Welcome to the JFrog Blog

Latest from Xray :

Ensure your models flow with the JFrog plugin for MLflow

April 25, 2024 Yonatan Arbel, Developer Advocate

6 min read

Just a few years back, developing AI/ML (Machine Learning) models was a secluded endeavor, primarily undertaken by small teams of developers and data scientists away from public scrutiny. However, with the surge in GenAI/LLMs, open-source models, and ML development tools, there's been a significant democratization of model creation, with more developers and organizations engaging in…

Read More
Elevate and Streamline Your Developer Experience with JFrog-Coder Fusion

Elevate and Streamline Your Developer Experience with JFrog-Coder Fusion

April 10, 2024 adia | 5 min read

It’s a scenario many developers know all too well: a configuration works flawlessly for one team member but doesn’t work for you. Starting a new job brings with it the excitement of fresh challenges and opportunities. However, it also entails the often painful task of setting up your development environment—a process that can be both…
Read More
Friction between DevOps and Security – Here’s Why it Can’t be Ignored

Friction between DevOps and Security – Here’s Why it Can’t be Ignored

April 3, 2024 drewt | 5 min read

Note: This post is co-authored by JFrog and Sean Wright and has also been published on Sean Wright's blog. DevOps engineers and Security professionals are passionate about their responsibilities, with the first mostly dedicated to ensuring the fast release and the latter responsible for the security of their company's software applications. They have many common…
Read More
CVE-2024-3094 XZ Backdoor: All you need to know

CVE-2024-3094 XZ Backdoor: All you need to know

March 31, 2024 adia | 14 min read

Update April 1st - Updated "What is the malicious payload of CVE-2024-3094?" due to newly released OSS tools Update April 7th - Updated "What is the malicious payload of CVE-2024-3094?" due to more published payload research   On March 29th, it was reported that malicious code enabling unauthorized remote SSH access has been detected within…
Read More
NPM Manifest Confusion: Six Months Later

NPM Manifest Confusion: Six Months Later

March 26, 2024 adia | 9 min read

Several months ago, Darcy Clarke, a former Staff Engineering Manager at GitHub, discovered the “Manifest Confusion” bug in the npm ecosystem. The bug was caused by the npm registry not validating whether the manifest file contained in the tarball (package.json) matches the manifest data published to the npm server. Clarke claims this to be a…
Read More
Tips from a CSO: How to Secure Your Software Supply Chain

Tips from a CSO: How to Secure Your Software Supply Chain

March 25, 2024 zoer | 8 min read

Trust is vital to success in our industry. Whether you’re creating and managing software for use internally, by other businesses, or direct-to-consumer, you need to be able to create trust with your end users. This can be accomplished, in part, by showing evidence of security measures, bringing the right people and tactics to the table,…
Read More
Software Ate the World, but Digital Transformation Can Give You Indigestion

Software Ate the World, but Digital Transformation Can Give You Indigestion

March 14, 2024 adia | 7 min read

In today's digitally-driven world, organizations rely heavily on software applications to streamline services, provide operations, engage customers, and drive innovation through digital transformation. Software has also become the lynchpin for securing an entire business’ services and keeping them up and running. Yet, this omnipresent force comes with its own set of challenges. The importance of…
Read More
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor

Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor

February 27, 2024 adia | 13 min read

In the realm of AI collaboration, Hugging Face reigns supreme. But could it be the target of model-based attacks? Recent JFrog findings suggest a concerning possibility, prompting a closer look at the platform's security and signaling a new era of caution in AI research. The discussion on AI Machine Language (ML) models security is still…
Read More
Analyzing common vulnerabilities introduced by Code-Generative AI

Analyzing common vulnerabilities introduced by Code-Generative AI

February 7, 2024 adia | 15 min read

Artificial Intelligence tools such as Bard, ChatGPT, and Bing Chat are the current big names in the Large Language Model (LLM) category which is on the rise. LLMs are trained on vast data sets to be able to communicate by using everyday human language as a chat prompt. Given the flexibility and potential of LLMs,…
Read More
Empowering DevSecOps: JFrog’s Enterprise-Ready Platform for Federal NIST SP 800-218 Compliance

Empowering DevSecOps: JFrog’s Enterprise-Ready Platform for Federal NIST SP 800-218 Compliance

January 31, 2024 adia | 5 min read

As an integrator or government agency providing mission-critical software, the question to ask yourself is “Is my software development environment NIST SP 800-218 compliant?”. Compliance with NIST SP 800-218 and the SSDF (Secure Software Development Framework) is mandatory, and it’s time to ensure your software supply chain is compliant. Learn more about JFrog's DevSecOps solutions…
Read More

Popular Tags