Welcome to the JFrog Blog

Latest from Xray :

How to Connect the JFrog Platform to Your GitHub Environment to Create a Seamless Integration

May 30, 2024 Batel Zohar, JFrog Developer Advocate Carmit Hershman, JFrog Senior Software Architect, CTO Office

8 min read

The latest JFrog collaboration with GitHub enables you to easily combine your favorite solutions for source code and binaries in a seamless integration. This means you now have a unified comprehensive and secure end-to-end experience that supports your software projects. This integration covers everything from curating open source packages, coding, CI, release management, deployment and…

Read More
Enterprise Package Management for Everyone

Enterprise Package Management for Everyone

October 25, 2022 The JFrog Team | 5 min read

Suppose you asked developers in the mid-2000s how they managed and compiled their binaries. You'd probably hear some anxiety-inducing answers (e.g., storing packages in git repositories or insecure file stores). Thankfully, organizations currently have various options for managing their first or third-party packages, dependencies, and containers. Different tools offer different levels of package support and…
Read More
Malicious Packages Are a Rising Threat in Software Supply Chain Attacks

Malicious Packages Are a Rising Threat in Software Supply Chain Attacks

October 24, 2022 Jonathan Sar Shalom, Director of Threat Research, JFrog | 7 min read

Welcome to the first post in the malicious software packages series for the DevOps and DevSecOps community. This technical series will focus on various malicious packages and their effects on the software supply chain. We’ll dive deeper into malicious packages in each post, including  Defining software supply chain attacks and learning the critical role that malicious…
Read More
JFrog’s Advanced Security Scanners Discovered Thousands of Publicly Exposed API Tokens – And They’re Active

JFrog’s Advanced Security Scanners Discovered Thousands of Publicly Exposed API Tokens – And They’re Active

October 20, 2022 The JFrog Security Research Team | 3 min read

Read our full research report on InfoWorld The JFrog Security Research team released the findings of a recent investigation wherein they uncovered thousands of publicly exposed, active API tokens. This was accomplished while the team tested the new Secrets Detection feature in the company’s JFrog Advanced Security solution, part of JFrog Xray.  The team scanned…
Read More
DevOps-Centric Security is Finally Here | Announcing JFrog Advanced Security

DevOps-Centric Security is Finally Here | Announcing JFrog Advanced Security

October 18, 2022 Nati Davidi, SVP JFrog Security | 13 min read

Today marks an exciting day for JFrog and a substantial step forward towards ensuring end-to-end software supply chain security. JFrog Advanced Security is our unique approach for DevOps-centric security, and the only solution that was built especially for today’s modern DevOps workflows. Developers and the DevOps infrastructure are now the attack vector for today’s hackers…
Read More
JFrog Joins Rust Foundation as Platinum Member

JFrog Joins Rust Foundation as Platinum Member

September 6, 2022 Lori Lorusso, JFrog Open Source Program Manager & Stephen Chin, JFrog VP of Developer Relations | 3 min read

The technology ecosystem is continually evolving but one truth remains, if there is a new and emerging coding language that captures the heart and minds of developers JFrog will be there. JFrog provides a DevOps Platform to store and secure its artifacts while engaging with the community and foundations that support developers using that language.…
Read More
The Software Supply Chain Risks You Need to Know

The Software Supply Chain Risks You Need to Know

September 6, 2022 Nati Davidi, SVP JFrog Security | 10 min read

Code that an organization’s developers create is only the beginning of modern software development. In fact, first-party code is likely to be only a small portion of an application – sometimes as little as 10% of the application’s artifact ecosystem. An enterprise’s software supply chain is made of many parts, accumulated from many sources: open…
Read More
4 Operational Risks to Not Leave to Chance

4 Operational Risks to Not Leave to Chance

September 1, 2022 JFrog Team | 5 min read

Not all of the recognizable risks in your software supply chain can be identified by their known vulnerabilities recorded as CVEs. A component that is outdated or inactive may present risks to your application that no one has had cause to investigate. Yet these components could still harbor threats. Security teams and developers must also…
Read More
JFrog Providers Support the Terraform Community

JFrog Providers Support the Terraform Community

August 29, 2022 Sean Pratt, Product Marketing Manager | 4 min read

If you’re reading this blog you’re probably at least somewhat familiar with Hashicorp Terraform and the value it brings to managing the deployment and provisioning of infrastructure resources at scale. We’re big fans and users of it ourselves here at JFrog (see how in our recent webinar!).   Terraform is one of the most, if…
Read More
CVE-2021-38297 – Analysis of a Go Web Assembly vulnerability

CVE-2021-38297 – Analysis of a Go Web Assembly vulnerability

August 30, 2022 Uriya Yavnieli | 9 min read

The JFrog Security Research team continuously monitors reported vulnerabilities in open-source software (OSS) to help our customers and the wider community be aware of potential software supply chain security threats and their impact. In doing so, we often notice important trends and key learnings worth highlighting. The following analysis of a vulnerability discovered in the…
Read More
SATisfying our way into remote code execution in the OPC UA industrial stack

SATisfying our way into remote code execution in the OPC UA industrial stack

August 25, 2022 Or Peles, Omer Kaspi and Uriya Yavnieli | 18 min read

The JFrog Security team recently competed in the Pwn2Own Miami 2022 hacking competition which focuses on Industrial Control Systems (ICS) security. One of our research targets for the competition was the Unified Automation C++-based OPC UA Server SDK. Other than the vulnerabilities we disclosed as part of the pwn2own competition, we managed to find and…
Read More

Popular Tags