Update May 11th: Following the publication of this blog post, a penetration testing company called โCode Whiteโ took responsibility for this dependency confusion attack The JFrog Security research team constantly monitors the npm and PyPI ecosystems for malicious packages that may lead to widespread software supply chain attacks. Last month, we shared a widespread npm โฆ
Security should be embedded into the DevOps workflow by default, but for many organizations, it isnโt. Enter โDevSecOpsโ. What is DevSecOps? It is a practice to build more secure applications, secure the software supply chain, and secure cloud and on-prem workloads. It is an essential practice that needs visibility. Our new โDevSecOps 101โ webinar series โฆ
Introducing the newest member of the JFrog ecosystem team โ Frogbot. This new git bot tool works for you by protecting your git projects, as they are being developed, from security vulnerabilities. Register for my talk โBots to Protect your Source Codeโ swampUP 2022 How does Frogbot work? The concept is simple. Frogbot scans every โฆ
Four years ago the Clark School of engineering at the University of Maryland published a study quantifying that there is some kind of hacker attack happening every 39 seconds (on average). Which is unreal!! Source: University of Maryland A cyberattack can harm millions of people. Letโs take for example the Atlanta ransomware attack that used โฆ
A new zero-day exploit in the spring-web package called โSpringShellโ (nicknamed โSpring4Shellโ) was just leaked and is threatening the internet and the community. The JFrog security research team is investigating the exploit and continuously updating our blog post with technical details on the SpringShell (Spring4Shell) vulnerability. In this technical blog post, we explain how you โฆ
Security operation teams continuously aim to focus on two main things: 1. Real cyber security threats (also known as โTrue Positive Alertsโ), and 2. Reducing response time, especially when you have so many different sources to monitor. However, in reality, we deal with hundreds of security alerts on a daily basis, many of which are โฆ
If youโre one of the growing number of client app developers embracing the Dart programming language and Flutter and AngularDart toolkits, weโve got some exciting news for you! JFrog can now welcome Dart developers to the empowerment of Artifactoryโs robust binaries management and the ways that it contributes to continuous integration. Weโve added Pub, the โฆ
The simplest way to manage and organize your Go dependencies is with a Go Repository. You need reliable, secure, consistent and efficient access to your dependencies that are shared across your team, in a central location. Including a place to set up multiple registries, that work transparently with the Go client. With the JFrog free โฆ
Just like many other production DevOps engineering teams, our JFrog team deploys new version releases several times a day to AWS, Azure and GCP, across more than 20 cloud regions. This process used to take us many hours and could have even failed if it was done alongside maintenance by other teams. As part of โฆ
Dealing with hundreds of security alerts on a daily basis is a challenge. Especially when many are false positives that waste our time and all take up too much of our valuable time to sift through. Let me tell you how our security team fixed this, as we built security around the JFrog products. First, โฆ
