Welcome to the JFrog Blog

Latest from Xray :

GitHub and JFrog Partner To Unify Code and Binaries for DevSecOps

May 29, 2024 Thomas Dohmke, GitHub CEO Shlomi Ben Haim, JFrog CEO and Co-Founder

5 min read

Note: This post is co-authored by JFrog and GitHub and has also been published on the GitHub blog As the volume of code continues to grow exponentially, software developers, DevOps engineers, operations teams, security specialists, and everyone else who touches code are increasingly spending their time in the weeds of securing, delivering, and scaling software.…

Read More
Log4j Log4Shell 0-Day Vulnerability: All You Need To Know

Log4j Log4Shell 0-Day Vulnerability: All You Need To Know

December 28, 2021 Shachar Menashe, Or Peles, Ori Hollander | 27 min read

On Thursday, Dec 9th 2021, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java (specifically, the 2.x branch called Log4j2). The vulnerability was originally discovered and reported to Apache by the Alibaba cloud security team on November 24th.…
Read More
Malicious npm Packages Are After Your Discord Tokens – 17 New Packages Disclosed

Malicious npm Packages Are After Your Discord Tokens – 17 New Packages Disclosed

December 8, 2021 Andrey Polkovnychenko and Shachar Menashe | 13 min read

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. Most recently we disclosed 11 malicious packages in the PyPI repository, a discovery that shows attacks are getting more sophisticated in their approach.…
Read More
Glide to JFrog DevSecOps with the New Experience

Glide to JFrog DevSecOps with the New Experience

December 13, 2021 Eyal Ben Moshe | 5 min read

We're excited to share with you that we have launched a completely new way to start using the JFrog DevOps Platform that you – as a developer – will love. We’ve provided a super-easy, developer-friendly path to discovering how Artifactory and Xray can help you produce safer apps, faster, getting started through the command line…
Read More
Python Malware Imitates Signed PyPI Traffic in Novel Exfiltration Technique

Python Malware Imitates Signed PyPI Traffic in Novel Exfiltration Technique

November 18, 2021 Andrey Polkovnychenko and Shachar Menashe | 10 min read

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to report vulnerable and malicious packages to repository maintainers. Earlier this year we disclosed several malicious packages targeting developers’ private data that were downloaded approximately 30K times. Today, we will share details about 11 new malware packages that…
Read More
Unboxing BusyBox – 14 new vulnerabilities uncovered by Claroty and JFrog

Unboxing BusyBox – 14 new vulnerabilities uncovered by Claroty and JFrog

November 9, 2021 Vera Mens, Uri Katz, Tal Keren, Sharon Brizinov from Claroty Research
Shachar Menashe from JFrog
 | 15 min read

Background Embedded devices with limited memory and storage resources are likely to leverage a tool such as BusyBox, which is marketed as the Swiss Army Knife of embedded Linux. BusyBox is a software suite of many useful Unix utilities, known as applets, that are packaged as a single executable file. Within BusyBox you can find…
Read More
Announcing the JFrog Slack App for Artifactory and Xray Cloud

Announcing the JFrog Slack App for Artifactory and Xray Cloud

November 16, 2021 Deep Datta | 4 min read

Imagine a world where every team member could directly contribute to software together. We’re living in that world now. With more than 10 million daily active users, Slack is one of the most ‘lived in’ collaboration tools used by software development teams around the world. With this in mind, JFrog is excited to announce that…
Read More
New Xray Features Enhance Workflows, Productivity and UX

New Xray Features Enhance Workflows, Productivity and UX

October 21, 2021 Paul Garden, Product Marketing Manager | 5 min read

The recently released JFrog Xray versions 3.31 & 3.32 have brought to the table a raft of new capabilities designed to improve and streamline your workflows, productivity and user experience.  The new features, detailed below, solidify Xray as the optimum universal software composition analysis (SCA) solution for JFrog Artifactory  that's trusted by developers and DevSecOps…
Read More
CVE-2021-37136 & CVE-2021-37137 – Denial of Service (DoS) in Netty’s Decompressors

CVE-2021-37136 & CVE-2021-37137 – Denial of Service (DoS) in Netty’s Decompressors

October 26, 2021 Ori Hollander | 3 min read

Background The JFrog Security research team has recently disclosed two denial of service issues (CVE-2021-37136, CVE-2021-37137) in Netty, a popular client/server framework which enables quick and easy development of network applications such as protocol servers and clients. In this post we will elaborate on one of the issues - CVE-2021-37136. Who is actually impacted? Netty…
Read More
CVE-2020-27304 – RCE via Directory Traversal in CivetWeb HTTP server

CVE-2020-27304 – RCE via Directory Traversal in CivetWeb HTTP server

October 19, 2021 Denys Vozniuk and Shachar Menashe | 6 min read

Background JFrog has recently disclosed a directory traversal issue in CivetWeb, a very popular embeddable web server/library that can either be used as a standalone web server or included as a library to add web server functionality to an existing application. The issue has been assigned to CVE-2020-27304. This directory traversal issue is highly exploitable…
Read More
GitLab vs JFrog: Who Has the Right Stuff?

GitLab vs JFrog: Who Has the Right Stuff?

October 18, 2021 JFrog Team | 19 min read

Like the historic space race, the competition to plant the flag of DevOps is blasting off which makes it an exciting moment for the community. According to market intelligence firm IDC, global business will invest $6.8 trillion in digital transformation by 2023. Yet research also suggests that 70 percent of them will fail to meet…
Read More

Popular Tags