Announcing JFrog Curation: Defend Your Software Supply Chain by Curating Open-Source Packages Entering Your Organization

UPDATE: Following the announcement at swampUP 2023, JFrog Curation now features a web user interface for its Catalog database service. This enables JFrog customers to search and explore over 4 million open-source packages for their up-to-date metadata including its versions, install command, dependencies, vulnerabilities (including any transitive ones), license types, OpenSSF aggregate score, and any …

devops infinity loop

Understanding a release-first approach to software supply chain management

For anyone involved in software development, the “infinity loop” is synonymous with DevOps — and rightfully so. We know that software is rarely in a static state for very long. Continuous updates are required to meet the demands of users and to deliver more value, faster than the competition. You might be wondering: Out of …

Analyzing Impala Stealer – Payload of the first NuGet attack campaign

Analyzing Impala Stealer – Payload of the first NuGet attack campaign In this blog post, we’ll provide a detailed analysis of a malicious payload we’ve dubbed “Impala Stealer”, a custom crypto stealer which was used as the payload for the NuGet malicious packages campaign we’ve exposed in our previous post. The sophisticated campaign targeted .NET …

Integrate JFrog and GitLab CI

Complete your Software Supply Chain with GitLab CI/CD and JFrog

Software is more than building code. Developing software and ensuring quality builds requires managing a complete software supply chain. With the many security threats across the supply chain, managing each and every aspect of the software you deliver to your customers, including the entire process of how it was made, is critical to your organization. …

JFrog Took Security to New Heights in 2021

With security now a critical “must have” for DevOps teams, JFrog significantly deepened and extended our platform’s already solid security capabilities in 2021. In this post, we’ll look back at our major advances last year – and look forward at what’s to come in 2022.  Our goal: To explain how we’re providing to our customers …

Malicious npm Packages Are After Your Discord Tokens – 17 New Packages Disclosed

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. Most recently we disclosed 11 malicious packages in the PyPI repository, a discovery that shows attacks are getting more sophisticated in their approach. …

Get Cybersmart with JFrog This October

We live in a world of increasingly connected devices – phones, digital assistants, smart watches, cars, thermostats, refrigerators, windmills, and more. More than 50% of the world’s population is now online and two-thirds own a mobile device, according to the World Economic Forum. Additionally, the codebase of today’s applications typically consists mainly of open source …

Scaling Software Supply Chains Securely

Software supply chains are mission-critical for digital businesses, and as global conditions accelerate the growth in contactless interactions and transactions, many organizations are reviewing how to solve the challenge of scaling the volume and velocity of their software development and release processes to meet the digital demand.  The latest JFrog Platform release delivers a rich …