Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We’re excited to announce that infrastructure as code (IaC) and container security are joining code and open source dependency security in the free Snyk plugin for JetBrains IDEs. As of today, developers using JetBrains IDEs can secure their entire application with a click of a button. Snyk Security for JetBrains increases code security and reduces time spent on manual code reviews by empowering developers to find and fix issues within their JetBrains IDEs.

Software supply chain attacks are on the rise – the attacks increased by more than 600% between 2020 and 2021. On RubyGems, the official package repository for the Ruby programming language, attackers usually take advantage of the implicit trust developers have on the gems deployed on the platform and infect them with malicious code.

Developers take a lot of pride in their work. We strive to consistently deliver the best code and avoid dangerous edge-cases. Which is why we aim to detect and remediate bugs before they ship through testing and code reviews. However, when it comes to security, sometimes we fall flat. When a team lacks the proper security tooling, it can stunt development, create extra work, and deliver dangerous security defects to clients and end-users.

OpenSSH ProxyJump and ProxyCommand directives tell the SSH client how to connect to a remote server via an intermediary server — often called a jump host, jump server, or bastion server. If you are new to jump servers, read our tutorial on how to set up a jump server and learn some of the best practices to secure them.

In application development, security plays an increasingly more prevalent role in protecting infrastructure and data, and ensuring a high level of user trust. Recently, Snykers Vandana Verma Sehgal and DeveloperSteve hosted a panel discussion with seasoned industry experts who shared their insights about exactly when security should be brought into app development.

JFrog’s Security Research team is constantly looking for new and previously unknown security vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered 5 security vulnerabilities in PJSIP, a widely used open-source multimedia communication library developed by Teluu. By triggering these newly discovered vulnerabilities, an attacker can cause arbitrary code execution in the application that uses the PJSIP library.

We’ve seen a massive increase in the number of open source packages created and used in the wild during the past few years. These days every ecosystem has its package manager, and almost every package manager has its hidden gems and configurations. That said, as developers continuously install an ever-expanding number of packages, attackers gain interest in the packages’ attack surfaces. Then, the journey to craft the perfectly hidden malicious package begins.