Welcome to the JFrog Blog

npm supply chain attack targets Germany-based companies with dangerous backdoor malware

npm supply chain attack targets Germany-based companies with dangerous backdoor malware

Update May 11th: Following the publication of this blog post, a penetration testing company called "Code White" took responsibility for this dependency confusion attack The JFrog Security research team constantly monitors the npm and PyPI ecosystems for malicious packages that may lead to widespread software supply chain attacks. Last month, we shared a widespread npm…
Getting Real About Multi-Cloud DevOps

Getting Real About Multi-Cloud DevOps

By now you’ve probably gotten the message - multi-cloud DevOps (or a hybrid on-prem/cloud approach) is the future of development and deployment architectures. The benefits of this approach are pretty clear: future proofing your business, optimizing for performance and availability, avoiding vendor lock-in, leveraging the best tools/elements of each cloud provider, and more.  If you’re…
Welcome to the “New Normal” for Your Software Supply Chain

Welcome to the “New Normal” for Your Software Supply Chain

The new world is “always-on,” hyper-connected, massively distributed, and moving at an accelerated “near-real-time” pace. Billions of active end-points such as bay stations (5G), vehicles, drones, and robots, each with various combinations of sensors, cameras, HW-acceleration plug-ins, host an exponential number of versions of embedded software bios, drivers, diagnostic, management, and other applications, with increasingly…
How to Integrate JFrog and Cycode

How to Integrate JFrog and Cycode

Four years ago the Clark School of engineering at the University of Maryland published a study quantifying that there is some kind of hacker attack happening every 39 seconds (on average). Which is unreal!! Source: University of Maryland A cyberattack can harm millions of people. Let’s take for example the Atlanta ransomware attack that used…
JFrog Introduces New Support for COBOL in Artifactory

JFrog Introduces New Support for COBOL in Artifactory

You read correctly devs and software engineers - JFrog Artifactory now includes full support for COBOL (Common Business-Oriented Language)!! This legendary software pillar in designing business applications, is making a comeback due to its incredible flexibility in being operating system-agnostic, giving customers more options for supporting their diverse enterprise environments.  Created for transaction processing and…
Part II: A Journey Into the World of An Automated Security Operation Center (SOC)

Part II: A Journey Into the World of An Automated Security Operation Center (SOC)

Security operation teams continuously aim to focus on two main things: 1. Real cyber security threats (also known as “True Positive Alerts”), and 2. Reducing response time, especially when you have so many different sources to monitor. However, in reality, we deal with hundreds of security alerts on a daily basis, many of which are…
Shift Left for DevSecOps Success

Shift Left for DevSecOps Success

Not long ago, developers built applications with little awareness about security and compliance. Checking for vulnerabilities, misconfigurations and policy violations wasn’t their job. After creating a fully-functional application, they’d throw it over the proverbial fence, and a security team would evaluate it at some point – or maybe never. Those days are gone – due…
Our Solution for Scalable Multi-Region SaaS Deployment

Our Solution for Scalable Multi-Region SaaS Deployment

Just like many other production DevOps engineering teams, our JFrog team deploys new version releases several times a day to AWS, Azure and GCP, across more than 20 cloud regions. This process used to take us many hours and could have even failed if it was done alongside maintenance by other teams. As part of…