A leap forward in DevOps security In today’s interconnected world, secrets are the keys to unlocking sensitive data and systems. Like hidden gems for attackers, any inadvertent exposure of these secrets could lead to data breaches, unauthorized access, and security compromises. As organizations adopt DevOps practices, artifacts containing secrets are often stored and shared across …
When scanning packages, CVE (Common Vulnerabilities and Exposures) scanners can find thousands of vulnerabilities. This leaves developers with the painstaking task of sifting through long lists of vulnerabilities to identify the relevance of each, only to find that many vulnerabilities don’t affect their artifacts at all. Vulnerability Contextual Analysis uses the artifact context to eliminate …
TL;DR In part one of this series, we looked at what is a dependency, different types of dependencies, and their benefits in our code. In part two, we’ll look at the risks of using dependencies. Whenever we add a dependency we are increasing the risks of any software development cycle. What can possibly go wrong? …
TL;DR We use software dependencies as part of our ongoing daily work. In part one of this series, we’ll take a look into what dependencies are, why we use them and the tools we can use to manage them and gain trust in our software supply chain. Software Dependencies Dependencies are artifacts that enable applications …
Introducing the newest member of the JFrog ecosystem team – Frogbot. This new git bot tool works for you by protecting your git projects, as they are being developed, from security vulnerabilities. Register for my talk “Bots to Protect your Source Code” swampUP 2022 How does Frogbot work? The concept is simple. Frogbot scans every …
