Preventing the next Log4j

How to Prevent the Next Log4j Style Zero-Day Vulnerability

Note: This blog post was previously published on Dark Reading Software testing is notoriously hard. Search Google for CVEs caused by basic CRLF (newline character) issues and you’ll see thousands of entries. Humanity has been able to put a man on the moon, but it hasn’t yet found a proper way to handle line endings …

Scanning Dependencies in your sources using JFrog CLI and Xray

Scan your software packages for security vulnerabilities with JFrog Xray

Scanning your packages for security vulnerabilities and license violations with SCA Tools should be done as early as possible in your SDLC, and the earlier the better. This concept is also known as “Shifting Left”, which helps your organization comply with security policies and standards early on in the software development process. As developers, this …

DevSecOps 101 Webinar Series

DevSecOps 101 Webinar Series

Security should be embedded into the DevOps workflow by default, but for many organizations, it isn’t. Enter “DevSecOps”. What is DevSecOps? It is a practice to build more secure applications, secure the software supply chain, and secure cloud and on-prem workloads. It is an essential practice that needs visibility. Our new “DevSecOps 101” webinar series …

Secure your git repository with Frogbot the git bot

Introducing the newest member of the JFrog ecosystem team – Frogbot. This new git bot tool works for you by protecting your git projects, as they are being developed, from security vulnerabilities. Register for my talk “Bots to Protect your Source Code” swampUP 2022 How does Frogbot work? The concept is simple. Frogbot scans every …

How to Integrate JFrog and Cycode

How to Integrate JFrog and Cycode

Four years ago the Clark School of engineering at the University of Maryland published a study quantifying that there is some kind of hacker attack happening every 39 seconds (on average). Which is unreal!! Source: University of Maryland A cyberattack can harm millions of people. Let’s take for example the Atlanta ransomware attack that used …

SpringShell / Spring4Shell Remediation Cookbook

Your SpringShell (Spring4Shell) Remediation Cookbook Using the JFrog Platform

A new zero-day exploit in the spring-web package called “SpringShell” (nicknamed “Spring4Shell”) was just leaked and is threatening the internet and the community. The JFrog security research team is investigating the exploit and continuously updating our blog post with technical details on the SpringShell (Spring4Shell) vulnerability.  In this technical blog post, we explain how you …

How to Use Pub Repositories in Artifactory

If you’re one of the growing number of client app developers embracing the Dart programming language and Flutter and AngularDart toolkits, we’ve got some exciting news for you!  JFrog can now welcome Dart developers to the empowerment of Artifactory’s robust binaries management and the ways that it contributes to continuous integration. We’ve added Pub, the …

Customizing the JFrog Xray Horizontal Pod Autoscaler

In cloud native computing (Kubernetes in our case), there is a requirement to automatically scale the compute resources used for performing a task. The autoscaling cloud computer strategy allows to dynamically adjust the active number of application servers and allocated resources instead of responding manually in real-time to traffic surges that necessitate more resources and …