Welcome to the JFrog Blog

Latest from Xray :

How to Connect the JFrog Platform to Your GitHub Environment to Create a Seamless Integration

May 30, 2024 Batel Zohar, JFrog Developer Advocate Carmit Hershman, JFrog Senior Software Architect, CTO Office

8 min read

The latest JFrog collaboration with GitHub enables you to easily combine your favorite solutions for source code and binaries in a seamless integration. This means you now have a unified comprehensive and secure end-to-end experience that supports your software projects. This integration covers everything from curating open source packages, coding, CI, release management, deployment and…

Read More
N-Day Hijack: Analyzing the lifespan of package hijacking attacks

N-Day Hijack: Analyzing the lifespan of package hijacking attacks

December 14, 2023 zoer | 8 min read

Software package hijacking has become a prominent concern for individuals, businesses, and the cybersecurity community at large. We’ve seen this new threat trend rise over the past couple of years, with the potential to severely impact the software supply chain by attackers exploiting software packages to execute malicious code. This blog post details a case…
Read More
How to Combine Speed and Trust in Enterprise Software Development

How to Combine Speed and Trust in Enterprise Software Development

November 23, 2023 drewt | 4 min read

Software development begins with code, which is then integrated, compiled, tested, and in the end distributed to users. This is often the secret sauce of innovation that organizations must protect to keep their competitive edge. With the software application development market growing at almost 30% per year and the average project taking just 4-6 months…
Read More
Unlock 2024 at DevSecOps EMEA this November in London

Unlock 2024 at DevSecOps EMEA this November in London

November 2, 2023 adia | 5 min read

It’s November already, and while some may think it’s a perfect time to start winding down the year, here at JFrog we’re getting warmed up to bring Europe - and more specifically the U.K. - all sorts of DevSecOps excitement this winter! It’s no secret that Europe as a whole has been a pioneer in…
Read More
International Cyber Security Month Tips

International Cyber Security Month Tips

October 31, 2023 adia | 3 min read

Securing your software supply chain is crucial for ensuring the integrity and security of the software you develop and deliver. Here are the top 8 security best practices for a secure software supply chain. Tip # 1: Security Awareness Training Security awareness starts at the core of your organization. Educate your development and operations teams…
Read More
Arbitrary File Creation vulnerability in plexus-archiver – CVE-2023-37460

Arbitrary File Creation vulnerability in plexus-archiver – CVE-2023-37460

October 24, 2023 adia | 7 min read

The JFrog Security research team constantly monitors open-source projects to find new vulnerabilities or malicious packages and share them with the wider community to help improve their overall security posture. As part of this effort, the team recently discovered a new security vulnerability in plexus-archiver, an archive creation and extraction package. plexus-archiver is used in…
Read More
Release with Trust or Die. <br>Key swampUP 2023 Announcements

Release with Trust or Die.
Key swampUP 2023 Announcements

September 14, 2023 adia | 7 min read

Every year, JFrog brings the DevOps community and some of the world’s leading corporations together for the annual swampUP conference, aimed at providing real solutions to developers and development teams in practical ways to prepare us all for what’s coming next. Since the inception of swampUP - and truthfully since the creation of Artifactory -…
Read More
Get Ready for Next. <br>Put DevOps, DevSecOps, and AI to Work.

Get Ready for Next.
Put DevOps, DevSecOps, and AI to Work.

September 13, 2023 adia | 5 min read

Our community has always had a “next.” There was the dawn of the computer age, when “next” meant that processing didn’t take up an entire room. There was the “next” of personal computing. Next came laptops, the internet, microservices, cloud-native, cybersecurity, automation and more. The thing that is next is always right around the corner…
Read More
Bridging the gap between AI/ML model development and DevSecOps

Bridging the gap between AI/ML model development and DevSecOps

September 13, 2023 zoer | 7 min read

AI and machine learning (ML) have hit the mainstream as the tools people use everyday – from making restaurant reservations to shopping online – are all powered by machine learning. In fact, according to Morgan Stanley, 56% of CIOs say that recent innovations in AI are having a direct impact on investment priorities. It’s no…
Read More
Announcing JFrog SAST: Build Trust and Release Code With Confidence

Announcing JFrog SAST: Build Trust and Release Code With Confidence

September 13, 2023 adia | 6 min read

Today’s software applications power almost every aspect of our lives, and ensuring the security of these applications is paramount. Threat actors can cause devastating consequences for companies, leading to financial losses, reputational damage, and legal repercussions. Companies building commercial or in-house applications must adopt robust security measures throughout their software development lifecycle to avoid releasing…
Read More

Popular Tags