Monthly Archive

Still Trusting Automated Patches Blindly? Think Again

Jul 23, 2025 By Yonatan Arbel In JFrog

JounQin’s npm account, the maintainer of popular packages such as eslint-config-prettier, was compromised in a phishing attack. The attackers used the breached credentials to publish six malicious versions of eslint-config-prettier, along with three additional infected packages tied to the same account. In total, the compromised packages see roughly 78 million weekly downloads. Notably, the account had publishing rights for packages with a combined weekly download count of 180 million!

Read Post

JFrog

Read more about Still Trusting Automated Patches Blindly? Think Again

Introducing the Free DSSE Attestation Online Decoder, Built for the Community by JFrog

Jul 21, 2025 By JFrog In JFrog

DSSE, or Dead Simple Signing Envelope, is a standard JSON format for signing arbitrary data, widely accepted for attesting software supply chain security, particularly for SLSA provenance and attestations verification.

View Video

JFrog

Read more about Introducing the Free DSSE Attestation Online Decoder, Built for the Community by JFrog

The UK's New Software Security Code of Practice and How JFrog Can Help

Jul 16, 2025 By Dafna Zahger Bernanka In JFrog

The UK government has taken a proactive step by recently releasing the Software Security Code of Practice, a vital framework aimed at strengthening the cybersecurity posture of organizations that develop and sell software. This code outlines essential practices and principles, guiding companies to enhance their software security throughout the development lifecycle, from initial design to final deployment.

Read Post

JFrog

Read more about The UK's New Software Security Code of Practice and How JFrog Can Help

How to Optimize DevSecOps Workflows Using JFrog

Jul 15, 2025 By Pranav Hegde In JFrog

Embedding security within the Software Development Life Cycle (SDLC) is no longer just a best practice; it’s a full-on necessity. DevSecOps extends the DevOps model by making security a shared responsibility from the earliest stages of development. Today’s enterprises require this kind of integrated approach to streamline workflows from development to deployment.

Read Post

JFrog

Read more about How to Optimize DevSecOps Workflows Using JFrog

Getting DevSecOps Right in Financial Services

Jul 15, 2025 By JFrog In JFrog

Some of the largest financial services organizations in the world - including the top 5 banks in the US - all use JFrog to deliver applications faster, and more securely. Working closely with these top banks, trading and insurance companies has taught us a thing or two about getting DevSecOps right in these highly regulated, complex environments.

View Video

JFrog

Read more about Getting DevSecOps Right in Financial Services

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Still Trusting Automated Patches Blindly? Think Again

Introducing the Free DSSE Attestation Online Decoder, Built for the Community by JFrog

The UK's New Software Security Code of Practice and How JFrog Can Help

How to Optimize DevSecOps Workflows Using JFrog

Getting DevSecOps Right in Financial Services

Monthly Archive

Follow Us