Welcome to the JFrog Blog

Latest:

CVE-2024-10524 Wget Zero Day Vulnerability

November 18, 2024 Goni Golan, Junior Security Researcher, JFrog Security

8 min read

While researching CVE-2024-38428 in GNU’s Wget, our team found a new 0-day vulnerability. The vulnerability, later assigned CVE-2024-10524, may lead to various types of attacks - including phishing, SSRF, and MiTM. These attacks can have severe consequences such as resource restriction bypass and sensitive information exposure. Upon discovering this vulnerability, our team responsibly disclosed it…

Read More

All Blogs

Machine Learning Bug Bonanza – Exploiting ML Services

Machine Learning Bug Bonanza – Exploiting ML Services

November 4, 2024 Shachar Menashe, JFrog Senior Director Security Research Or Peles, JFrog Vulnerability Research Team Leader Natan Nehorai, JFrog Application Security Researcher Ori Hollander, JFrog Security Researcher Uriya Yavnieli, JFrog Security Researcher | 18 min read

JFrog’s security research team continuously monitors open-source software registries, proactively identifying and addressing potential malware and vulnerability threats to foster a secure and reliable ecosystem for open-source software development and deployment. In our previous research on MLOps we noted the immaturity of the Machine Learning (ML) field often results in a higher amount of discovered…
Read More
New and Improved: The JFrog Packages User Experience

New and Improved: The JFrog Packages User Experience

October 31, 2024 Brian Chang, Product Marketing Manager, JFrog Adam Browning, Sr. Product Manager, JFrog | 4 min read

I think we can all agree that, in general, different users have different needs. For instance, we’ve found that developers generally use Artifactory to find, select, and then install packages into their development environment, while administrators tend to use Artifactory for troubleshooting, confirming package operations, and other related analyses. That’s why currently, developers and administrators…
Read More
Elevating DevSecOps: JFrog and GitHub’s Unified Platform Experience Deepens

Elevating DevSecOps: JFrog and GitHub’s Unified Platform Experience Deepens

October 29, 2024 Kristian Taernhed, Senior Technical Alliance Manager | 6 min read

GitHub Copilot Autofix + JFrog: Seamless Security for Developers Developers are expected to write new and more complex code to create leading-edge features in new software releases at a relenting pace. To do this they are looking for help from AI assistants like GitHub Copilot to help write better code, faster. They want to write,…
Read More
swampUP Recap: “EveryOps” is Trending as a Software Development Requirement

swampUP Recap: “EveryOps” is Trending as a Software Development Requirement

October 23, 2024 The JFrog Team | 6 min read

swampUP 2024, the annual JFrog DevOps Conference, was unique in it’s addressing not only more familiar DevOps and DevSecOps issues, but adding specific operational challenges, stemming from the explosive growth of GenAI and the resulting need for specialized capabilities for handling AI models and datasets, while supporting new personae such as AI/ML engineers, data scientists…
Read More
Mitigating Image Integrity Violations: A Real-World Example in Runtime Environments

Mitigating Image Integrity Violations: A Real-World Example in Runtime Environments

October 17, 2024 Asaf Ezra, R&D Group Leader, JFrog Ariel Antoni, Senior Product Manager, JFrog | 9 min read

In the never-ending quest to speed up software release cycles, ensuring the security and integrity of application artifacts has never been more critical. As applications are continuously built, tested, and deployed, every element of the software pipeline—from source code to container images—needs to be trusted and verifiable. A key aspect of maintaining this trust is…
Read More
Unix CUPS Unauthenticated RCE Zero-Day Vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177): All you need to know

Unix CUPS Unauthenticated RCE Zero-Day Vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177): All you need to know

September 27, 2024 Shachar Menashe, JFrog Senior Director Security Research Yair Mizrahi , JFrog Security Research Team Leader | 7 min read

On September 23rd, Twitter user Simone Margaritelli (@evilsocket) announced that he has discovered and privately disclosed a CVSS 9.9 GNU/Linux unauthenticated RCE, which affects almost all Linux distributions, and that the public disclosure will happen on September 30th, Due to a suspected leak in the disclosure process, @evilsocket decided to advance the disclosure, and on…
Read More
Proudly Announcing JFrog’s Full Conformance to OCI v1.1

Proudly Announcing JFrog’s Full Conformance to OCI v1.1

September 24, 2024 Brian Chang, Product Marketing Manager, JFrog Tom Arie, Product Manager, JFrog | 4 min read

JFrog has long supported standards widely used by developers, including OCI container images. We started with our OCI-compliant Docker registry, then followed up with dedicated JFrog Artifactory OCI repositories. In our continued commitment to developer freedom of choice, we’re excited to take another leap forward. JFrog is now fully conformant to OCI v1.1. Source: OCI…
Read More
Trusted Software Delivered!

Trusted Software Delivered!

September 20, 2024 Shlomi Ben Haim, CEO & Co-founder, JFrog | 6 min read

At swampUP 2024 in Austin just a few days ago, we explored the EveryOps Matters approach with the crowd of developers, driven by a consolidated view from their companies’ boardrooms and 2024 CIO surveys. The message was clear: “EveryOps” isn’t just a strategy or tech trend —  it’s a fundamental, ongoing mindset shift that must…
Read More
JFrog swampUP 2024: News and Updates Live From the Show Floor

JFrog swampUP 2024: News and Updates Live From the Show Floor

September 10, 2024 The JFrog Team | 19 min read

Live updates from this event have concluded. JFrog’s annual user conference, swampUP 2024, brings together developers, DevOps teams, security engineers, SREs, AI/ML Engineers, thought leaders, industry experts, and technical professionals from the world’s leading enterprises. Together, we’ll explore the latest advancements, best practices, and transformative strategies shaping modern EveryOps. Here are live keynote updates coming…
Read More
JFrog Unveils First Runtime Security Solution to Deliver Complete Software Integrity and Lineage from Code to Cloud

JFrog Unveils First Runtime Security Solution to Deliver Complete Software Integrity and Lineage from Code to Cloud

September 10, 2024 Asaf Karas, CTO Security, JFrog | 5 min read

When it comes to software supply chain security, we all do everything we can to prevent insecure software from being released into production. Hence we see software supply chain security shifting left to discover potential threats as early as possible in the software development lifecycle. But what happens when vulnerabilities are only discovered after an…
Read More

Popular Tags