Welcome to the JFrog Blog

FILTER BY

All
Products
Solutions
Other
Testing resiliency against malicious package attacks: a double-edged sword?

Testing resiliency against malicious package attacks: a double-edged sword?

The JFrog Security research team continuously monitors popular open-source software (OSS) repositories with our automated tooling to avert potential software supply chain security threats, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. At times, we notice trends that are worth analyzing and learning from. Recently, we’ve noticed a…
Team Up on DevSecOps with JFrog Platform App for Microsoft Teams

Team Up on DevSecOps with JFrog Platform App for Microsoft Teams

The JFrog DevOps Platform is your mission-critical tool for your software development pipelines. The results of key binary management events in Artifactory, Xray, and Distribution can reveal whether or not your software pipelines are on-track to deliver production-quality releases.  The new JFrog Platform app for Microsoft Teams brings real-time visibility and awareness of what’s happening…
Creating your first Pub project with JFrog Artifactory

Creating your first Pub project with JFrog Artifactory

Developers today need to build software from many platforms in order to reach their users. All while maintaining quality and achieving the best user experience possible. This can be a challenging task when you need to meet the growing needs of software development. This is where the Dart and Flutter come into the picture. A…
A Journey of a Thousand Binaries

A Journey of a Thousand Binaries

As software developers, one of the things that we worry a lot about is our software dependencies. To speed up delivery time of new functionality within our code we reuse software - we don’t have time to reinvent the wheel. We stand on the shoulders of giants and leverage all the hard work and lessons…
CVE-2022-25845 – Analyzing the Fastjson “Auto Type Bypass” RCE vulnerability

CVE-2022-25845 – Analyzing the Fastjson “Auto Type Bypass” RCE vulnerability

A few weeks ago, a new version for Fastjson was released (1.2.83) which contains a fix for a security vulnerability that allegedly allows an attacker to execute code on a remote machine. According to several publications, this vulnerability allows an attacker to bypass the “AutoTypeCheck” mechanism in Fastjson and achieve remote code execution. This Fastjson…
5 Takeaways From “Behind the Curtain: The Road to Terraform”

5 Takeaways From “Behind the Curtain: The Road to Terraform”

How much time are you wasting initializing your Terraform environments? If your answer is, “more than we should,” then we have some tips for you.  Terraform is a popular infrastructure-as-code (IaC) tool for anyone who deploys to the cloud. We use it here at JFrog to help manage infrastructure for our SaaS customers, and recently…
Denial of Service Vulnerability in Envoy Proxy – CVE-2022-29225

Denial of Service Vulnerability in Envoy Proxy – CVE-2022-29225

The JFrog Security Research team is constantly looking for new and previously unknown software vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered a denial of service (DoS) vulnerability in Envoy Proxy, a widely used open-source edge and service proxy server, designed for cloud-native applications…
Artifactory, Your Swift Package Repository

Artifactory, Your Swift Package Repository

If you’re looking forward to WWDC 2022 for some exciting Swift news, we have just the thing. JFrog now offers the first and only Swift binary package repository, enabling developers to use JFrog Artifactory for resolving Swift dependencies instead of enterprise source control (Git) systems. Swift developers can benefit from Artifactory’s robust binary management and…