Blog Home
PyPI Leaked Token in Binary

Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine
July 09, 2024

The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub. As a community service, the JFrog Security Research team continuously scans public repositories such as Docker Hub, …

Read More
what is jfrog security

What is JFrog Security?
January 08, 2024

The security of the software supply chain is rapidly becoming a paramount concern for organizations — and for good reason. With the increasing number of published Common Vulnerabilities and Exposures (CVEs), developers face the challenge of delivering software faster than ever before. However, in their quest for speed, many dev and security teams have resorted …

Read More
Next Is Now - swampUP 2023 wrap up

Release with Trust or Die.
Key swampUP 2023 Announcements
September 14, 2023

Every year, JFrog brings the DevOps community and some of the world’s leading corporations together for the annual swampUP conference, aimed at providing real solutions to developers and development teams in practical ways to prepare us all for what’s coming next. Since the inception of swampUP – and truthfully since the creation of Artifactory – …

Read More

Prevent Credential Exposure in Code
June 28, 2023

In today’s software development world, developers rely on numerous types of secrets (credentials), to facilitate seamless interaction between application components. As modern applications become more complex and require authentication for services and dependencies, the practice of hardcoding secrets during software development is on the rise. The most common types of credentials are: Application Program Interface …

Read More
JFrog Advanced Security now available in IDEs

Save time fixing security vulnerabilities much earlier in your SDLC
March 22, 2023

Are you or your development team tired of using application security tools that generate countless results, making it difficult to identify which vulnerabilities pose actual risks? Do you struggle with inefficient or incorrect prioritization due to a lack of context? What adds insult to injury is that traditional CVSS scoring methods ignore critical details like …

Read More
Advanced DevOps Security With Development Flexibility

Advanced DevOps Security With Development Flexibility
March 07, 2023

Announcing the general availability of JFrog Xray’s advanced security features in self-hosted subscriptions, organizations have the flexibility to manage and secure their software development pipelines in-house and in the cloud. Since Developers and the DevOps infrastructure are the primary attack vector in the software supply chain, we designed our platform and the advanced security features …

Read More
JAS Contextual Analysis WebGoat Application

Testing the actual security of the most insecure Docker application
February 28, 2023

Our previous research on CVE exploitability in the top DockerHub images discovered that 78% of the reported CVEs were actually not exploitable. This time, the JFrog Security Research team used JFrog Xray’s Contextual Analysis feature, automatically analyzing the applicability of reported CVEs, to scan OWASP WebGoat – a deliberately insecure application. The results identified that …

Read More

IDC LINK: JFrog Introduces New Software Supply Chain Security Capabilities
December 06, 2022

As software becomes increasingly complex, the need to secure the software supply chain becomes more important — and more difficult.  But how can businesses address the challenges of securing their software supply chain? The International Data Corporation (IDC) offers critical insight. Following the release of JFrog Advanced Security on October 18, 2022 – the world’s …

Read More
JFrog Contextual Analysis 203x148

Turns out 78% of reported common CVEs on top DockerHub images are not really exploitable
November 15, 2022

Research motivations Similarly to our previous research on “Secrets Detection,” during the development and testing of JFrog Xray’s new “Contextual Analysis” feature, we wanted to test our detection in a large-scale real-world use case, both for eliminating bugs and testing the real-world viability of our current solution. However, unlike the surprising results we got in our …

Read More
JFrog Advanced Security - 1 Secrets Detection - The full report

JFrog’s security scanners discovered thousands of publicly exposed API tokens – and they’re active! The Full Report
November 08, 2022

Note: This report was previously published in InfoWorld When developing the recently announced JFrog Advanced Security, our Research team decided to try out its new “Secrets Detection” feature. Our goal was to test our vulnerability detection on as much real world data as possible, to make sure we eliminate false positives and catch any bugs …

Read More

Popular Tags