Welcome to the JFrog Blog

Major Vulnerabilities Discovered in Qualcomm QCMAP

Major Vulnerabilities Discovered in Qualcomm QCMAP

In a recent supply chain security assessment, we analyzed multiple networking devices for security vulnerabilities and exposures. During the analysis we discovered and have responsibly disclosed four major vulnerabilities in Qualcomm’s QCMAP (Qualcomm Mobile Access Point) architecture that these devices were based on. An attacker that exploits the discovered vulnerabilities can gain remote root access…
Air Gap Distribution Delivers Peace of Mind to Isolated Environments

Air Gap Distribution Delivers Peace of Mind to Isolated Environments

The best way to stay out of danger is to keep far away from where danger lurks. But in the internet age, the global network means risk to your systems is from everywhere, at all times.  With estimates that worldwide damage from cybercrime will exceed 6 trillion dollars by 2021, many companies choose, or are…
GoCenter Reveals Go Module Vulnerabilities With Xray

GoCenter Reveals Go Module Vulnerabilities With Xray

  UPDATE: As of May 1, 2021 - GoCenter central repository has been sunset and all features deprecated. For more information on the sunsetting of the centers read the deprecation blog post   Golang developers care a lot about security and as Go modules become more widely used, they need more ways to assure these…
4 Ways Xray and Artifactory Complete DevSecOps

4 Ways Xray and Artifactory Complete DevSecOps

Being universal is a huge part of what makes JFrog Artifactory so effective. Whether you use Jenkins, CircleCI, or Bitbucket to automate your CI/CD pipeline, Artifactory works with those and more. Whether you prefer to store your artifacts in an on-premises filestore or in the cloud, Artifactory will manage them. Which cloud? Artifactory is content…
Shift Your IDE Left With Xray Plugins

Shift Your IDE Left With Xray Plugins

"Forewarned is forearmed,” cautions the old proverb, and that truth coined in the 16th century is even more apt for DevSecOps in the 21st. The earlier you know about vulnerabilities, the better you can avoid making them part of your software. That’s the same principle behind a “Shift Left” DevSecOps strategy. Rather than waiting for…
You have Docker; Now are your Docker images secure?

You have Docker; Now are your Docker images secure?

This is the second blog in our series on Docker. In our initial blog called You have Docker; Now what?, we discussed the reasons for using a universal binary repository when implementing Docker to production with confidence. It’s great that you're using Docker, but managing security vulnerabilities is vital to ensuring your Docker environment is free…
Twistlock and JFrog Steer the Container DevSecOps Seas

Twistlock and JFrog Steer the Container DevSecOps Seas

Twistlock and JFrog have partnered to provide continuous scanning and security for your builds. Twistlock directly integrates with JFrog Artifactory, which provides a fully automated Docker promotion pipeline for maintaining your Docker registries. What is Twistlock? Twistlock is a versatile security solution that works well with the Kubernetes container orchestrator and integrates smoothly with JFrog…
Securely Onboarding Colleagues through SAML Authentication

Securely Onboarding Colleagues through SAML Authentication

UPDATE: As of May 1, 2021 Bintray services will no longer be available (ConanCenter and JCenter are not affected) for more information read the Centers Deprecation Blog Once you’ve created your Bintray account, getting your colleagues on board with permission-based access to your organization’s content is not always so easy. You want to use the…
Feeling secure with Bintray downloads

Feeling secure with Bintray downloads

UPDATE: As of May 1, 2021 Bintray services will no longer be available (ConanCenter and JCenter are not affected) for more information read the Centers Deprecation Blog Remember our take on .asc files? The thing is, digital certificates alone cannot guarantee the identity of someone. To fully trust someone there needs to exist a reliable…