IDC LINK: JFrog Introduces New Software Supply Chain Security Capabilities

As software becomes increasingly complex, the need to secure the software supply chain becomes more important — and more difficult.  But how can businesses address the challenges of securing their software supply chain? The International Data Corporation (IDC) offers critical insight. Following the release of JFrog Advanced Security on October 18, 2022 – the world’s …

JFrog Contextual Analysis 203x148

Turns out 78% of reported common CVEs on top DockerHub images are not really exploitable

Research motivations Similarly to our previous research on “Secrets Detection,” during the development and testing of JFrog Xray’s new “Contextual Analysis” feature, we wanted to test our detection in a large-scale real-world use case, both for eliminating bugs and testing the real-world viability of our current solution. However, unlike the surprising results we got in our …

JFrog Advanced Security - 1 Secrets Detection - The full report

JFrog’s security scanners discovered thousands of publicly exposed API tokens – and they’re active! The Full Report

Note: This report was previously published in InfoWorld When developing the recently announced JFrog Advanced Security, our Research team decided to try out its new “Secrets Detection” feature. Our goal was to test our vulnerability detection on as much real world data as possible, to make sure we eliminate false positives and catch any bugs …

Pie chart displaying number of artifacts that were analyzed by JFrog Secrets Detection by platform. DockerHub made up the biggest slice, with 5.78 million of the 8 million scanned artifacts.

JFrog’s Advanced Security Scanners Discovered Thousands of Publicly Exposed API Tokens – And They’re Active

Read our full research report on InfoWorld The JFrog Security Research team released the findings of a recent investigation wherein they uncovered thousands of publicly exposed, active API tokens. This was accomplished while the team tested the new Secrets Detection feature in the company’s JFrog Advanced Security solution, part of JFrog Xray.  The team scanned …

Announcing JFrog Advanced Security

DevOps-Centric Security is Finally Here | Announcing JFrog Advanced Security

Today marks an exciting day for JFrog and a substantial step forward towards ensuring end-to-end software supply chain security. JFrog Advanced Security is our unique approach for DevOps-centric security, and the only solution that was built especially for today’s modern DevOps workflows. Developers and the DevOps infrastructure are now the attack vector for today’s hackers …