JFrog’s Best DevSecOps Blogs of 2021

Always a concern for DevOps teams, security has now become a critical part of developing and releasing software – a reality reflected on the sharp increase in JFrog blogs about DevSecOps. In fact, we generated so many hard-hitting and instructive blogs about security and compliance in 2021 that we decided our DevSecOps coverage deserved its …

Log4shell Vulnerability Explained

Log4j Log4Shell 0-Day Vulnerability: All You Need To Know

Update 12/28/2021 Added: Impact analysis of CVE-2021-44832 Update 12/27/2021 Expanded: Exploiting Log4j2 2.15.0 for remote code execution – new bypass method Update 12/27/2021 Expanded: LOG4J_FORMAT_MSG_NO_LOOKUPS mitigation bypass – more vulnerable configurations Update 12/27/2021 Added: Log4Shell Timeline   Update 12/19/2021 Added: Impact analysis of CVE-2021-45105 Update 12/17/2021 Added: Exploiting Log4j2 2.15.0 for remote code execution (using new mitigation …

Head-to-Head: Penetration Testing vs. Vulnerability Scanning

To release reasonably secure products, vendors must integrate software security processes throughout all stages of the software development lifecycle. That would include product architecture and design; implementation and verification; deployment and monitoring in the field; and back again to design to address the changing threat landscape, market needs, and product issues. In this blog post, …

IT IS TIME TO TRUST YOUR SOFTWARE!

JFrog Xray – not just another security vulnerabilities scanner. We have just officially launched JFrog Xray, and were already asked by customers why we think JFrog Xray should be used instead of $YOUR_FAVORITE_SECURITY_SCANNING_TOOL. Is Xray like Black Duck? Maybe it’s like Docker Security Scanning? Maybe it’s similar to Sonatype Nexus Component Intelligence? Before getting into …