|
By Sean Wright
Note: This post is co-authored by JFrog and Sean Wright and has also been published on Sean Wright’s blog. DevOps engineers and Security professionals are passionate about their responsibilities, with the first mostly dedicated to ensuring the fast release and the latter responsible for the security of their company’s software applications.
|
By Shachar Menashe
On March 29th, it was reported that malicious code enabling unauthorized remote SSH access has been detected within XZ Utils, a widely used package present in major Linux distributions (The GitHub project originally hosted here is now suspended). Fortunately, the malicious code was discovered quickly by the OSS community and managed to infect only two of the most recent versions of the package, 5.6.0 and 5.6.1, which were released within the past month.
|
By Sean Pratt
In today’s fast-paced software development landscape, managing and securing the software supply chain is crucial for delivering reliable and trusted software releases. With that in mind, it’s important to assess whether your organization is set up to handle the continuous expansion of the open-source ecosystem and an ever-growing array of tools to incorporate into your supply chain.
Several months ago, Darcy Clarke, a former Staff Engineering Manager at GitHub, discovered the “Manifest Confusion” bug in the npm ecosystem. The bug was caused by the npm registry not validating whether the manifest file contained in the tarball (package.json) matches the manifest data published to the npm server. Clarke claims this to be a large threat, allowing malicious actors to deceive developers and hide harmful code from detection.
|
By Moran Ashkenazi
Trust is vital to success in our industry. Whether you’re creating and managing software for use internally, by other businesses, or direct-to-consumer, you need to be able to create trust with your end users. This can be accomplished, in part, by showing evidence of security measures, bringing the right people and tactics to the table, and working collaboratively to address challenges.
|
By David Cohen
In the realm of AI collaboration, Hugging Face reigns supreme. But could it be the target of model-based attacks? Recent JFrog findings suggest a concerning possibility, prompting a closer look at the platform’s security and signaling a new era of caution in AI research. The discussion on AI Machine Language (ML) models security is still not widespread enough, and this blog post aims to broaden the conversation around the topic.
|
By Yonatan Arbel
Modern software development requires a seamless connection between multiple software development tools – particularly those used for code management and storing your software artifacts. Connecting between these tools often involves managing a variety of tokens, permissions, passwords, and keys, which if not handled correctly can expose organizations to potential security threats.
|
By Natan Nehorai
Artificial Intelligence tools such as Bard, ChatGPT, and Bing Chat are the current big names in the Large Language Model (LLM) category which is on the rise. LLMs are trained on vast data sets to be able to communicate by using everyday human language as a chat prompt. Given the flexibility and potential of LLMs, companies are integrating them into many workflows inside the tech industry to make our lives better and easier.
|
By Greg McDermott
As an integrator or government agency providing mission-critical software, the question to ask yourself is “Is my software development environment NIST SP 800-218 compliant?”. Compliance with NIST SP 800-218 and the SSDF (Secure Software Development Framework) is mandatory, and it’s time to ensure your software supply chain is compliant.
|
By Yair Mizrahi
The JFrog Security research team has recently discovered two security vulnerabilities in X.Org libX11, the widely popular graphics library – CVE-2023-43786 and CVE-2023-43787 (with a high NVD severity CVSS 7.8). These vulnerabilities cause a denial-of-service and remote code execution. X11’s latest versions contain fixes for these vulnerabilities.
|
By JFrog
Together, JFrog and Qwak instill governance, transparency, visibility, and security into every facet of the development and deployment lifecycle for ML models. From managing dependencies to ensuring compliance and optimizing storage, this integration empowers your organization to embrace the future of machine learning with confidence and efficiency. Watch this demo for an overview of the integration.
|
By JFrog
Carmine Acanfora, Solutions Architect at JFrog in the EMEA region, leads this security best practices webinar. In this webinar, we discuss the advanced features of the JFrog Advanced Security solution, now available in self-hosted mode. We will take the time to address your questions, particularly on topics crucial for all developers, such as: Don't miss this opportunity to explore JFrog's latest security solution and learn how to accelerate and secure your software supply chain with the first DevOps-oriented security solution on the market.
|
By JFrog
Curious to see what all the AI/ML hype is about? Watch our DevSecOps Hangout and hear how ML Model management benefits organizations by providing a single place to manage ALL software binaries, bringing DevOps best practices to ML development, and allowing organizations to ensure the integrity and security of ML models – all while leveraging an existing solution they already have in place. Watch our expert educational talks and panel discussion with our Technology Partner Qwak on MLOps, DevSecOps, AI, and Machine Learning.
|
By JFrog
JFrog is powering entire industries, including 89% of the Fortune 100, and 10 of the top 10 finance companies in the world. All of them use JFrog to deliver applications faster, and more securely. Watch this webinar to learn some of the best practices and tools used by some of the largest FinTech and FinServ enterprises in the world.
|
By JFrog
Moran answers the question, "If you were a Developer today, what do you think you'd want to hear from your CISO and CSO?".
