JFrog

The Software Supply Chain Risks You Need to Know

Sep 6, 2022 By Nati Davidi, SVP JFrog Security In JFrog

Code that an organization’s developers create is only the beginning of modern software development. In fact, first-party code is likely to be only a small proportion of an application – sometimes as little as 10% of the application’s artifact ecosystem. An enterprise’s software supply chain is made of many parts, from many sources: open source packages, commercial software, infrastructure-as-code (IaC) files, and more.

Read Post

JFrog

Read more about The Software Supply Chain Risks You Need to Know

4 Operational Risks to Not Leave to Chance

Sep 1, 2022 By JFrog Team In JFrog

Not all of the recognizable risks in your software supply chain can be identified by their known vulnerabilities recorded as CVEs. A component that is outdated or inactive may present risks to your application that no one has had cause to investigate. Yet these components could still harbor threats.

Read Post

JFrog

Read more about 4 Operational Risks to Not Leave to Chance

#DevOpsSpeakeasy at #KubeCon EU 2022 with Denis Rosa of Couchbase

Aug 31, 2022 By JFrog In JFrog

Denis Rosa, Developer Advocate Manager at Couchbase, talks about the challenge of external dependencies with continuous integration and delivery

View Video

JFrog

Read more about #DevOpsSpeakeasy at #KubeCon EU 2022 with Denis Rosa of Couchbase

Using Containers Responsibly

Aug 31, 2022 By JFrog In JFrog

Tools to package your applications and services into container images are abound. They’re easier to use and integrate into your CI/CD pipelines now more than ever. We can appreciate these advancements in the form of time savings and decreasing complexity when deploying to a cloud native environment, but we cannot completely ignore the details involved in these technologies. It’s tempting to take simplicity for granted, but sometimes we do this at the expense of keeping our software safe and secure!

View Video

JFrog

Read more about Using Containers Responsibly

FROGBOT : Securing your git repository! What is new!

Aug 30, 2022 By JFrog In JFrog

GitHub Security Alerts! Support for Yarn 2... Frogbot scans every pull request created for security vulnerabilities with JFrog Xray and in version 2.3.2 it even opens pull requests for upgrading vulnerable dependencies to a version with a fix! With Frogbot installed, you can make sure that new pull requests don’t add new security vulnerabilities to your code base alongside them. If they do, the creator of the pull request has the opportunity to change the code before it is merged.

View Video

JFrog

Read more about FROGBOT : Securing your git repository! What is new!

#DevOpsSpeakeasy at #KubeCon EU 2022 with Michael Irwin of Docker

Aug 30, 2022 By JFrog In JFrog

In this interview, Mike Irwin, Engineer Manager at Docker, discusses the release of Docker Desktop for Linux and Docker Extensions, as well as his thoughts on DevSecOps.

View Video

JFrog

Read more about #DevOpsSpeakeasy at #KubeCon EU 2022 with Michael Irwin of Docker

CVE-2021-38297 - Analysis of a Go Web Assembly vulnerability

Aug 30, 2022 By Uriya Yavnieli In JFrog

The JFrog Security Research team continuously monitors reported vulnerabilities in open-source software (OSS) to help our customers and the wider community be aware of potential software supply chain security threats and their impact. In doing so, we often notice important trends and key learnings worth highlighting.

Read Post

JFrog

Read more about CVE-2021-38297 - Analysis of a Go Web Assembly vulnerability

#DevOpsSpeakeasy at #KubeCon EU 2022 with James Strong on Supply Chain Security

Aug 29, 2022 By JFrog In JFrog

James Strong, lead solution architect at Chainguard, discusses the challenges of securing software supply chains and recommendations for developers

View Video

JFrog

Read more about #DevOpsSpeakeasy at #KubeCon EU 2022 with James Strong on Supply Chain Security

SATisfying our way into remote code execution in the OPC UA industrial stack

Aug 25, 2022 By Or Peles, Omer Kaspi and Uriya Yavnieli In JFrog

The JFrog Security team recently competed in the Pwn2Own Miami 2022 hacking competition which focuses on Industrial Control Systems (ICS) security. One of our research targets for the competition was the Unified Automation C++-based OPC UA Server SDK. Other than the vulnerabilities we disclosed as part of the pwn2own competition, we managed to find and disclose eight additional vulnerabilities to the vendor. These vulnerabilities were fixed in the SDK in version 1.7.7.

Read Post