Welcome to the JFrog Blog

Latest:

JFrog Cold Artifact Storage: Retention Policies for Your Binaries

October 20, 2021 Jagdish Mirani

4 min read

With the trend towards smaller but more frequent software releases, your binaries and artifacts keep accumulating faster. Our enterprise customers each maintain an average of 20 million unique artifacts, adding 130% more each year. Eventually, a clutter of outdated binaries forms, and fInding the binaries you need becomes unwieldy, difficult, and confusing. Over time, your…

Read More
CVE-2020-27304 – RCE via Directory Traversal in CivetWeb HTTP server

CVE-2020-27304 – RCE via Directory Traversal in CivetWeb HTTP server

October 19, 2021 Denys Vozniuk and Shachar Menashe | 6 min read

Background JFrog has recently disclosed a directory traversal issue in CivetWeb, a very popular embeddable web server/library that can either be used as a standalone web server or included as a library to add web server functionality to an existing application. The issue has been assigned to CVE-2020-27304. This directory traversal issue is highly exploitable…
Read More
GitLab vs JFrog: Who Has the Right Stuff?

GitLab vs JFrog: Who Has the Right Stuff?

October 18, 2021 JFrog Team | 19 min read

Like the historic space race, the competition to plant the flag of DevOps is blasting off which makes it an exciting moment for the community. According to market intelligence firm IDC, global business will invest $6.8 trillion in digital transformation by 2023. Yet research also suggests that 70 percent of them will fail to meet…
Read More
Don’t let Prometheus Steal your Fire

Don’t let Prometheus Steal your Fire

October 12, 2021 Andrey Polkovnychenko and Shachar Menashe | 12 min read

Background Prometheus is an open-source, metrics-based event monitoring and alerting solution for cloud applications. It is used by nearly 800 cloud-native organizations including Uber, Slack, Robinhood, and more. By scraping real-time metrics from various endpoints, Prometheus allows easy observation of a system's state in addition to observation of hardware and software metrics such as memory…
Read More
Proceed With Care: How to Use Approval Gates in Pipelines

Proceed With Care: How to Use Approval Gates in Pipelines

October 7, 2021 Maharshi Patel | 5 min read

While DevOps automation aims to eliminate most human intervention in the CI/CD DevOps pipeline, you can’t always cut people completely out of the process. There are still times when you’ll want an expert, hands-on review to assure that everything is as it should be before allowing your pipeline to proceed further. That’s why JFrog Pipelines…
Read More
Get Cybersmart with JFrog This October

Get Cybersmart with JFrog This October

October 5, 2021 Michal Brenner, Product Marketing Manager, JFrog | 4 min read

We live in a world of increasingly connected devices - phones, digital assistants, smart watches, cars, thermostats, refrigerators, windmills, and more. More than 50% of the world’s population is now online and two-thirds own a mobile device, according to the World Economic Forum. Additionally, the codebase of today’s applications typically consists mainly of open source…
Read More
23andMe’s Yamale Python code injection, and properly sanitizing eval()

23andMe’s Yamale Python code injection, and properly sanitizing eval()

October 5, 2021 Andrey Polkovneychenko and Shachar Menashe | 5 min read

Background JFrog security research team (formerly Vdoo) has recently disclosed a code injection issue in Yamale, a popular schema validator for YAML that's used by over 200 repositories. The issue has been assigned to CVE-2021-38305. The injection issue An attacker that can control the contents of the schema file that's supplied to Yamale (-s/--schema command…
Read More
The Vulnerability Conundrum: Improving the Disclosure Process

The Vulnerability Conundrum: Improving the Disclosure Process

October 4, 2021 Asaf Karas, Security CTO and VP, JFrog | 5 min read

The vulnerability disclosure process involves reporting security flaws in software or hardware, and can be complex. Cooperation between the organization responsible for the software or hardware, and the security researcher who discovers the vulnerability can be complicated.  In this blog we’ll look at the vulnerability disclosure process, the parties involved and how they can collaborate…
Read More
Fold Your Repos Into PHP Composer v2 with Artifactory

Fold Your Repos Into PHP Composer v2 with Artifactory

October 1, 2021 Barak Hacham and Gianni Truzzi | 5 min read

If you’re among the nearly one in four professional developers using PHP (according to StackOverflow’s 2021 survey), then the maintainers of Composer would really like you to migrate from v1 of the PHP package manager to v2.  On October 24 2020, Composer 2.0.0 was released with some major improvements.Since almost eight out of every ten…
Read More
The Importance of Prioritizing Product Security

The Importance of Prioritizing Product Security

September 30, 2021 Sarit Tager, VP Product, JFrog Security | 7 min read

Achieving comprehensive security for the products delivered and deployed by organizations is becoming more difficult, due to a variety of factors. A key one is the growing volume, variety and complexity of software and connected devices in use. Another is the overwhelming risk of inherited software supply chain exposures. The result: Companies struggle every day…
Read More

Popular Tags

Try the JFrog Platform

In the cloud or self-hosted

Start for Free

or Book a Demo