Welcome to the JFrog Blog

Latest from Xray :

How to Connect the JFrog Platform to Your GitHub Environment to Create a Seamless Integration

May 30, 2024 Batel Zohar, JFrog Developer Advocate Carmit Hershman, JFrog Senior Software Architect, CTO Office

8 min read

The latest JFrog collaboration with GitHub enables you to easily combine your favorite solutions for source code and binaries in a seamless integration. This means you now have a unified comprehensive and secure end-to-end experience that supports your software projects. This integration covers everything from curating open source packages, coding, CI, release management, deployment and…

Read More
Announcing JFrog Curation: Defend Your Software Supply Chain by Curating Open-Source Packages Entering Your Organization

Announcing JFrog Curation: Defend Your Software Supply Chain by Curating Open-Source Packages Entering Your Organization

September 13, 2023 adia | 8 min read

UPDATE: Following the announcement at swampUP 2023, JFrog Curation now features a web user interface for its Catalog database service. This enables JFrog customers to search and explore over 4 million open-source packages for their up-to-date metadata including its versions, install command, dependencies, vulnerabilities (including any transitive ones), license types, OpenSSF aggregate score, and any…
Read More
Take control of your Security: How to use Build-Info in your VCS to track vulnerable versions

Take control of your Security: How to use Build-Info in your VCS to track vulnerable versions

August 29, 2023 adia | 5 min read

Tracking vulnerabilities and compliance requirements is essential for maintaining application security in any software project. However, this process can be time-consuming and complicated, especially as new issues are identified. Fortunately, the JFrog build-info provides a comprehensive solution by recording key information about your project's build. With build-info, you can easily track vulnerable versions of your…
Read More
Shifting Left of Left: Secure Enterprise Data with JFrog Curation

Shifting Left of Left: Secure Enterprise Data with JFrog Curation

August 17, 2023 zoer | 4 min read

In 2022, nearly 1,700 entities across the globe fell victim to software supply chain attacks, impacting over 10 million people. Nearly each of these attacks included some element of faulty or nefarious open-source code. Software developers commonly rely on open-source components to speed up the development process, but as we can see, this practice has…
Read More
swampUP Sneak Peek

swampUP Sneak Peek

August 10, 2023 adia | 3 min read

TL;DR: Register for swampUP today to learn from the best DevOps and DevSecOps leaders. Summer is almost over and you know what that means… swampUP 2023 is right around the corner! If you’re like us your attention span is torn between getting your last bit of fun in the sun while at the same time…
Read More
Spring WebFlux – CVE-2023-34034 – Write-Up and Proof-of-Concept

Spring WebFlux – CVE-2023-34034 – Write-Up and Proof-of-Concept

August 8, 2023 adia | 7 min read

Spring Security's newly released versions contain a fix for a broken access control vulnerability - CVE-2023-34034 - which was given a critical NVD severity (CVSS 9.8) and a high severity by Spring’s maintainers. Given the severe potential impact of the vulnerability on Spring WebFlux applications (that use Spring Security for authentication and access control), its…
Read More
The Latest JFrog Plugin for Jenkins

The Latest JFrog Plugin for Jenkins

July 10, 2023 adia | 5 min read

We all know that artifact management is an important part of our development lifecycle, and if you’re using Jenkins you’ll also need to store your builds and binaries. In the world of DevOps, efficient integration and management of artifacts and dependencies are crucial for successful software delivery. Together,  Jenkins and JFrog Artifactory offer a powerful…
Read More
Don’t waste time on irrelevant false positive alerts in your source code

Don’t waste time on irrelevant false positive alerts in your source code

July 4, 2023 adia | 3 min read

Are you tired of using security tools that generate endless results, making it impossible to identify actual risks? Do you struggle with inefficient prioritization due to a lack of context, making the process of assessing and remediating vulnerabilities a time-consuming nightmare? Look no further than JFrog’s Contextual Analysis, available as part of the "jf audit"…
Read More
Prevent Credential Exposure in Code

Prevent Credential Exposure in Code

June 28, 2023 zoer | 5 min read

In today's software development world, developers rely on numerous types of secrets (credentials), to facilitate seamless interaction between application components. As modern applications become more complex and require authentication for services and dependencies, the practice of hardcoding secrets during software development is on the rise. The most common types of credentials are: Application Program Interface…
Read More
swampUP 2023 – Top 10 Reasons To Attend

swampUP 2023 – Top 10 Reasons To Attend

June 21, 2023 JFrog Team | 3 min read

JFrog’s DevOps and DevSecOps user conference is a unique and inspiring in-person event. Here’s why you don’t want to miss it! Wednesday, September 13 | San Jose, California Get lessons learned on how industry-leading companies are approaching their DevOps and DevSecOps challenges - with fellow practitioners that have implemented large scale solutions. Including companies such…
Read More
JFrog and Atlassian simplify DevOps-Centric security

JFrog and Atlassian simplify DevOps-Centric security

June 6, 2023 zoer | 3 min read

Atlassian has long been helping agile teams collaborate, track progress, and manage projects more efficiently, and is now simplifying software security for Jira Software Cloud users. We’re excited to announce that JFrog has joined Atlassian as a security partner. The integration with the JFrog Platform enables JFrog Xray data to be surfaced in Jira, making…
Read More

Popular Tags