Welcome to the JFrog Blog

Latest from Xray :

How to Connect the JFrog Platform to Your GitHub Environment to Create a Seamless Integration

May 30, 2024 Batel Zohar, JFrog Developer Advocate Carmit Hershman, JFrog Senior Software Architect, CTO Office

8 min read

The latest JFrog collaboration with GitHub enables you to easily combine your favorite solutions for source code and binaries in a seamless integration. This means you now have a unified comprehensive and secure end-to-end experience that supports your software projects. This integration covers everything from curating open source packages, coding, CI, release management, deployment and…

Read More
NPM Manifest Confusion: Six Months Later

NPM Manifest Confusion: Six Months Later

March 26, 2024 adia | 9 min read

Several months ago, Darcy Clarke, a former Staff Engineering Manager at GitHub, discovered the “Manifest Confusion” bug in the npm ecosystem. The bug was caused by the npm registry not validating whether the manifest file contained in the tarball (package.json) matches the manifest data published to the npm server. Clarke claims this to be a…
Read More
Software Ate the World, but Digital Transformation Can Give You Indigestion

Software Ate the World, but Digital Transformation Can Give You Indigestion

March 14, 2024 adia | 7 min read

In today's digitally-driven world, organizations rely heavily on software applications to streamline services, provide operations, engage customers, and drive innovation through digital transformation. Software has also become the lynchpin for securing an entire business’ services and keeping them up and running. Yet, this omnipresent force comes with its own set of challenges. The importance of…
Read More
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor

Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor

February 27, 2024 adia | 13 min read

In the realm of AI collaboration, Hugging Face reigns supreme. But could it be the target of model-based attacks? Recent JFrog findings suggest a concerning possibility, prompting a closer look at the platform's security and signaling a new era of caution in AI research. The discussion on AI Machine Language (ML) models security is still…
Read More
Analyzing common vulnerabilities introduced by Code-Generative AI

Analyzing common vulnerabilities introduced by Code-Generative AI

February 7, 2024 adia | 15 min read

Artificial Intelligence tools such as Bard, ChatGPT, and Bing Chat are the current big names in the Large Language Model (LLM) category which is on the rise. LLMs are trained on vast data sets to be able to communicate by using everyday human language as a chat prompt. Given the flexibility and potential of LLMs,…
Read More
Empowering DevSecOps: JFrog’s Enterprise-Ready Platform for Federal NIST SP 800-218 Compliance

Empowering DevSecOps: JFrog’s Enterprise-Ready Platform for Federal NIST SP 800-218 Compliance

January 31, 2024 adia | 5 min read

As an integrator or government agency providing mission-critical software, the question to ask yourself is “Is my software development environment NIST SP 800-218 compliant?”. Compliance with NIST SP 800-218 and the SSDF (Secure Software Development Framework) is mandatory, and it’s time to ensure your software supply chain is compliant. Learn more about JFrog's DevSecOps solutions…
Read More
*nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 2 of 2

*nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 2 of 2

January 24, 2024 adia | 15 min read

The JFrog Security research team has recently discovered two security vulnerabilities in X.Org libX11, the widely popular graphics library - CVE-2023-43786 and CVE-2023-43787 (with a high NVD severity CVSS 7.8). These vulnerabilities cause a denial-of-service and remote code execution. X11’s latest versions contain fixes for these vulnerabilities. The team constantly monitors open-source projects to find…
Read More
*nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 1 of 2

*nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 1 of 2

January 17, 2024 adia | 14 min read

The JFrog Security research team has recently discovered two security vulnerabilities in X.Org libX11, the widely popular graphics library - CVE-2023-43786 and CVE-2023-43787 (with a high NVD severity CVSS 7.8). These vulnerabilities cause a denial-of-service and remote code execution. X11’s latest versions contain fixes for these vulnerabilities. The team constantly monitors open-source projects to find…
Read More
Top JFrog Security Research Blogs of the Year

Top JFrog Security Research Blogs of the Year

January 12, 2024 drewt | 9 min read

With over 29,000 CVEs and 5.5 billion malware attacks recorded in the past year, it's no wonder that software supply chain security is a top priority for enterprise developers on a global scale. That is also why JFrog Security Research has been instrumental in identifying and analyzing the biggest threats and devising methods to protect…
Read More
What is JFrog Security?

What is JFrog Security?

January 8, 2024 zoer | 8 min read

The security of the software supply chain is rapidly becoming a paramount concern for organizations — and for good reason. With the increasing number of published Common Vulnerabilities and Exposures (CVEs), developers face the challenge of delivering software faster than ever before. However, in their quest for speed, many dev and security teams have resorted…
Read More
SSH protocol flaw – Terrapin Attack CVE-2023-48795: All you need to know

SSH protocol flaw – Terrapin Attack CVE-2023-48795: All you need to know

December 25, 2023 adia | 13 min read

The SSH Terrapin attack (CVE-2023-48795) has recently caught attention, targeting the SSH protocol security by truncating cryptographic information. The inherent flaw in the SSH protocol itself affects a wide range of SSH client and server implementations. Following our initial research communication, this post will detail its fundamentals and impact. Affected Implementations Terrapin Attack Exploitation Impacts…
Read More

Popular Tags