Welcome to the JFrog Blog

Latest from Xray :

How to Connect the JFrog Platform to Your GitHub Environment to Create a Seamless Integration

May 30, 2024 Batel Zohar, JFrog Developer Advocate Carmit Hershman, JFrog Senior Software Architect, CTO Office

8 min read

The latest JFrog collaboration with GitHub enables you to easily combine your favorite solutions for source code and binaries in a seamless integration. This means you now have a unified comprehensive and secure end-to-end experience that supports your software projects. This integration covers everything from curating open source packages, coding, CI, release management, deployment and…

Read More
Unboxing BusyBox – 14 new vulnerabilities uncovered by Claroty and JFrog

Unboxing BusyBox – 14 new vulnerabilities uncovered by Claroty and JFrog

November 9, 2021 Vera Mens, Uri Katz, Tal Keren, Sharon Brizinov from Claroty Research
Shachar Menashe from JFrog
 | 15 min read

Background Embedded devices with limited memory and storage resources are likely to leverage a tool such as BusyBox, which is marketed as the Swiss Army Knife of embedded Linux. BusyBox is a software suite of many useful Unix utilities, known as applets, that are packaged as a single executable file. Within BusyBox you can find…
Read More
Announcing the JFrog Slack App for Artifactory and Xray Cloud

Announcing the JFrog Slack App for Artifactory and Xray Cloud

November 16, 2021 Deep Datta | 4 min read

Imagine a world where every team member could directly contribute to software together. We’re living in that world now. With more than 10 million daily active users, Slack is one of the most ‘lived in’ collaboration tools used by software development teams around the world. With this in mind, JFrog is excited to announce that…
Read More
New Xray Features Enhance Workflows, Productivity and UX

New Xray Features Enhance Workflows, Productivity and UX

October 21, 2021 Paul Garden, Product Marketing Manager | 5 min read

The recently released JFrog Xray versions 3.31 & 3.32 have brought to the table a raft of new capabilities designed to improve and streamline your workflows, productivity and user experience.  The new features, detailed below, solidify Xray as the optimum universal software composition analysis (SCA) solution for JFrog Artifactory  that's trusted by developers and DevSecOps…
Read More
CVE-2021-37136 & CVE-2021-37137 – Denial of Service (DoS) in Netty’s Decompressors

CVE-2021-37136 & CVE-2021-37137 – Denial of Service (DoS) in Netty’s Decompressors

October 26, 2021 Ori Hollander | 3 min read

Background The JFrog Security research team has recently disclosed two denial of service issues (CVE-2021-37136, CVE-2021-37137) in Netty, a popular client/server framework which enables quick and easy development of network applications such as protocol servers and clients. In this post we will elaborate on one of the issues - CVE-2021-37136. Who is actually impacted? Netty…
Read More
CVE-2020-27304 – RCE via Directory Traversal in CivetWeb HTTP server

CVE-2020-27304 – RCE via Directory Traversal in CivetWeb HTTP server

October 19, 2021 Denys Vozniuk and Shachar Menashe | 6 min read

Background JFrog has recently disclosed a directory traversal issue in CivetWeb, a very popular embeddable web server/library that can either be used as a standalone web server or included as a library to add web server functionality to an existing application. The issue has been assigned to CVE-2020-27304. This directory traversal issue is highly exploitable…
Read More
GitLab vs JFrog: Who Has the Right Stuff?

GitLab vs JFrog: Who Has the Right Stuff?

October 18, 2021 JFrog Team | 19 min read

Like the historic space race, the competition to plant the flag of DevOps is blasting off which makes it an exciting moment for the community. According to market intelligence firm IDC, global business will invest $6.8 trillion in digital transformation by 2023. Yet research also suggests that 70 percent of them will fail to meet…
Read More
Don’t let Prometheus Steal your Fire

Don’t let Prometheus Steal your Fire

October 12, 2021 Andrey Polkovnychenko and Shachar Menashe | 12 min read

Background Prometheus is an open-source, metrics-based event monitoring and alerting solution for cloud applications. It is used by nearly 800 cloud-native organizations including Uber, Slack, Robinhood, and more. By scraping real-time metrics from various endpoints, Prometheus allows easy observation of a system's state in addition to observation of hardware and software metrics such as memory…
Read More
23andMe’s Yamale Python code injection, and properly sanitizing eval()

23andMe’s Yamale Python code injection, and properly sanitizing eval()

October 5, 2021 Andrey Polkovneychenko and Shachar Menashe | 5 min read

Background JFrog security research team (formerly Vdoo) has recently disclosed a code injection issue in Yamale, a popular schema validator for YAML that's used by over 200 repositories. The issue has been assigned to CVE-2021-38305. The injection issue An attacker that can control the contents of the schema file that's supplied to Yamale (-s/--schema command…
Read More
Get Cybersmart with JFrog This October

Get Cybersmart with JFrog This October

October 5, 2021 Michal Brenner, Product Marketing Manager, JFrog | 4 min read

We live in a world of increasingly connected devices - phones, digital assistants, smart watches, cars, thermostats, refrigerators, windmills, and more. More than 50% of the world’s population is now online and two-thirds own a mobile device, according to the World Economic Forum. Additionally, the codebase of today’s applications typically consists mainly of open source…
Read More
The Vulnerability Conundrum: Improving the Disclosure Process

The Vulnerability Conundrum: Improving the Disclosure Process

October 4, 2021 Asaf Karas, Security CTO and VP, JFrog | 5 min read

The vulnerability disclosure process involves reporting security flaws in software or hardware, and can be complex. Cooperation between the organization responsible for the software or hardware, and the security researcher who discovers the vulnerability can be complicated.  In this blog we’ll look at the vulnerability disclosure process, the parties involved and how they can collaborate…
Read More

Popular Tags