ISO/IEC 27001 is an information security standard that is quickly becoming a must-have for any organization that handles proprietary customer data. ISO 27001 certification is now often a requirement to do business, particularly for IT and SaaS organizations – JFrog included! In this blog, you’ll learn more about ISO 27001, how to get certified, and …
Open-source software repositories have become one of the main entry points for attackers as part of supply chain attacks, with growing waves using typosquatting and masquerading, pretending to be legitimate. The JFrog Security Research team regularly monitors open-source software repositories using advanced automated tools, in order to detect malicious packages. In cases of potential software …
Data-driven decisions are critical. And to support high-stakes decision-making – from fraud detection in credit card transactions to demand forecasting in retail – organizations are increasingly relying on complex models. According to McKinsey, 78% of organizations report using AI in at least one business function, highlighting just how embedded AI and ML models have become …
Today, businesses must rethink GRC (Governance, Risk, and Compliance) to stay ahead of the game. With a proactive approach, GRC isn’t a cost center; it’s a strategy to streamline innovation at scale. We’ll discuss how to build your foundation for GRC with a proactive stance, helping you grow and protect your business. The Need for …
From optimizing supply chains to personalizing customer experiences, artificial intelligence and machine learning models are no longer statistics-based revenue initiatives; they’re foundational to modern business strategy. Organizations are pouring resources into developing and deploying AI, driven by the promise of unprecedented efficiency, insight, and competitive advantage. Yet, beneath this surging wave of innovation lies a …
Cloudsmith claims that they are an enterprise-ready solution, a platform designed to meet the needs of modern organizations at scale. On the surface, they “talk the talk”: reliability, performance, security, scalability — they even go as far as presenting themselves as an “infinitely-scalable alternative to JFrog”. However, when a vendor claims to be built for …
The software industry stands at the precipice of a “Quantum Shift,” driven by rapid AI advancements and digital demands that require a fundamental transformation in how software is built, secured, and scaled. JFrog’s annual swampUP conference is the ultimate gathering of the brightest minds in DevOps, DevSecOps, and MLOps where they exchange ideas, insights and …
We are delighted to share the exciting news that JFrog has earned the “Deployed on AWS” badge in AWS Marketplace, marking yet another milestone in our journey of innovation and collaboration with Amazon Web Services (AWS). This achievement underscores our commitment to providing cutting-edge solutions that leverage AWS’s robust infrastructure to enhance the user experience …
The Breach: A High-Impact Compromise JounQin’s npm account, the maintainer of popular packages such as eslint-config-prettier, was compromised in a phishing attack. The attackers used the breached credentials to publish six malicious versions of eslint-config-prettier, along with three additional infected packages tied to the same account. In total, the compromised packages see roughly 78 million …
Attestations, or as we like to call them, evidence, are a critical piece to proving software supply chain integrity and security. However, without the right tools and processes, reviewing and verifying attestations can be time-consuming. At JFrog, we’re deeply committed to empowering developers, DevOps, and Security teams to make these complex workstreams as simple as …
