Yet Another Case for Using Exclude Patterns in Remote Repositories: Namespace Shadowing Attack
The npm Registry is vulnerable for supply chain impersonation attacks. Make sure you create npm scoped packages and force exclude patterns.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Rooting out the cybersecurity risk in your CI/CD pipeline
When it comes to productivity, agility, and efficiency - continuous integration/continuous delivery (CI/CD) pipelines are great. When it comes to ensuring cybersecurity, they leave a lot to be desired. In fact, and especially given the popularity of CI/CD pipelines now, securing continuous environments might turn into the most important security challenge of the next decade.
Best DevSecOps Solution: DevOps Dozen 2020 Honors JFrog Xray
With so many esteemed adversaries competing in the same DevSecOps space, winning the “Best DevSecOps Solution” award feels even more special. We’re very grateful to the community and the DevOps Dozen2 judges who voted for JFrog Xray in this extremely tough category.
SDLC Security: It's Personal for JFrog
The SolarWinds hack, which has affected high-profile Fortune 500 companies and large U.S. federal government agencies, has put the spotlight on software development security — a critical issue for the DevOps community and for JFrog. At a fundamental level, if the code released via CI/CD pipelines is unsafe, all other DevOps benefits are for naught.
Wishes Do Come True: Fast Development, Secure Delivery
Organizations re-thinking their software delivery lifecycle are faced with a dilemma: how to speed up the pace of development necessary to surpass their competition, without sacrificing the security of the applications they’re delivering? CI/CD practices and tools have risen up to help meet this need, but fitting legacy applications and security tools into these modern pipelines exposes new gaps that risk slowing release velocity.
Adding Helm Chart Security Mitigation Notes to ChartCenter
Earlier this year, we launched ChartCenter, our newest community platform to help Kubernetes developers find Helm charts. This new free Helm central repository was built with chart immutability in mind— meaning every version of a Helm chart and every version in ChartCenter will always be available even if the original source goes down.
DevSecOps Best Practices With The JFrog Platform
JFrog Xray – an integral part of the JFrog Unified DevOps platform – enables continuous security and compliance throughout your SDLC: spanning binaries management, container images, and your end-to-end CI/CD pipelines. In this webinar, you will learn how to leverage JFrog Xray to enable DevSecOps.
Commit Code Confidently with the Nightfall DLP CircleCI Orb
Nightfall Data Loss Prevention (DLP) is now available as a CircleCI orb. CircleCI orbs are reusable snippets of code that help automate repeated processes, speed up project setup, and make it easy to integrate with third-party tools. With the Nightfall DLP orb, you can scan for sensitive items and prevent developers from accidentally committing sensitive information. We’re excited to announce our launch with CircleCI and share what you can do with the Nightfall DLP orb.
[webinar] How To Build A Cloud Native DevSecOps Pipeline With JFrog and AWS
Are you taking advantage of the best practices to easily adopt DevSecOps in the cloud? Discover the strategies and tools you can use to ensure you can easily overcome the challenges of securing your software releases.
How The JFrog Platform Drives DevSecOps At Scale
With the JFrog Platform at the core of your DevSecOps tool chain, you will over achieve your deployment frequency and change lead time metrics. By integrating JFrog into your existing CI environment current skills (people) and processes are maximized, while aggregating all the commercial and open source software artifacts, dependencies and documentation for re-use across all of your development projects to drive consistency and quality of the build.