Blog Home

Announcing JFrog Curation: Defend Your Software Supply Chain by Curating Open-Source Packages Entering Your Organization
September 13, 2023

UPDATE: Following the announcement at swampUP 2023, JFrog Curation now features a web user interface for its Catalog database service. This enables JFrog customers to search and explore over 4 million open-source packages for their up-to-date metadata including its versions, install command, dependencies, vulnerabilities (including any transitive ones), license types, OpenSSF aggregate score, and any …

Read More
devops infinity loop

Understanding a release-first approach to software supply chain management
September 01, 2023

For anyone involved in software development, the “infinity loop” is synonymous with DevOps — and rightfully so. We know that software is rarely in a static state for very long. Continuous updates are required to meet the demands of users and to deliver more value, faster than the competition. You might be wondering: Out of …

Read More

Analyzing Impala Stealer – Payload of the first NuGet attack campaign
April 10, 2023

Analyzing Impala Stealer – Payload of the first NuGet attack campaign In this blog post, we’ll provide a detailed analysis of a malicious payload we’ve dubbed “Impala Stealer”, a custom crypto stealer which was used as the payload for the NuGet malicious packages campaign we’ve exposed in our previous post. The sophisticated campaign targeted .NET …

Read More
Integrate JFrog and GitLab CI

Complete your Software Supply Chain with GitLab CI/CD and JFrog
February 27, 2023

Software is more than building code. Developing software and ensuring quality builds requires managing a complete software supply chain. With the many security threats across the supply chain, managing each and every aspect of the software you deliver to your customers, including the entire process of how it was made, is critical to your organization. …

Read More

JFrog Took Security to New Heights in 2021
February 09, 2022

With security now a critical “must have” for DevOps teams, JFrog significantly deepened and extended our platform’s already solid security capabilities in 2021. In this post, we’ll look back at our major advances last year – and look forward at what’s to come in 2022.  Our goal: To explain how we’re providing to our customers …

Read More

Malicious npm Packages Are After Your Discord Tokens – 17 New Packages Disclosed
December 08, 2021

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. Most recently we disclosed 11 malicious packages in the PyPI repository, a discovery that shows attacks are getting more sophisticated in their approach. …

Read More

Get Cybersmart with JFrog This October
October 05, 2021

We live in a world of increasingly connected devices – phones, digital assistants, smart watches, cars, thermostats, refrigerators, windmills, and more. More than 50% of the world’s population is now online and two-thirds own a mobile device, according to the World Economic Forum. Additionally, the codebase of today’s applications typically consists mainly of open source …

Read More

Scaling Software Supply Chains Securely
March 31, 2021

Software supply chains are mission-critical for digital businesses, and as global conditions accelerate the growth in contactless interactions and transactions, many organizations are reviewing how to solve the challenge of scaling the volume and velocity of their software development and release processes to meet the digital demand.  The latest JFrog Platform release delivers a rich …

Read More

Popular Tags