Welcome to the JFrog Blog

Latest:

Advanced Security in your Software Supply Chain – Part 1

February 2, 2023 Neophytos Michael, Technical Market Analyst Paul Garden , Senior Product Marketing Manager

5 min read

Containerised deployment is widely becoming a standard in every industry, ensuring these containers are protected at every level with a high level of accuracy is one of the most important tasks. Some industry vendors rely solely on the manifest files to provide them with a list of components, others have to manually convert the container…

Read More

FILTER BY

All
Products
Solutions
Other
GitHub Tried to Change the Checksum for Release Archives. You Should Start Hosting Your Own.

GitHub Tried to Change the Checksum for Release Archives. You Should Start Hosting Your Own.

January 31, 2023 Christopher McArthur, Conan Developer Advocate | 3 min read

Yesterday, GitHub changed how the archives they provided are made. The result of this change surprised developers, triggering pipeline failures all over the world in most ecosystems. According to this GitHub post, this is a consequence of recent changes to Git itself, released almost six months ago and just deployed within GitHub now with unforeseen…
Read More
Detecting Malicious Packages and How They Obfuscate Their Malicious Code

Detecting Malicious Packages and How They Obfuscate Their Malicious Code

January 30, 2023 Jonathan Sar Shalom, Director of Threat Research | 14 min read

Wow! We made it to the last post in our Malicious Packages series. While parting is such sweet sorrow, we hope blogs one, two, and three provide insights into the havoc malicious packages cause throughout your DevOps and DevSecOps pipelines.  In the prior posts: We explained what software supply chain attacks are and learned the…
Read More
Watch out for DoS when using Rust’s popular Hyper package

Watch out for DoS when using Rust’s popular Hyper package

January 5, 2023 Ori Hollander, Security Researcher Shachar Menashe, Sr. Director Security Research | 5 min read

The JFrog Security Research team is constantly looking for new and previously unknown vulnerabilities and security issues in popular open-source projects to help improve their security posture and defend the wider software supply chain. As part of this effort, we recently discovered and disclosed multiple vulnerabilities in popular Rust projects such as Axum, Salvo and…
Read More
Latest LastPass security breach highlights developers as a high-value target

Latest LastPass security breach highlights developers as a high-value target

December 29, 2022 Shachar Menashe | 5 min read

Last August, the maintainers of the LastPass cloud-based password manager tool reported a security breach in their servers. The disclosure maintained that an unauthorized party gained access to the LastPass development environment through a single compromised developer account. However - while source code and technical information was stolen, no user data was compromised and no…
Read More
Maximizing Cost Efficiency with the JFrog Cloud DevOps Platform

Maximizing Cost Efficiency with the JFrog Cloud DevOps Platform

December 21, 2022 David Pham, Senior Product Marketing Manager, JFrog Cloud DevOps Platform | 9 min read

As businesses strive to keep up with the speed of digital transformation, they're turning to DevOps practices to help them automate the delivery of code changes. In a world where delivering secure quality software updates fast-drives business value, enter the JFrog Cloud DevOps Platform. The JFrog Platform unifies, accelerates, and secures your software delivery, from…
Read More
What Is Artifactory? | JFrog

What Is Artifactory? | JFrog

December 20, 2022 JFrog Team | 10 min read

The modern software supply chain is complex. JFrog internal data shows that most enterprises use 12+ package types and 90 percent of applications depend on open source software. Additionally, there is a wide array of tools to support the software development process, including Source Code Managers (SCMs), Integrated Development Environments (IDEs), CI/CD suites, and more.…
Read More
Women in DevOps: Overcoming Obstacles and Achieving Success

Women in DevOps: Overcoming Obstacles and Achieving Success

December 20, 2022 JFrog Team | 5 min read

Men have long dominated the tech industry, but that's slowly starting to change. More and more women are breaking into the industry and making a name for themselves. But it's not always easy. We're excited to share the stories of two inspiring women who have been awarded the swampUP 2022 Diversity Scholarship. This scholarship is…
Read More
Event-Driven Architectures and Cloud DevOps – re:Invent 2022

Event-Driven Architectures and Cloud DevOps – re:Invent 2022

December 19, 2022 Christine Puccio, VP of Global Cloud Alliances, JFrog | 6 min read

After two years of virtual and reduced-size events, AWS re:Invent was in full swing for 2022 with over 50,000 attendees — more than double 2021’s in-person attendance. Among the many new service and feature announcements, there were two themes that resonated (re:Sonated?): event-driven architectures and cloud-powered innovation. These uniquely position AWS partners to accelerate their…
Read More
What’s in your build? Building Images in OpenShift with Artifactory and JFrog CLI

What’s in your build? Building Images in OpenShift with Artifactory and JFrog CLI

December 14, 2022 Asaf Gabai, Software Engineer, JFrog Ecosystem Team | 3 min read

Red Hat OpenShift is an enterprise Kubernetes container platform. It lets you build Docker images and use them to deploy your applications on a cloud-like environment (even if it’s not really on the cloud, rather a simulated cloud environment). Images built in OpenShift can be easily pushed into JFrog Artifactory - JFrog’s leading universal repository…
Read More
PyPI malware creators are starting to employ Anti-Debug techniques

PyPI malware creators are starting to employ Anti-Debug techniques

December 13, 2022 Andrey Polkovnychenko | 8 min read

The JFrog Security Research team continuously monitors popular open-source software (OSS) repositories with our automated tooling, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. Most PyPI malware today tries to avoid static detection using various techniques: starting from primitive variable mangling to sophisticated code flattening and steganography techniques.…
Read More

Popular Tags

Try the JFrog Platform

In the cloud or self-hosted

Start a Trial

or Book a Demo