Welcome to the JFrog Blog

Latest from Xray :

How to Connect the JFrog Platform to Your GitHub Environment to Create a Seamless Integration

May 30, 2024 Batel Zohar, JFrog Developer Advocate Carmit Hershman, JFrog Senior Software Architect, CTO Office

8 min read

The latest JFrog collaboration with GitHub enables you to easily combine your favorite solutions for source code and binaries in a seamless integration. This means you now have a unified comprehensive and secure end-to-end experience that supports your software projects. This integration covers everything from curating open source packages, coding, CI, release management, deployment and…

Read More
JFrog Xray + Splunk + SIEM: Towards Implementing a Complete DevSecOps Strategy

JFrog Xray + Splunk + SIEM: Towards Implementing a Complete DevSecOps Strategy

September 29, 2021 Ali Sardar, Senior Product Manager, JFrog | 3 min read

Making security an intrinsic part of a DevOps pipeline is a “must-have” for organizations looking to secure their applications earlier in the development process.  The combination of JFrog Artifactory and JFrog Xray enables organizations to build security into all phases of their software development lifecycle, so they can proactively detect and mitigate open source software…
Read More
Penetration Testing vs. Vulnerability Scanning

Penetration Testing vs. Vulnerability Scanning

September 21, 2021 Asaf Cohen | 12 min read

To release reasonably secure products, vendors must integrate software security processes throughout all stages of the software development lifecycle. That would include product architecture and design; implementation and verification; deployment and monitoring in the field; and back again to design to address the changing threat landscape, market needs, and product issues. In this blog post,…
Read More
Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling

Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling

September 7, 2021 Ori Hollander and Or Peles | 12 min read

JFrog Security research teams are constantly looking for new and previously unknown vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered a potentially critical vulnerability in HAProxy, a widely used open-source load balancer proxy server that is particularly suited for very high traffic web sites…
Read More
It’s Time to Get Hip to the SBOM

It’s Time to Get Hip to the SBOM

August 24, 2021 Bill Manning, JFrog Solution Architect | 8 min read

The DevOps, IT security and IT governance communities will remember 2021 as the year when the Software Bill of Materials, or SBOM, graduated from a “nice to have” to a “must have.”  Around for years, the SBOM has now become a critical DevSecOps piece, which everyone must thoroughly understand and incorporate into their SDLC (Software…
Read More
A Year of Supply Chain Attacks: How to Protect Your SDLC

A Year of Supply Chain Attacks: How to Protect Your SDLC

August 20, 2021 Juan Perez | 8 min read

One of the most worrisome trends in cybersecurity today is the skyrocketing incidence of supply chain attacks, such as the ones that hit SolarWinds last year and Kaseya more recently. Because they focus on compromising software development and delivery, supply chain attacks have forced developers and DevOps teams to scramble for solutions.  Unfortunately, supply chain…
Read More
Bring Xray Out of the Box with Dependency and Binary Scanning

Bring Xray Out of the Box with Dependency and Binary Scanning

July 30, 2021 Paul Garden | 5 min read

Shifting left security means you, the developer, catching and fixing vulnerabilities and license violations early in the SDLC. That’s why Xray scans binaries pushed to Artifactory by your builds, and alerts you when there are issues with your dependencies. But catching them earlier, even before checking in code, can be important for developers shifting left.…
Read More
JFrog and Vdoo: Better Together

JFrog and Vdoo: Better Together

July 28, 2021 Paul Garden | 8 min read

JFrog customers will soon enjoy end-to-end, holistic security across their software lifecycle -- from development to devices -- as the technology of recently-acquired Vdoo gets integrated into the JFrog DevOps Platform. That was the pledge made by JFrog and Vdoo leaders during their first joint webinar, in which they explained why JFrog acquired Vdoo, how…
Read More
How to Accelerate Software Delivery with Hybrid Cloud CI/CD

How to Accelerate Software Delivery with Hybrid Cloud CI/CD

July 19, 2021 Mark Milinkovich | 10 min read

Are you looking for solutions to deliver rapid application development and iterations? You’re not alone. To accomplish this, many organizations are embracing cloud native containers across multiple cloud providers. The reason? This strategy reduces the risk of vendor lock-in, and helps you scale the application infrastructure horizontally.  In their recent swampUP 2021 talk “Going Serverless,…
Read More
The Biggest DevSecOps Hits From swampUP 2021

The Biggest DevSecOps Hits From swampUP 2021

June 24, 2021 Paul Garden | 3 min read

In the wake of recent events like the SolarWinds hack and the White House executive order on cybersecurity, DevSecOps and security are top-of-mind for most DevOps and security professionals.  How to efficiently adapt or adopt a sound DevSecOps has become a priority, especially with the U.S. government’s impending mandate requiring software applications to be vetted,…
Read More
Drive DevSecOps Visibility with JFrog Partner Integrations

Drive DevSecOps Visibility with JFrog Partner Integrations

June 23, 2021 John Peterson | 7 min read

If you need your teams to act, you need to alert them where they’re already looking. Yet yesterday’s DevOps practices demand individuals to wrangle with uncorrelated events, multiple UIs, and siloed technologies. Tomorrow’s DevOps must enable teams with: Unified Data Single Pane Dashboard Integrated Platform To DevSecOps, you’ll need to know where a vulnerable build…
Read More

Popular Tags