Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

JFrog

The JFrog Platform Delivered 393% ROI

I’m excited to share the findings of a Forrester Consulting Total Economic Impact™ (TEI) study, a recently commissioned study conducted by Forrester Consulting on behalf of JFrog, which examines the potential return on investment (ROI) that organizations may realize by deploying the JFrog Software Supply Chain Platform. Software has become the critical infrastructure of our daily lives.

Trusting your Software Supply Chain Security with DevOps Agility

At RSA 2023, JFrog spoke with security experts about their current challenges and focus areas. With increasing scrutiny on the vulnerability of open-source, and blindspots in their Software Supply Chain (SSC) it was no surprise to hear that SSC attacks have become a top concern. But with so many vulnerabilities to fix, the need for heavy manual efforts, and a plethora of complex AST security tools to navigate, security experts say that securing the SSC can feel like an overwhelming task.

From zero to breach in seconds: Why you need to focus on software supply chain security now

The RSA Conference 2023 addressed several key issues and trends in the cybersecurity industry. Generative AI was a key topic of discussion, with attendees, executives and policymakers seeing its potential in both offense and defense in the cybersecurity arms race.

How a software supply chain platform streamlines DevOps best practices

Today’s software developers are tasked with a lot more than just coding. To keep up with the fast-paced software-driven economy, they need to focus on automation, collaboration, security, distribution, data analysis, and agility to ensure quality builds and get releases to customers quickly and securely. DevOps and security professionals need a centralized system of records that provides visibility across the business.

Curating Open source Libraries on JFrog Platform, part II.

Software supply chain security has been the most widely discussed topic for anyone who is writing applications utilizing the majority of open-source or third-party libraries. This webinar will showcase JFrog Platform's abilities to curate and compose workflows to help isolate libraries that have vulnerabilities and promote libraries to repositories that can be safely used. This webinar will also demonstrate self-service curation workflows.

New .NET Malware "WhiteSnake" Targets Python Developers, Uses Tor for C&C Communication

The JFrog Security Research team recently discovered a new malware payload in the PyPI repository, written in C#. This is uncommon since PyPI is primarily a repository for Python packages, and its codebase consists mostly of Python code, or natively compiled libraries used by Python programs. This finding raised our concerns about the potential for cross-language malware attacks.

Software Supply Chain Security at RSA Conference 2023

The risk of supply chain attacks increases as more companies rely on third-party vendors and suppliers for critical services and products. Supply chain attacks have become increasingly prominent in recent years. In 2022, for instance, supply chain attacks surpassed the number of malware-based attacks by 40%.

Secrets Detection JFrog Security Workshop

In today's software development world, developers rely on numerous secrets, including API keys, credentials, and passwords to facilitate seamless interaction between application components as they code. Failing to remove these secrets can have disastrous consequences for businesses, making it essential to find and fix them before release.

Analyzing Impala Stealer - Payload of the first NuGet attack campaign

In this blog post, we’ll provide a detailed analysis of a malicious payload we’ve dubbed “Impala Stealer”, a custom crypto stealer which was used as the payload for the NuGet malicious packages campaign we’ve exposed in our previous post. The sophisticated campaign targeted.NET developers via NuGet malicious packages, and the JFrog Security team was able to detect and report it as part of our regular activity of exposing supply chain attacks.