Managing and securing the software supply chain is crucial for trusted releases, but as any tech organization knows, it also presents significant challenges. With over 15 years of experience and a dedicated security research team, we at JFrog understand these threats. In a rapidly evolving post-AI world, DevSecOps teams are struggling to keep pace with โฆ
The speed of todayโs software development lifecycle is only getting faster. However, the complexity of todayโs pipelines make it hard to track and manage the processes software releases must go through. With increasing regulatory pressures, ensuring and proving your software has gone through the necessary quality controls is no longer nice to have โ it โฆ
As we delve deeper into the era of software reliance, the 2024 JFrog Software Supply Chain report emerges as required reading for developers and DevOps professionals who are at the frontline of todayโs technological innovations. DevOps and development themes from the 2024 report The report combines Artifactory data, analysis from the JFrog Security Research team, โฆ
Developers simply want to write code without interruption, while operations wish to build as fast as possible and deploy without restrictions. On the other hand, security professionals want to protect every step of the software supply chain from any potential security threats and vulnerabilities. In software development, every piece of code can potentially introduce vulnerabilities โฆ
In todayโs fast-paced software development landscape, managing and securing the software supply chain is crucial for delivering reliable and trusted software releases. With that in mind, itโs important to assess whether your organization is set up to handle the continuous expansion of the open-source ecosystem and an ever-growing array of tools to incorporate into your โฆ
2023 was a big year. There were many interesting challenges and exciting developments within our industry, like the continued evolution of AI/ML, the discovery and remediation of widespread CVEs, and major leaps forward in the realm of end-to-end software supply chain security. In that spirit, we want to recap the news and articles that you โฆ
UPDATE: Following the announcement at swampUP 2023, JFrog Curation now features a web user interface for its Catalog database service. This enables JFrog customers to search and explore over 4 million open-source packages for their up-to-date metadata including its versions, install command, dependencies, vulnerabilities (including any transitive ones), license types, OpenSSF aggregate score, and any โฆ
For anyone involved in software development, the โinfinity loopโ is synonymous with DevOps โ and rightfully so. We know that software is rarely in a static state for very long. Continuous updates are required to meet the demands of users and to deliver more value, faster than the competition. You might be wondering: Out of โฆ
The RSA Conference 2023 addressed several key issues and trends in the cybersecurity industry. Generative AI was a key topic of discussion, with attendees, executives and policymakers seeing its potential in both offense and defense in the cybersecurity arms race. The White Houseโs National Cybersecurity Strategy was also a topic of conversation across panels and โฆ
Analyzing Impala Stealer โ Payload of the first NuGet attack campaign In this blog post, weโll provide a detailed analysis of a malicious payload weโve dubbed โImpala Stealerโ, a custom crypto stealer which was used as the payload for the NuGet malicious packages campaign weโve exposed in our previous post. The sophisticated campaign targeted .NET โฆ
