The JFrog Security Research team is constantly looking for new and previously unknown vulnerabilities and security issues in popular open-source projects to help improve their security posture and defend the wider software supply chain. As part of this effort, we recently discovered and disclosed multiple vulnerabilities in popular Rust projects such as Axum, Salvo and …
Last August, the maintainers of the LastPass cloud-based password manager tool reported a security breach in their servers. The disclosure maintained that an unauthorized party gained access to the LastPass development environment through a single compromised developer account. However – while source code and technical information was stolen, no user data was compromised and no …
As businesses strive to keep up with the speed of digital transformation, they’re turning to DevOps practices to help them automate the delivery of code changes. In a world where delivering secure quality software updates fast-drives business value, enter the JFrog Cloud DevOps Platform. The JFrog Platform unifies, accelerates, and secures your software delivery, from …
The modern software supply chain is complex. JFrog internal data shows that most enterprises use 12+ package types and 90 percent of applications depend on open source software. Additionally, there is a wide array of tools to support the software development process, including Source Code Managers (SCMs), Integrated Development Environments (IDEs), CI/CD suites, and more. …
After two years of virtual and reduced-size events, AWS re:Invent was in full swing for 2022 with over 50,000 attendees — more than double 2021’s in-person attendance. Among the many new service and feature announcements, there were two themes that resonated (re:Sonated?): event-driven architectures and cloud-powered innovation. These uniquely position AWS partners to accelerate their …
Red Hat OpenShift is an enterprise Kubernetes container platform. It lets you build Docker images and use them to deploy your applications on a cloud-like environment (even if it’s not really on the cloud, rather a simulated cloud environment). Images built in OpenShift can be easily pushed into JFrog Artifactory – JFrog’s leading universal repository …
The JFrog Security Research team continuously monitors popular open-source software (OSS) repositories with our automated tooling, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. Most PyPI malware today tries to avoid static detection using various techniques: starting from primitive variable mangling to sophisticated code flattening and steganography techniques. …
As macroeconomic pressures increase, it’s common to hear more in corporate hallways about “Tail Spend.” But what is it, and how can companies move this sometimes-shadowy expenditure into a strategic advantage for IT and DevOps teams? TOC: Here are some answers to commonly asked questions: What’s Tail Spend? Where can I find Tail Spend in my …
As software becomes increasingly complex, the need to secure the software supply chain becomes more important — and more difficult. But how can businesses address the challenges of securing their software supply chain? The International Data Corporation (IDC) offers critical insight. Following the release of JFrog Advanced Security on October 18, 2022 – the world’s …
The npm CLI has a very convenient and well-known security feature – when installing an npm package, the CLI checks the package and all of its dependencies for well-known vulnerabilities – The check is triggered on package installation (when running npm install) but can also be triggered manually by running npm audit. This is an …
