CI CD

Xray: New Year, New Security Features

Feb 16, 2022 By Paul Garden, JFrog Product Marketing Manager In JFrog

As part of our ongoing efforts to offer you the most comprehensive and advanced SDLC protection capabilities, JFrog continues to boost the capabilities of our Xray security and compliance product. In this blog, we offer an overview of recent Xray improvements, all aimed at helping you fortify your software, reduce risk, scale security, streamline compliance and accelerate releases with confidence.

Read Post

JFrog

Read more about Xray: New Year, New Security Features

JFrog Discloses 3 Remote Access Trojans in PyPI

Feb 14, 2022 By Andrey Polkovnychenko and Shachar Menashe In JFrog

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to detect and avert potential software supply chain security threats. After validating the findings, the team reports any security vulnerabilities or malicious packages discovered to repository maintainers and the wider community.

Read Post

JFrog

Read more about JFrog Discloses 3 Remote Access Trojans in PyPI

Lessons learned from the Argo CD zero-day vulnerability (CVE-2022-24348)

Feb 10, 2022 By Eric Smalling In Snyk

On January 30, 2022, , the Argo CD team was contacted by researchers at Apiiro regarding a vulnerability they had discovered in the popular continuous delivery platform that could allow bad actors to steal sensitive information from deployments. The Argo CD team was able to quickly develop fixes for all three of their currently supported releases and publish them to their users within 48 hours.

Read Post

Snyk

Read more about Lessons learned from the Argo CD zero-day vulnerability (CVE-2022-24348)

JFrog Took Security to New Heights in 2021

Feb 9, 2022 By Asaf Karas In JFrog

With security now a critical “must have” for DevOps teams, JFrog significantly deepened and extended our platform’s already solid security capabilities in 2021. In this post, we’ll look back at our major advances last year – and look forward at what’s to come in 2022.

Read Post

JFrog

Read more about JFrog Took Security to New Heights in 2021

CVE-2021-44142: Critical Samba Vulnerability Allows Remote Code Execution

Feb 8, 2022 By Itay Vaknin, Brian Moussalli In JFrog

Recently, a critical out-of-bounds vulnerability, assigned to CVE-2021-44142, was disclosed in Samba versions prior to 4.13.17. The Samba vulnerability carries a critical CVSS of 9.9 and allows attackers to remotely execute code on machines running a Samba server with a vulnerable configuration. The vulnerability was disclosed as part of the Pwn2Own Austin competition where researchers are challenged to exploit widely-used software and devices with unknown vulnerabilities.

Read Post

JFrog

Read more about CVE-2021-44142: Critical Samba Vulnerability Allows Remote Code Execution

New Year, New Features in Xray

Feb 8, 2022 By JFrog In JFrog

Let’s start 2022 off the right with new features and updates that will extend JFrog Xray’s power and reach in addressing challenges with securing your binaries from development to production. Join Sarit Tager, VP Product Security as she discusses how Xray provides intelligent supply chain security and compliance at DevOps speed. JFrog Xray is a software composition analysis (SCA) solution that scans your open source software (OSS) dependencies for security vulnerabilities and license compliance issues.

View Video

JFrog

Read more about New Year, New Features in Xray

How to Protect Your CI/CD Pipeline

Feb 4, 2022 By Teleport In Teleport

Application Architecture Summit, January 2021 How to protect your CI/CD pipeline so it doesn’t turn into a vulnerability superspreader. CI/CD pipelines bring so much application security good to the development process. They help increase test coverage and reduce human error by automating away toil. But without proper controls, an over-privileged and insufficiently monitored CI/CD pipeline can turn into a vulnerability superspreader. This talk will show you how to manage identity-based access so your CI/CD pipeline stays secure using the open-source solution Teleport and Github Actions.

View Video

Teleport

Read more about How to Protect Your CI/CD Pipeline

Mind Your Dependencies: Defending against malicious npm packages

Jan 25, 2022 By Ilya Khivrich In JFrog

Modern software projects are mostly composed of open source code. The question of who really controls this code, and is responsible for detecting and fixing software supply chain security issues, became a significant source of concern after the discovery of the Log4Shell vulnerability.

Read Post

JFrog

Read more about Mind Your Dependencies: Defending against malicious npm packages

Continuously Securing Software Supply Chain

Jan 19, 2022 By JFrog In JFrog

Catch this session to see a breakdown of the recent news related to software supply chain security and what you can do to meet new requirements and protect your software from such attacks. With new software supply chain attacks reaching the spotlight at an accelerating pace, security research uncovering novel attack methods and new mandates and guidelines starting to come into effect — it can be hard to stay on top of the latest developments and their implications.

View Video