JFrog Contextual Analysis 203x148

Turns out 78% of reported CVEs on top DockerHub images are not really exploitable

Research motivations Similarly to our previous research on “Secrets Detection,” during the development and testing of JFrog Xray’s new “Contextual Analysis” feature, we wanted to test our detection in a large-scale real-world use case, both for eliminating bugs and testing the real-world viability of our current solution. However, unlike the surprising results we got in our …

JFrog Advanced Security - 1 Secrets Detection - The full report

JFrog’s security scanners discovered thousands of publicly exposed API tokens – and they’re active! The Full Report

Note: This report was previously published in InfoWorld When developing the recently announced JFrog Advanced Security, our Research team decided to try out its new “Secrets Detection” feature. Our goal was to test our vulnerability detection on as much real world data as possible, to make sure we eliminate false positives and catch any bugs …

CVE-2021-38297 - Analysis of a Go Web Assembly vulnerability

CVE-2021-38297 – Analysis of a Go Web Assembly vulnerability

The JFrog Security Research team continuously monitors reported vulnerabilities in open-source software (OSS) to help our customers and the wider community be aware of potential software supply chain security threats and their impact. In doing so, we often notice important trends and key learnings worth highlighting. The following analysis of a vulnerability discovered in the …

Pwn2Own Industrial Hacking Contest (#2)

SATisfying our way into remote code execution in the OPC UA industrial stack

The JFrog Security team recently competed in the Pwn2Own Miami 2022 hacking competition which focuses on Industrial Control Systems (ICS) security. One of our research targets for the competition was the Unified Automation C++-based OPC UA Server SDK. Other than the vulnerabilities we disclosed as part of the pwn2own competition, we managed to find and …

Crashing Industrial Control Systems at Pwn2Own Miami 2022

Earlier this year, the JFrog Security research team competed in the Pwn2Own Miami 2022 hacking competition which focuses on Industrial Control Systems (ICS) security. We were proud to take part in this competition and join other researchers in the effort to make mission-critical industrial environments safe and secure. During the Pwn2Own Miami competition we competed …

Yalla DevOps 2022

Recapping Yalla! DevOps 2022

TL;DR Yalla! DevOps 2022 community event — Learning. Networking. Fun. Driven by the DevOps community. All about the DevOps community. Yalla! DevOps was back again this year with an exciting lineup of content ranging from DevOps, DevSecOps, professional development and more. Local speakers from the DevOps community and industry leaders from around the world took …

Machine Learning Valohai and JFrog Connect

Continuous Training and Deployment for Machine Learning (ML) at the Edge

Running machine learning (ML) inference in Edge devices close to where the data is generated offers several important advantages over running inference remotely in the cloud. These include real-time processing, lower cost, the ability to work without connectivity and with increased privacy. However, today, implementing an end-to-end ML system for edge inference and continuous deployment …

Testing resiliency against malicious package attacks: a double-edged sword?

Testing resiliency against malicious package attacks: a double-edged sword?

The JFrog Security research team continuously monitors popular open-source software (OSS) repositories with our automated tooling to avert potential software supply chain security threats, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. At times, we notice trends that are worth analyzing and learning from. Recently, we’ve noticed a …

Creating your first Pub project with JFrog Artifactory

Developers today need to build software from many platforms in order to reach their users. All while maintaining quality and achieving the best user experience possible. This can be a challenging task when you need to meet the growing needs of software development. This is where the Dart and Flutter come into the picture. A …