|
By JFrog
Common assumptions Developers tend to make around security today, that could be untrue. We unpack some of these assumptions and different way to view it that helps them adopt a security mindset and make their lives easier.
|
By JFrog
We share JFrog's view on our own SSC security and share some best practices we use within our own organization.
|
By JFrog
Moran dives into what her view is on Developers and the relationship they have with security today. As security gets more complex, the Developer's job today isn't easy and they are asked to do a lot more than they are used to.
|
By JFrog
The four things the CSO of today's modern organization wishes their Developers did more of and how to do them.
|
By JFrog
Let's debunk some common myths around how the industry thinks a CSO views organization-wide security.
|
By JFrog
Cloud DevOps tools offer greater flexibility, rapid deployment, cloud automation, reduced IT costs, and low upfront costs with subscription pricing. Setting up your environment with Artifactory on the cloud on your choice provides unlimited scalability allowing you to grow according to your needs and is easily achieved by using cloud storage providers (Amazon AWS, Google GCP or Microsoft Azure) in your environment with Artifactory.
|
By JFrog
Software businesses of every industry and all sizes, from small startups to large enterprises, are looking for ways to accelerate their software development process in the race to innovate and deliver their offerings to their customers ahead of their competition.
|
By JFrog
Today, we live in a very connected world, where our devices, homes and cars all communicate with each other, and every company with a product or service has the need to develop software. It is one of the primary mediums by which they strive to provide better products, services and solutions, and has become paramount to a company's success. To continuously improve their software, companies must have sound DevOps or DevSecOps practices in place.
|
By JFrog
In today's enterprises, software is your company's everyday face, whether through the desktop, the cloud, or a mobile device, to all parts of the globe. Cars are computers on wheels. Thermostats are data terminals. Banks live in your phone. In this new world, software updates serve customer's demands. Each one you deliver is your opportunity to renew - or, if botched, destroy - their trust. How can you make every update top-notch at top speed?
|
By JFrog
Over the last several years, software development has evolved from deploying products periodically to building them on an ongoing basis using CI servers. A company's end product may be built on a daily or even hourly basis. This means that DevOps must support the continual flow of code from the individual developer's machine to the organization's production environment.
|
By JFrog
Two numbers are shaking the foundations of business. What do these two figures mean to your business? They mean that, odds are your competitive landscape is irrevocably changed - already. To start, expectations for delivery speed for new products, services, and everything are faster. The new table stakes in the DevOps world have raised the bar on collaboration, cross-organizational visibility, efficiency, even company culture. Another thing these two simple stats mean is that most businesses are already there, or heading there now.
- April 2024 (1)
- March 2024 (4)
- February 2024 (5)
- January 2024 (9)
- December 2023 (10)
- November 2023 (7)
- October 2023 (5)
- September 2023 (12)
- August 2023 (5)
- July 2023 (3)
- June 2023 (6)
- May 2023 (5)
- April 2023 (6)
- March 2023 (6)
- February 2023 (5)
- January 2023 (2)
- December 2022 (3)
- November 2022 (8)
- October 2022 (9)
- September 2022 (6)
- August 2022 (11)
- July 2022 (4)
- June 2022 (8)
- May 2022 (15)
- April 2022 (7)
- March 2022 (9)
- February 2022 (10)
- January 2022 (3)
- December 2021 (17)
- November 2021 (3)
- October 2021 (6)
- September 2021 (7)
- August 2021 (4)
- July 2021 (5)
- June 2021 (8)
- May 2021 (4)
- April 2021 (1)
- March 2021 (2)
- February 2021 (5)
- December 2020 (2)
- November 2020 (1)
- October 2020 (4)
- September 2020 (1)
- July 2020 (4)
- June 2020 (1)
- May 2020 (4)
- April 2020 (4)
- March 2020 (1)
- February 2020 (2)
- January 2020 (6)
- December 2019 (2)
- November 2019 (2)
JFrog products seamlessly integrate with practically any development environment on Earth, from legacy code to the most recent containers and micro-services.
JFrog's end-to-end platform provides a fully automated pipeline for distributing trusted software releases. Connecting all developers, DevOps engineers and product owners to end devices, the JFrog Platform ensures software flows quickly and free from interruption.
End-to-End Universal DevOps Platform:
- JFrog Artifactory: The undisputed software repository leader for integrated, universal artifact management at enterprise scale.
- JFrog Container Registry: The world’s most flexible, hybrid container registry, with enterprise-grade resiliency backed by JFrog Artifactory.
- JFrog XRay: Universal security vulnerability & compliance analysis, natively integrated with Artifactory for continuous governance across the DevOps pipeline.
- JFrog Pipelines: Universally orchestrate software releases and master the entire CI/CD pipeline from code to production.
- JFrog Distribution: Secure and validate your software releases, allowing trusted, optimized software distribution on a global scale.
- JFrog Mission Control: A single access point providing a centralized dashboard to oversee your DevOps pipeline.
Universal Artifact Management for DevOps Acceleration.