based companies with dangerous backdoor malware

May 10, 2022 Andrey Polkovnychenko and Shachar Menashe | 9 min read

Update May 11th: Following the publication of this blog post, a penetration testing company called "Code White" took responsibility for this dependency confusion attack The JFrog Security research team constantly monitors the npm and PyPI ecosystems for malicious packages that may lead to widespread software supply chain attacks. Last month, we shared a widespread npm…
Read More
Complete Your Cloud Kubernetes Registry With Terraform Repositories in Artifactory

Complete Your Cloud Kubernetes Registry With Terraform Repositories in Artifactory

May 5, 2022 Ben Ifrach | 5 min read

When developing container-based services that will be orchestrated by Kubernetes, Terraform is an essential part of your artifact ecosystem. These infrastructure-as-code configuration files help automate the provisioning and maintenance of the cloud environments where your K8s applications will run. That’s why it’s great news that you can now store your Terraform modules, providers, and remote…
Read More
JFrog Artifactory As Your NuGet Symbol Server

JFrog Artifactory As Your NuGet Symbol Server

May 3, 2022 Tomer Nir, JFrog Software Engineer | 2 min read

We’ve got great news for .NET developers - JFrog Artifactory can now act as your fully featured Symbol Server! Artifactory has long offered native support for NuGet packages, now developers can also store their symbol files in Artifactory where they can be indexed and consumed by the Visual Studio Debugger and other debugging tools.  What…
Read More

Popular Tags

Try the JFrog Platform

In the cloud or self-hosted

Start for Free

or Book a Demo