Welcome to the JFrog Blog

Latest from Xray :

INFRA:HALT 14 New Security Vulnerabilities Found in NicheStack

August 4, 2021 Asaf Karas, Shachar Menashe and Denys Vozniuk

8 min read

NicheStack is a TCP/IP network stack commonly used in millions of Operational Technology (OT) devices around the world, including in critical infrastructure such as manufacturing plants, power generation/transmission/distribution, water treatment, and more. JFrog’s security research team (formerly Vdoo), together with Forescout Research Labs, recently discovered 14 new security vulnerabilities affecting the NicheStack TCP/IP stack. These…

Read More
Bring Xray Out of the Box with Dependency and Binary Scanning

Bring Xray Out of the Box with Dependency and Binary Scanning

July 30, 2021 Paul Garden | 5 min read

Shifting left security means you, the developer, catching and fixing vulnerabilities and license violations early in the SDLC. That’s why Xray scans binaries pushed to Artifactory by your builds, and alerts you when there are issues with your dependencies. But catching them earlier, even before checking in code, can be important for developers shifting left.…
Read More
JFrog Detects Malicious PyPI Packages Stealing Credit Cards and Injecting Code

JFrog Detects Malicious PyPI Packages Stealing Credit Cards and Injecting Code

July 29, 2021 Andrey Polkovnichenko, Omer Kaspi and Shachar Menashe | 7 min read

Software package repositories are becoming a popular target for supply chain attacks. Recently, there has been news about malware attacks on popular repositories like npm, PyPI, and RubyGems. Developers are blindly trusting repositories and installing packages from these sources, assuming they are secure. Sometimes malware packages are allowed to be uploaded to the package repository,…
Read More
JFrog and Vdoo: Better Together

JFrog and Vdoo: Better Together

July 28, 2021 Paul Garden | 8 min read

JFrog customers will soon enjoy end-to-end, holistic security across their software lifecycle -- from development to devices -- as the technology of recently-acquired Vdoo gets integrated into the JFrog DevOps Platform. That was the pledge made by JFrog and Vdoo leaders during their first joint webinar, in which they explained why JFrog acquired Vdoo, how…
Read More
How to Accelerate Software Delivery with Hybrid Cloud CI/CD

How to Accelerate Software Delivery with Hybrid Cloud CI/CD

July 19, 2021 Mark Milinkovich | 10 min read

Are you looking for solutions to deliver rapid application development and iterations? You’re not alone. To accomplish this, many organizations are embracing cloud native containers across multiple cloud providers. The reason? This strategy reduces the risk of vendor lock-in, and helps you scale the application infrastructure horizontally.  In their recent swampUP 2021 talk “Going Serverless,…
Read More
The Biggest DevSecOps Hits From swampUP 2021

The Biggest DevSecOps Hits From swampUP 2021

June 24, 2021 Paul Garden | 3 min read

In the wake of recent events like the SolarWinds hack and the White House executive order on cybersecurity, DevSecOps and security are top-of-mind for most DevOps and security professionals.  How to efficiently adapt or adopt a sound DevSecOps practice has become a priority, especially with the U.S. government’s impending mandate requiring software applications to be…
Read More
Drive DevSecOps Visibility with JFrog Partner Integrations

Drive DevSecOps Visibility with JFrog Partner Integrations

June 23, 2021 John Peterson | 7 min read

If you need your teams to act, you need to alert them where they’re already looking. Yet yesterday’s DevOps practices demand individuals to wrangle with uncorrelated events, multiple UIs, and siloed technologies. Tomorrow’s DevOps must enable teams with: Unified Data Single Pane Dashboard Integrated Platform To practice DevSecOps, you’ll need to know where a vulnerable…
Read More
JFrog CloudFormation Modules Make Provisioning to AWS Easy and Secure

JFrog CloudFormation Modules Make Provisioning to AWS Easy and Secure

June 21, 2021 Shankar Hariharan | 4 min read

A routine cloud operations task should have a routine solution. That’s why we’ve just made it a lot easier to install and maintain self-hosted instances of the JFrog DevOps Platform on AWS, through AWS CloudFormation. To further simplify the effort of self-hosting Artifactory and Xray on AWS, we’ve just published a set of AWS CloudFormation…
Read More
JFrog Product Leaders Answer swampUP Attendees’ Burning Questions

JFrog Product Leaders Answer swampUP Attendees’ Burning Questions

June 18, 2021 JFrog Team | 18 min read

In a live, unscripted “ask me anything” session, a group of JFrog product leaders candidly answered questions from swampUP attendees, with topics ranging from newly-announced JFrog products and capabilities to current cybersecurity concerns that impact DevOps teams. Because the lively discussion yielded so many great questions and answers, we’ve put together here a summary of…
Read More
US Executive Order on Cybersecurity: What it Means for DevOps

US Executive Order on Cybersecurity: What it Means for DevOps

May 21, 2021 Moran Ashkenazi, JFrog Chief Security Officer | 5 min read

The United States Government equates cybersecurity with national security.  That’s the crux of the recent Executive Order that will mandate that not only must software applications be vetted, but there will be upcoming regulations on providing all of the components that make up the software. As section 1 notes:  “prevention, detection, assessment, and remediation of…
Read More

Popular Tags