As we all know, team collaboration can sometimes be a bit complicated. Especially when different teams in the organization strive to achieve their own individual goals. This is where new organizational practices, such as DevOps and DevSecOps, have paved the path for us to work together and achieve our mutual goals. Take a look at โฆ
Welcome to the second post in our series on Malicious Software Packages. This post focuses on the infection methods attackers use to spread malicious packages, and how the JFrog Security research team unveiled them. If you missed the first blog, here are some key takeaways: Third-party software packages contain vulnerabilities or malicious code delivered through โฆ
As part of our ongoing efforts to offer you the most comprehensive and advanced SDLC protection capabilities, JFrog continues to boost the capabilities of our JFrog Xray security and compliance product. In this blog, we offer an overview of recent Xray improvements, all aimed at helping you fortify your software, reduce risk, scale security, streamline โฆ
Always a concern for DevOps teams, security has now become a critical part of developing and releasing software โ a reality reflected on the sharp increase in JFrog blogs about DevSecOps. In fact, we generated so many hard-hitting and instructive blogs about security and compliance in 2021 that we decided our DevSecOps coverage deserved its โฆ
JFrog has been hard at work behind the scenes restructuring how we share information with the developer community. We wanted to create a one-stop resource for developers who code in a variety of languages, with a focus on DevOps, DevSecOps, and cloud native technologies. So without further ado โฆ let me introduce you to our โฆ
Together with the community, JFrog pioneered what we now know as DevOps with a focus on binaries (aka software packages, artifacts or images). A decade ago, no one thought binary management would be a thing โ now itโs a standard most companies canโt live without. Back then, we said software universality would be necessary, and โฆ
The high risk associated with newly discovered vulnerabilities in the highly popular Apache Log4j library โ CVE-2021-44228 (also known as Log4Shell) and CVE-2021-45046 โ has led to a security frenzy of unusual scale and urgency. Developers and security teams are pressed to investigate the impact of Log4j vulnerabilities on their software, revealing multiple technical challenges โฆ
At many organizations, the surprise discovery that the widely used Log4Shell open source software has harbored a longtime critical vulnerability was as if Scrooge and the Grinch had teamed up for the biggest holiday heist of all. Incident response teams across the globe have scrambled to remediate thousands, if not millions of applications. โFor cybercriminals this โฆ
The recently released JFrog Xray versions 3.31 & 3.32 have brought to the table a raft of new capabilities designed to improve and streamline your workflows, productivity and user experience. The new features, detailed below, solidify Xray as the optimum universal software composition analysis (SCA) solution for JFrog Artifactory thatโs trusted by developers and DevSecOps โฆ
The vulnerability disclosure process involves reporting security flaws in software or hardware, and can be complex. Cooperation between the organization responsible for the software or hardware, and the security researcher who discovers the vulnerability can be complicated. In this blog weโll look at the vulnerability disclosure process, the parties involved and how they can collaborate โฆ
