Blog Home
Pie chart displaying number of artifacts that were analyzed by JFrog Secrets Detection by platform. DockerHub made up the biggest slice, with 5.78 million of the 8 million scanned artifacts.

JFrogโ€™s Advanced Security Scanners Discovered Thousands of Publicly Exposed API Tokens โ€“ And Theyโ€™re Active
October 20, 2022

Read our full research report on InfoWorld The JFrog Security Research team released the findings of a recent investigation wherein they uncovered thousands of publicly exposed, active API tokens. This was accomplished while the team tested the new Secrets Detection feature in the companyโ€™s JFrog Advanced Security solution, part of JFrog Xray.  The team scanned โ€ฆ

Read More
PyPI Leaked Token in Binary

Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine
July 09, 2024

The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Pythonโ€™s, PyPIโ€™s and Python Software Foundationโ€™s GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub. As a community service, the JFrog Security Research team continuously scans public repositories such as Docker Hub, โ€ฆ

Read More
Frogbot secrets detection

Unveiling Secrets Detection with JFrog Frogbot
October 17, 2023

A leap forward in DevOps security In todayโ€™s interconnected world, secrets are the keys to unlocking sensitive data and systems. Like hidden gems for attackers, any inadvertent exposure of these secrets could lead to data breaches, unauthorized access, and security compromises. As organizations adopt DevOps practices, artifacts containing secrets are often stored and shared across โ€ฆ

Read More

Popular Tags