Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

JFrog

DevOps Speakeasy with Brett Smith

Aug 7, 2023 By JFrog In JFrog
We caught up with Brett Smith, Software Architect at SAS. In his session, Supply Chain Robots, Electric Sheep, and SLSA Brett discusses creating automation, shifting left, attack vectors, attestation, verification, zero trust, and how the SLSA specification helps implement solutions for each. Most importantly, security must apply throughout a pipeline. The talk will lead to a larger discussion about the challenges of securing the supply chain, supporting EO 14028 and ISO27001, and improving the security posture of your pipelines.
View Video

DevOps Speakeasy with Tracy Ragan

Aug 7, 2023 By JFrog In JFrog
This episode of DevOps Speakeasy features Tracy Ragan, CEO of DeployHub and CDF board member. Ragan joins us to discuss how to secure your DevOps pipeline with new security tools. There has been a security awakening among IT teams around the world. This awakening has resulted in the release of new open source tools that you can use today. From hardening the build process to gathering actionable supply chain intelligence. Her session will review the new generation of open source security tools to incorporate into your security strategy.
View Video

Introducing JFrog Curation

Jul 31, 2023 By JFrog In JFrog
JFrog Curation is an automated DevSecOps solution designed to thoroughly vet and block malicious open source or third-party software packages and their respective dependencies before entering an organization’s software development environment. With JFrog Curation enterprise companies can: Find out more about what's under the hood with JFrog Curation in this informative webinar.
View Video
jfrog

Addressing the npm Manifest Confusion Vulnerability

Jul 20, 2023 By Adam Browning In JFrog

A potential security risk in the npm ecosystem known as “manifest confusion” has recently been spotlighted in a blog post by Darcy Clarke, a former Staff Engineering Manager at GitHub. Clarke mentioned that JFrog Artifactory seems to replicate this issue, so of course we investigated it right away. In this post, we will explain what the issue is and what it might mean for JFrog Artifactory users.

Read Post
jfrog

Defend Your Software Supply Chain by Curating Open-Source Packages Entering Your Organization | Announcing JFrog Curation

Jul 12, 2023 By Asaf Karas In JFrog

Modern organizations are constantly striving to gain a competitive advantage by delivering software solutions at a remarkable pace. To achieve this, they heavily rely on open-source software (OSS) libraries and packages, which constitute a significant portion (80-90%) of their software solution. However, while open-source software offers numerous benefits, it also presents potential security challenges.

Read Post
jfrog

Prevent Credential Exposure in Code

Jun 28, 2023 By Paul Garden In JFrog

In today’s software development world, developers rely on numerous types of secrets (credentials), to facilitate seamless interaction between application components. As modern applications become more complex and require authentication for services and dependencies, the practice of hardcoding secrets during software development is on the rise.

Read Post
jfrog

Three approaches to strengthening security with allowlists

Jun 21, 2023 By Avinash Jha In JFrog

There are many ways bad actors try to infiltrate and exploit companies, including by gaining access to your internal network and the applications connected to it. With more organizations adopting products in the cloud, or at the very least connected to the internet, addressing this potential attack vector is an important element of any security strategy.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.