Welcome to the JFrog Blog

With AWS EKS Anywhere, DevOps with Artifactory Can Be Everywhere

With AWS EKS Anywhere, DevOps with Artifactory Can Be Everywhere

With all the focus on public cloud infrastructures, it’s easy to believe that there is no room for on-premises deployments of infrastructure. However, on-prem deployments are not likely to completely go away because often it’s just the right thing to do. If you operate in highly regulated environments, with a need for heightened security over…
Python Malware Imitates Signed PyPI Traffic in Novel Exfiltration Technique

Python Malware Imitates Signed PyPI Traffic in Novel Exfiltration Technique

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to report vulnerable and malicious packages to repository maintainers. Earlier this year we disclosed several malicious packages targeting developers’ private data that were downloaded approximately 30K times. Today, we will share details about 11 new malware packages that…
Embrace your Updates

Embrace your Updates

As developers, we’re passionate about creating and delivering high-quality software to our end-users and customers. Simply knowing that our software was shipped, deployed, and is being used is a great achievement. And it looks like we did a good job. Everything around us in our lives depends on high-quality software. Software needs to run for…
TensorFlow Python Code Injection: More eval() Woes

TensorFlow Python Code Injection: More eval() Woes

Background JFrog security research team (formerly Vdoo) has recently disclosed a code injection issue in one of the utilities shipped with TensorFlow, a popular Machine Learning platform that's widely used in the industry. The issue has been assigned to CVE-2021-41228. Read more about our previous, similar disclosure in Yamale in our previous blog post. The…
Unboxing BusyBox – 14 new vulnerabilities uncovered by Claroty and JFrog

Unboxing BusyBox – 14 new vulnerabilities uncovered by Claroty and JFrog

Background Embedded devices with limited memory and storage resources are likely to leverage a tool such as BusyBox, which is marketed as the Swiss Army Knife of embedded Linux. BusyBox is a software suite of many useful Unix utilities, known as applets, that are packaged as a single executable file. Within BusyBox you can find…
Announcing the JFrog Slack App for Artifactory and Xray Cloud

Announcing the JFrog Slack App for Artifactory and Xray Cloud

Imagine a world where every team member could directly contribute to software together. We’re living in that world now. With more than 10 million daily active users, Slack is one of the most ‘lived in’ collaboration tools used by software development teams around the world. With this in mind, JFrog is excited to announce that…
Deploy Iron Bank-Approved Artifactory/Xray on AWS GovCloud and RKE2

Deploy Iron Bank-Approved Artifactory/Xray on AWS GovCloud and RKE2

With Artifactory and Xray now included in the U.S. Department of Defense’s Iron Bank container repository, we’re eager to help you benefit from this accreditation. Today, we’ll explain how to deploy these hardened JFrog images on AWS GovCloud using Rancher Kubernetes Edition (RKE2.) Specifically, we’ll describe the installation and configuration of the Iron Bank-accredited Artifactory…
CVE-2021-37136 & CVE-2021-37137 – Denial of Service (DoS) in Netty’s Decompressors

CVE-2021-37136 & CVE-2021-37137 – Denial of Service (DoS) in Netty’s Decompressors

Background The JFrog Security research team has recently disclosed two denial of service issues (CVE-2021-37136, CVE-2021-37137) in Netty, a popular client/server framework which enables quick and easy development of network applications such as protocol servers and clients. In this post we will elaborate on one of the issues - CVE-2021-37136. Who is actually impacted? Netty…
New Xray Features Enhance Workflows, Productivity and UX

New Xray Features Enhance Workflows, Productivity and UX

The recently released JFrog Xray versions 3.31 & 3.32 have brought to the table a raft of new capabilities designed to improve and streamline your workflows, productivity and user experience.  The new features, detailed below, solidify Xray as the optimum universal software composition analysis (SCA) solution for JFrog Artifactory  that's trusted by developers and DevSecOps…