Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

JFrog

jfrog

The JFrog Platform Delivered 393% ROI

May 24, 2023 By Huz Dalal In JFrog

I’m excited to share the findings of a Forrester Consulting Total Economic Impact™ (TEI) study, a recently commissioned study conducted by Forrester Consulting on behalf of JFrog, which examines the potential return on investment (ROI) that organizations may realize by deploying the JFrog Software Supply Chain Platform. Software has become the critical infrastructure of our daily lives.

Read Post

Trusting your Software Supply Chain Security with DevOps Agility

May 18, 2023 By JFrog In JFrog
At RSA 2023, JFrog spoke with security experts about their current challenges and focus areas. With increasing scrutiny on the vulnerability of open-source, and blindspots in their Software Supply Chain (SSC) it was no surprise to hear that SSC attacks have become a top concern. But with so many vulnerabilities to fix, the need for heavy manual efforts, and a plethora of complex AST security tools to navigate, security experts say that securing the SSC can feel like an overwhelming task.
View Video
jfrog

From zero to breach in seconds: Why you need to focus on software supply chain security now

May 10, 2023 By Paul Garden In JFrog

The RSA Conference 2023 addressed several key issues and trends in the cybersecurity industry. Generative AI was a key topic of discussion, with attendees, executives and policymakers seeing its potential in both offense and defense in the cybersecurity arms race.

Read Post
jfrog

How a software supply chain platform streamlines DevOps best practices

May 9, 2023 By JFrog Team In JFrog

Today’s software developers are tasked with a lot more than just coding. To keep up with the fast-paced software-driven economy, they need to focus on automation, collaboration, security, distribution, data analysis, and agility to ensure quality builds and get releases to customers quickly and securely. DevOps and security professionals need a centralized system of records that provides visibility across the business.

Read Post

Curating Open source Libraries on JFrog Platform, part II.

May 3, 2023 By JFrog In JFrog
Software supply chain security has been the most widely discussed topic for anyone who is writing applications utilizing the majority of open-source or third-party libraries. This webinar will showcase JFrog Platform's abilities to curate and compose workflows to help isolate libraries that have vulnerabilities and promote libraries to repositories that can be safely used. This webinar will also demonstrate self-service curation workflows.
View Video
jfrog

New .NET Malware "WhiteSnake" Targets Python Developers, Uses Tor for C&C Communication

Apr 24, 2023 By Andrey Polkovnychenko In JFrog

The JFrog Security Research team recently discovered a new malware payload in the PyPI repository, written in C#. This is uncommon since PyPI is primarily a repository for Python packages, and its codebase consists mostly of Python code, or natively compiled libraries used by Python programs. This finding raised our concerns about the potential for cross-language malware attacks.

Read Post
jfrog

Software Supply Chain Security at RSA Conference 2023

Apr 24, 2023 By Huz Dalal In JFrog

The risk of supply chain attacks increases as more companies rely on third-party vendors and suppliers for critical services and products. Supply chain attacks have become increasingly prominent in recent years. In 2022, for instance, supply chain attacks surpassed the number of malware-based attacks by 40%.

Read Post

Secrets Detection JFrog Security Workshop

Apr 20, 2023 By JFrog In JFrog
In today's software development world, developers rely on numerous secrets, including API keys, credentials, and passwords to facilitate seamless interaction between application components as they code. Failing to remove these secrets can have disastrous consequences for businesses, making it essential to find and fix them before release.
View Video
jfrog

Analyzing Impala Stealer - Payload of the first NuGet attack campaign

Apr 10, 2023 By Ori Hollander In JFrog

In this blog post, we’ll provide a detailed analysis of a malicious payload we’ve dubbed “Impala Stealer”, a custom crypto stealer which was used as the payload for the NuGet malicious packages campaign we’ve exposed in our previous post. The sophisticated campaign targeted.NET developers via NuGet malicious packages, and the JFrog Security team was able to detect and report it as part of our regular activity of exposing supply chain attacks.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.