Welcome to the JFrog Blog

Latest from Xray :

How to Connect the JFrog Platform to Your GitHub Environment to Create a Seamless Integration

May 30, 2024 Batel Zohar, JFrog Developer Advocate Carmit Hershman, JFrog Senior Software Architect, CTO Office

8 min read

The latest JFrog collaboration with GitHub enables you to easily combine your favorite solutions for source code and binaries in a seamless integration. This means you now have a unified comprehensive and secure end-to-end experience that supports your software projects. This integration covers everything from curating open source packages, coding, CI, release management, deployment andโ€ฆ

Read More
From zero to breach in seconds: Why you need to focus on software supply chain security now

From zero to breach in seconds: Why you need to focus on software supply chain security now

May 10, 2023 zoer | 5 min read

The RSA Conference 2023 addressed several key issues and trends in the cybersecurity industry. Generative AI was a key topic of discussion, with attendees, executives and policymakers seeing its potential in both offense and defense in the cybersecurity arms race. The White House's National Cybersecurity Strategy was also a topic of conversation across panels andโ€ฆ
Read More
What is Platform Engineering?

What is Platform Engineering?

May 2, 2023 Bill Manning, Solution Engineering Manager, JFrog | 5 min read

If DevOps is an approach to software development that emphasizes collaboration between Development and Operations teams, then Platform Engineering operationalizes that approach by creating a centralized platform that has specific sets of tools and processes. Itโ€™s the discipline of designing and building toolchains and workflows that enable self-service capabilities for software engineering organizations in aโ€ฆ
Read More
Software Supply Chain Security at RSA Conference 2023

Software Supply Chain Security at RSA Conference 2023

April 24, 2023 adia | 4 min read

The risk of supply chain attacks increases as more companies rely on third-party vendors and suppliers for critical services and products. Supply chain attacks have become increasingly prominent in recent years. In 2022, for instance, supply chain attacks surpassed the number of malware-based attacks by 40%. These types of attacks involve targeting a company's suppliers,โ€ฆ
Read More
New .NET Malware โ€œWhiteSnakeโ€ Targets Python Developers, Uses Tor for C&C Communication

New .NET Malware โ€œWhiteSnakeโ€ Targets Python Developers, Uses Tor for C&C Communication

April 24, 2023 adia | 17 min read

The JFrog Security Research team recently discovered a new malware payload in the PyPI repository, written in C#. This is uncommon since PyPI is primarily a repository for Python packages, and its codebase consists mostly of Python code, or natively compiled libraries used by Python programs. This finding raised our concerns about the potential forโ€ฆ
Read More
Analyzing Impala Stealer โ€“ Payload of the first NuGet attack campaign

Analyzing Impala Stealer โ€“ Payload of the first NuGet attack campaign

April 10, 2023 Ori Hollander, JFrog Security Research | 9 min read

Analyzing Impala Stealer - Payload of the first NuGet attack campaign In this blog post, weโ€™ll provide a detailed analysis of a malicious payload weโ€™ve dubbed โ€œImpala Stealerโ€, a custom crypto stealer which was used as the payload for the NuGet malicious packages campaign weโ€™ve exposed in our previous post. The sophisticated campaign targeted .NETโ€ฆ
Read More
Save time fixing security vulnerabilities much earlier in your SDLC

Save time fixing security vulnerabilities much earlier in your SDLC

March 22, 2023 adia | 4 min read

Are you or your development team tired of using application security tools that generate countless results, making it difficult to identify which vulnerabilities pose actual risks? Do you struggle with inefficient or incorrect prioritization due to a lack of context? What adds insult to injury is that traditional CVSS scoring methods ignore critical details likeโ€ฆ
Read More
Gain real-time observability into your software supply chain with the New Relic Log Analytics Integration

Gain real-time observability into your software supply chain with the New Relic Log Analytics Integration

March 15, 2023 Kristian Taernhed, Sr. Technical Alliance Manager and Mahitha Byreddy, Senior Software Engineer | 4 min read

JFrogโ€™s new log analytics integration with New Relic brings together powerful observability capabilities to monitor, analyze, and visualize logs and metrics from self-hosted JFrog environments. The integration is free for all tiers of self-hosted JFrog customers and utilizes the powerful, open source log management tool, Fluentd, to collect, process, and surface data in New Relicโ€ฆ
Read More
Attackers are starting to target .NET developers with malicious-code NuGet packages

Attackers are starting to target .NET developers with malicious-code NuGet packages

March 20, 2023 adia | 12 min read

Update 2023-03-21 - We've talked with members of the NuGet team and they had already detected and removed the malicious packages in question. Malicious packages are often spread by the open source NPM and PyPI package repositories, with few other repositories affected. Specifically - there was no public evidence of severe malicious activity in theโ€ฆ
Read More
Examining OpenSSH Sandboxing and Privilege Separation โ€“ Attack Surface Analysis

Examining OpenSSH Sandboxing and Privilege Separation โ€“ Attack Surface Analysis

March 14, 2023 adia | 18 min read

The recent OpenSSH double-free vulnerability - CVE-2023-25136, created a lot of interest and confusion regarding OpenSSHโ€™s custom security mechanisms - Sandbox and Privilege Separation. Until now, both of these security mechanisms were somewhat unnoticed and only partially documented. The double-free vulnerability raised interest for those who were affected and those controlling servers that use OpenSSH.โ€ฆ
Read More

Popular Tags