Welcome to the JFrog Blog

JFrog Xray Integration with AWS Security Hub

JFrog Xray Integration with AWS Security Hub

SecOps demands vigilance, but it requires visibility, too. With JFrog’s latest integration for Xray with AWS Security Hub, you can help make sure that discovered vulnerabilities are not just seen, but quickly acted on. AWS Security Hub is the cloud security posture management service available to AWS users. It provides central security administration across AWS…
7 Ways to Accelerate Cloud Native Development

7 Ways to Accelerate Cloud Native Development

Modern enterprises understand the need to move away from developing monolithic applications to ones that make best use of the cloud to enable business acceleration at scale and speed. That means transforming development to more resilient cloud native architectures that can be readily deployed to cloud, multi-cloud, and hybrid environments. What does it mean to…
How To Put Cloud Nimble to Work to Shift Left Security

How To Put Cloud Nimble to Work to Shift Left Security

Shifting security left means preventing developers from using unacceptably vulnerable software supply chain components as early as possible: before their first build. By helping assure that no build is ever created using packages with known vulnerabilities, this saves substantial remediation costs in advance. Some JFrog customers restrict the use of open source software (OSS) packages…
Testing resiliency against malicious package attacks: a double-edged sword?

Testing resiliency against malicious package attacks: a double-edged sword?

The JFrog Security research team continuously monitors popular open-source software (OSS) repositories with our automated tooling to avert potential software supply chain security threats, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. At times, we notice trends that are worth analyzing and learning from. Recently, we’ve noticed a…
Team Up on DevSecOps with JFrog Platform App for Microsoft Teams

Team Up on DevSecOps with JFrog Platform App for Microsoft Teams

The JFrog DevOps Platform is your mission-critical tool for your software development pipelines. The results of key binary management events in Artifactory, Xray, and Distribution can reveal whether or not your software pipelines are on-track to deliver production-quality releases.  The new JFrog Platform app for Microsoft Teams brings real-time visibility and awareness of what’s happening…
CVE-2022-25845 – Analyzing the Fastjson “Auto Type Bypass” RCE vulnerability

CVE-2022-25845 – Analyzing the Fastjson “Auto Type Bypass” RCE vulnerability

A few weeks ago, a new version for Fastjson was released (1.2.83) which contains a fix for a security vulnerability that allegedly allows an attacker to execute code on a remote machine. According to several publications, this vulnerability allows an attacker to bypass the “AutoTypeCheck” mechanism in Fastjson and achieve remote code execution. This Fastjson…
Denial of Service Vulnerability in Envoy Proxy – CVE-2022-29225

Denial of Service Vulnerability in Envoy Proxy – CVE-2022-29225

The JFrog Security Research team is constantly looking for new and previously unknown software vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered a denial of service (DoS) vulnerability in Envoy Proxy, a widely used open-source edge and service proxy server, designed for cloud-native applications…
Automate Security Workflows in ServiceNow with the JFrog Xray Spoke

Automate Security Workflows in ServiceNow with the JFrog Xray Spoke

In 2022, JFrog and ServiceNow engaged in a series of meaningful conversations around the state of DevSecOps and how the industry could benefit from tighter integrations with IT-Operations tools. The idea of “DevSecOps + ServiceOps” is a theme that JFrog and ServiceNow are now exploring and today, we’re excited to announce an integration that will…