Shift Left Security with Golang in VS Code
Most modern software today has moved aggressively into using third-party open source dependencies to reduce duplication and accelerate development by using pre-existing code.
Most modern software today has moved aggressively into using third-party open source dependencies to reduce duplication and accelerate development by using pre-existing code.
JFrog is pleased to announce that our comprehensive Cloud Enterprise+ plan is now available on Amazon Web Services (AWS) Marketplace through Private Offers. JFrog Cloud Enterprise+ on AWS is a universal, highly-available SaaS offering of the JFrog Platform for demanding DevSecOps at global scale.
A friend that can’t keep a secret isn’t one you’ll rely on. The same is true for your mission critical CI/CD tool that you have to entrust with credentials for each integrated component. Keeping your secrets safe can be a challenge for CI/CD tools, since they need to connect to such a variety of other services. Each one needs its own password or token that must be kept hidden from prying eyes.
Go Module vulnerabilities frustrate the lives of many Go developers and can turn a simple project into a battle of endurance between the dev and their patience. With the process of CI/CD shifting left more and more, it’s becoming even more pertinent for developers to be able to track and report vulnerabilities as early as possible. JFrog GoCenter can help track and mitigate vulnerabilities and make the lives of Go developers easier.
If you’re a Golang developer using Visual Studio Code, keeping at-risk Go Modules out of your apps just got easier, and for free. Today we’re announcing a new version of the JFrog extension for VS Code, available for free download. This integration brings live vulnerability information about every public Go Module you’re using directly into your source editor from the rich metadata of JFrog GoCenter.
When software can travel around the globe at the speed of the cloud’s gusts, enterprises need to be extra certain the updates they release are safe for customers to use. If an app built in Palo Alto uses a vulnerable package from Belgrade, losses can ripple from Sheboygan to Shanghai. At JFrog, we believe enabling global DevSecOps in the cloud should be an easy process.