Securing your software supply chain is crucial for ensuring the integrity and security of the software you develop and deliver. Here are the top 8 security best practices for a secure software supply chain. Tip # 1: Security Awareness Training Security awareness starts at the core of your organization. Educate your development and operations teams …
JFrog Artifactory is a “binary artifact repository with a name that is so well known that it is synonymous with artifact repositories in general.” But why is Artifactory the solution chosen by most Fortune 100 companies and millions of developers for their artifact and binary management? Let’s start by looking at a few elements that …
The JFrog Security research team constantly monitors open-source projects to find new vulnerabilities or malicious packages and share them with the wider community to help improve their overall security posture. As part of this effort, the team recently discovered a new security vulnerability in plexus-archiver, an archive creation and extraction package. plexus-archiver is used in …
A leap forward in DevOps security In today’s interconnected world, secrets are the keys to unlocking sensitive data and systems. Like hidden gems for attackers, any inadvertent exposure of these secrets could lead to data breaches, unauthorized access, and security compromises. As organizations adopt DevOps practices, artifacts containing secrets are often stored and shared across …
Update – October 11, 2023: This blog has been updated to include all the details that have been published about the vulnerabilities. On Wednesday, October 4th 2023, Daniel Stenberg, one of Curl’s core maintainers announced that a forthcoming release of Curl, version 8.4.0, is scheduled to be available on October 11th 2023 at approximately 06:00 …
A few years ago, a dear friend of mine, and one of the best role models I could wish for as a COO, Vered Raviv Schwartz, wrote a great article which described in the best words I could ever think of the role of the COO. In this same article, she also referred to the …
With five keynotes and 15 breakout sessions in one day, there was no shortage of important industry knowledge and key insights from this year’s JFrog swampUP DevOps and DevSecOps user conference. Presenters discussed the role of DevOps at Netflix, how Fidelity migrated to the Cloud, the trend of shifting further left than left, and more. …
Every year, JFrog brings the DevOps community and some of the world’s leading corporations together for the annual swampUP conference, aimed at providing real solutions to developers and development teams in practical ways to prepare us all for what’s coming next. Since the inception of swampUP – and truthfully since the creation of Artifactory – …
JFrog’s IDE integrations such as IntelliJ and VS Code, allow developers to work with the JFrog Platform right from within their existing dev environment. By leveraging the advantages of JFrog’s features, developers can develop, build, and deploy applications quickly and securely. Large organizations working with the JFrog Platform, can now easily use a SSO (single-sign-on) …
JFrog’s Partner Day was full of insights, strategies, and program announcements that will shape the future of DevOps and DevSecOps. Partners from all over the world attended and participated as our launch partners. Tali Notman, JFrog CRO, kicked off the keynote with an overview of JFrog’s growth strategy and JFrog’s vision of the connected ecosystem. …
