From the Frog's mouth

CVE-2022-25845 – Analyzing the Fastjson “Auto Type Bypass” RCE vulnerability

June 14, 2022 Uriya Yavnieli | 11 min read

A few weeks ago, a new version for Fastjson was released (1.2.83) which contains a fix for a security vulnerability that allegedly allows an attacker to execute code on a remote machine. According to several publications, this vulnerability allows an attacker to bypass the “AutoTypeCheck” mechanism in Fastjson and achieve remote code execution. This Fastjson…

5 Takeaways From “Behind the Curtain: The Road to Terraform”

June 13, 2022 Sean Pratt, JFrog Product Marketing Manager | 4 min read

How much time are you wasting initializing your Terraform environments? If your answer is, “more than we should,” then we have some tips for you. Terraform is a popular infrastructure-as-code (IaC) tool for anyone who deploys to the cloud. We use it here at JFrog to help manage infrastructure for our SaaS customers, and recently…

Denial of Service Vulnerability in Envoy Proxy – CVE-2022-29225

June 9, 2022 Ori Hollander, JFrog Security Research | 4 min read

The JFrog Security Research team is constantly looking for new and previously unknown software vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered a denial of service (DoS) vulnerability in Envoy Proxy, a widely used open-source edge and service proxy server, designed for cloud-native applications…

Artifactory, Your Swift Package Repository

June 6, 2022 Sean Pratt, Product Marketing Manager | 5 min read

If you’re looking forward to WWDC 2022 for some exciting Swift news, we have just the thing. JFrog now offers the first and only Swift binary package repository, enabling developers to use JFrog Artifactory for resolving Swift dependencies instead of enterprise source control (Git) systems. Swift developers can benefit from Artifactory’s robust binary management and…

5 Experiences from JFrog swampUP 2022 San Diego that will Get You Excited for What’s Next

May 31, 2022 Micheline Nijmeh | 7 min read

Last week hundreds of community leaders, customers, and partners gathered in San Diego for the first stop of JFrog’s multi-city swampUp world tour! It was my first in-person swampUP and I can’t tell you how invigorating it was to see everyone back together, in-person again. As I was walking the halls and sitting in on…

Automate Security Workflows in ServiceNow with the JFrog Xray Spoke

May 25, 2022 Sushrut Athavale and Mritunjay Kumar | 6 min read

In 2022, JFrog and ServiceNow engaged in a series of meaningful conversations around the state of DevSecOps and how the industry could benefit from tighter integrations with IT-Operations tools. The idea of “DevSecOps + ServiceOps” is a theme that JFrog and ServiceNow are now exploring and today, we’re excited to announce an integration that will…

Secure your Software Supply Chain with Xray and Lightstep Incident Response

May 25, 2022 Ali Sardar | 3 min read

Securing your software supply chain requires proactively identifying compliance issues and security vulnerabilities early in your software development lifecycle. Additionally early detection must be coupled with an organized and agile method of response that brings together developers, operations and SRE teams to accelerate remediation workflows across the organization. To meet these challenges, we are excited…

JFrog Connect: Ready for What’s Next for DevSecOps, Edge and IoT

May 25, 2022 Amit Ezer | 5 min read

Today at swampUP, our annual DevOps conference, JFrog CTO Yoav Landman unveiled the next step toward making the Liquid Software vision of continuous, secure updates a truly universal reality. We’ve introduced JFrog Connect, a new solution designed to help developers update, manage, monitor, and secure remote Linux & Internet of Things (IoT) devices at scale.…

Pyrsia: Open Source Software that Helps Protect the Open Source Supply Chain

May 25, 2022 Lori Lorusso and Stephen Chin | 3 min read

Stephen Chin is no stranger to having big ideas and implementing them to help the developer community. In the last twenty years he’s been involved in building open source IDEs, bootstrapping rich client libraries, maintaining JVM languages, and cultivating relationships with developers that do the same. He has also authored several books including Raspberry Pi…

Pyrsia: Decentralized Package Network that Secures the Open Source Supply Chain

May 25, 2022 Sudhindra Rao | 7 min read

State of Supply Chain Security Supply chain security has received a lot of attention in recent years. And rightly so. Software vulnerability exploitation attacks have been a key tool in the hands of the hackers to hamper businesses, compromise sensitive data, and a cause of general sense of fear around open source software. Many of…

Welcome to the JFrog Blog

Latest:

A Journey of a Thousand Binaries

FILTER BY

Products

Solutions

Other