Welcome to the JFrog Blog

Latest:

Mind Your Dependencies: Defending against malicious npm packages

January 25, 2022 Ilya Khivrich

6 min read

Modern software projects are mostly composed of open source code. The question of who really controls this code, and is responsible for detecting and fixing software supply chain security issues, became a significant source of concern after the discovery of the Log4Shell vulnerability. In a more recent development, the highly popular colors and faker npm…

Read More
Pulling All Your Kubernetes Cluster Images from a Private Artifactory Registry

Pulling All Your Kubernetes Cluster Images from a Private Artifactory Registry

January 3, 2022 Yaniv Rozenboim - Cloud Security Architect, Uri Peled - Production Engineer, Dana Rozen - IR SecOps Engineer | 6 min read

There are many benefits to working with JFrog Artifactory as your private Docker registry, allowing you to store, share and deploy your binary artifacts in a single source of truth. This blog post will focus on using Artifactory in Kubernetes. Specifically, we’ll walk through the steps for configuring Kubernetes to pull images from Artifactory and…
Read More
Log4j Vulnerability Alert: 100s of Exposed Packages Uncovered in Maven Central

Log4j Vulnerability Alert: 100s of Exposed Packages Uncovered in Maven Central

December 30, 2021 Ilya Khivrich | 5 min read

The high risk associated with newly discovered vulnerabilities in the highly popular Apache Log4j library - CVE-2021-44228 (also known as Log4Shell) and CVE-2021-45046 - has led to a security frenzy of unusual scale and urgency. Developers and security teams are pressed to investigate the impact of  Log4j vulnerabilities on their software, revealing multiple technical challenges…
Read More
Log4j Detection with JFrog OSS Scanning Tools

Log4j Detection with JFrog OSS Scanning Tools

December 28, 2021 Ilya Khivrich | 4 min read

The discovery of the Log4Shell vulnerability in the ubiquitous Apache Log4j package is a singular event in terms of both its impact and severity. Over 1 million attack attempts exploiting the Log4Shell vulnerability were detected within days after it was exposed, and it may take years before we see its full impact. While it's hard…
Read More
Catching Log4j in the Wild: Find, Fix and Fortify

Catching Log4j in the Wild: Find, Fix and Fortify

December 23, 2021 Gianni Truzzi | 9 min read

At many organizations, the surprise discovery that the widely used Apache log4j open source software has harbored a longtime critical vulnerability was as if Scrooge and the Grinch had teamed up for the biggest holiday heist of all. Incident response teams across the globe have scrambled to remediate thousands, if not millions of applications. “For…
Read More
Create Your Software Distribution “Fast Lane” with Distribution Edges

Create Your Software Distribution “Fast Lane” with Distribution Edges

December 22, 2021 Avigail Ofer | 9 min read

Accelerating software distribution is a critical part of the modern DevOps stack. Modern application development has created new challenges around distribution at scale, leading organizations to rethink their software distribution infrastructure. JFrog Distribution enables enterprises to easily create their fast, scalable converged software distribution infrastructure by combining two components that can be deployed in multi-tier,…
Read More
Rethinking Your Software Distribution Infrastructure

Rethinking Your Software Distribution Infrastructure

December 22, 2021 Avigail Ofer | 4 min read

Accelerating software distribution is a critical part to enabling enterprise delivery at scale. Throughout the SDLC processes, we’re required to continuously distribute software packages -- either to remote development teams as part of CI cycles, to production environments or devices for deployments, or for public downloads by your developers or partners ecosystem. The key attributes…
Read More
Log4j Log4Shell Vulnerability Q&A

Log4j Log4Shell Vulnerability Q&A

December 21, 2021 Asaf Cohen | 5 min read

In our recent webinar, Log4j Log4Shell Vulnerability Explained: All You Need To Know, our  Senior Director Security Research expert Shachar Menashe shared information on the security issue and how to detect and remediate it. We are happy to share additional information in the following Q&A, based on the questions raised during the webinar. The Log4j…
Read More
Your Log4shell Remediation Cookbook Using the JFrog Platform

Your Log4shell Remediation Cookbook Using the JFrog Platform

December 18, 2021 Asaf Cohen | 9 min read

UPDATED 1/14/2022: Added information on JFrog tool to patch Docker images in Artifactory repositories. Last week, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java (specifically, the 2.x branch called Log4j2). The vulnerability was originally discovered and reported to…
Read More
swampUP 2022 CFP Now Open

swampUP 2022 CFP Now Open

December 16, 2021 Lori Lorusso | 2 min read

We are very excited to announce that the call for paper (CFP) for JFrog’s annual user conference, swampUP 2022 is now open! The CFP is open from December 15 - February 1, 2022. This is your opportunity to share your knowledge with a community of developers, DevOps engineers, security professionals, SREs, IT leaders, and more!…
Read More

Popular Tags

Try the JFrog Platform

In the cloud or self-hosted

Start for Free

or Book a Demo