Welcome to the JFrog Blog

Latest from Xray :

GitHub and JFrog Partner To Unify Code and Binaries for DevSecOps

May 29, 2024 Thomas Dohmke, GitHub CEO Shlomi Ben Haim, JFrog CEO and Co-Founder

5 min read

Note: This post is co-authored by JFrog and GitHub and has also been published on the GitHub blog As the volume of code continues to grow exponentially, software developers, DevOps engineers, operations teams, security specialists, and everyone else who touches code are increasingly spending their time in the weeds of securing, delivering, and scaling software.…

Read More
Stay Alert to Security With Xray and PagerDuty

Stay Alert to Security With Xray and PagerDuty

February 2, 2021 Mahitha Byreddy | 5 min read

When securing your software development against open-source vulnerabilities, the earlier action occurs -- by the right person -- the safer you and your enterprise will be. Many IT departments rely on the PagerDuty incident response platform to improve visibility and agility across the organization. The enterprise-quality incident management system provides reliable notifications, automatic escalations, on-call…
Read More
Our Groundbreaking Partnership with Docker Is a Boon for DevOps Teams

Our Groundbreaking Partnership with Docker Is a Boon for DevOps Teams

January 26, 2021 Stephen Chin | 6 min read

  UPDATE 3/25/2025: Docker Hub usage limits have changed since the publishing of this blog. For the most recent limits please visit Docker's help docs. The partnership between Docker and JFrog allows JFrog Cloud subscribers to avoid Docker Hub's top limit (pulls per hour) for downloads from the public Docker Hub registry for unauthenticated users.  …
Read More
Simply the Best: JFrog’s Top DevOps Articles from 2020

Simply the Best: JFrog’s Top DevOps Articles from 2020

January 7, 2021 Juan Perez | 6 min read

In 2020, JFrog’s experts published a treasure trove of content -- blogs, articles, infographics, and more -- to share insights and advice with our customers and the DevOps community at large. In case you missed them -- or want to re-read them -- here’s a list of the most popular ones. They range from a…
Read More
The Year DevOps Leaped to the Center

The Year DevOps Leaped to the Center

January 11, 2021 Shlomi Ben Haim, CEO | 8 min read

At the beginning of 2020, none of us could have imagined what we would be talking and thinking about at the end of the year.  At JFrog, we began by talking about unifying everything in the DevOps lifecycle. Of course very quickly, the message of unity and togetherness would soon become even bigger than we…
Read More
SDLC Security: It’s Personal for JFrog

SDLC Security: It’s Personal for JFrog

December 23, 2020 Juan Perez | 7 min read

The SolarWinds hack, which has affected high-profile Fortune 500 companies and large U.S. federal government agencies, has put the spotlight on software development security -- a critical issue for the DevOps community and for JFrog. At a fundamental level, if the code released via CI/CD pipelines is unsafe, all other DevOps benefits are for naught.…
Read More
CVE-2020-25860 – Significant Vulnerability Discovered in RAUC Embedded Firmware Update Framework

CVE-2020-25860 – Significant Vulnerability Discovered in RAUC Embedded Firmware Update Framework

December 21, 2020 Shachar Menashe and Uriya Yavniely | 10 min read

JFrog’s security research team (formerly Vdoo) are constantly researching leading embedded devices and their supply chain. As part of this research, we discovered CVE-2020-25860, a potentially critical vulnerability with CVSSv3 8.8 score in a Robust Auto-Update Controller (RAUC), an open-source framework for firmware updates. JFrog has responsibly disclosed this vulnerability and have worked closely with…
Read More
A Few Minutes More: Add Xray DevSecOps to Artifactory Enterprise on Azure

A Few Minutes More: Add Xray DevSecOps to Artifactory Enterprise on Azure

October 15, 2020 Daniel Miakotkin | 7 min read

Editor’s Note (2024): Please refer to the current JFrog Software Supply Chain Platform listing on Azure Marketplace to get started with JFrog on Microsoft Azure.   In a prior blog post, we explained how to install or update Artifactory through the Azure Marketplace in the amount of time it takes for your coffee order to arrive on…
Read More
Major Vulnerabilities Discovered in Qualcomm QCMAP

Major Vulnerabilities Discovered in Qualcomm QCMAP

October 14, 2020 Ori Hollander and Asaf Karas | 14 min read

In a recent supply chain security assessment, we analyzed multiple networking devices for security vulnerabilities and exposures. During the analysis we discovered and have responsibly disclosed four major vulnerabilities in Qualcomm’s QCMAP (Qualcomm Mobile Access Point) architecture that these devices were based on. An attacker that exploits the discovered vulnerabilities can gain remote root access…
Read More
Follow the Data: A Hidden Directory Traversal Vulnerability in QNX Slinger

Follow the Data: A Hidden Directory Traversal Vulnerability in QNX Slinger

August 11, 2020 Asaf Karas and Ilya Khivrich | 7 min read

Through our ongoing device security analysis, we often uncover—and responsibly disclose—new unknown vulnerabilities in both closed and open source software components used in connected devices. In this blog post, we discuss a directory traversal vulnerability that we recently discovered while analyzing the firmware of a device based on the BlackBerry QNX operating system. First, here’s…
Read More

Popular Tags