Shift Left Security with Golang in VS Code
Most modern software today has moved aggressively into using third-party open source dependencies to reduce duplication and accelerate development by using pre-existing code.
Most modern software today has moved aggressively into using third-party open source dependencies to reduce duplication and accelerate development by using pre-existing code.
JFrog is pleased to announce that our comprehensive Cloud Enterprise+ plan is now available on Amazon Web Services (AWS) Marketplace through Private Offers. JFrog Cloud Enterprise+ on AWS is a universal, highly-available SaaS offering of the JFrog Platform for demanding DevSecOps at global scale.
A friend that can’t keep a secret isn’t one you’ll rely on. The same is true for your mission critical CI/CD tool that you have to entrust with credentials for each integrated component. Keeping your secrets safe can be a challenge for CI/CD tools, since they need to connect to such a variety of other services. Each one needs its own password or token that must be kept hidden from prying eyes.
Go Module vulnerabilities frustrate the lives of many Go developers and can turn a simple project into a battle of endurance between the dev and their patience. With the process of CI/CD shifting left more and more, it’s becoming even more pertinent for developers to be able to track and report vulnerabilities as early as possible. JFrog GoCenter can help track and mitigate vulnerabilities and make the lives of Go developers easier.
If you’re a Golang developer using Visual Studio Code, keeping at-risk Go Modules out of your apps just got easier, and for free. Today we’re announcing a new version of the JFrog extension for VS Code, available for free download. This integration brings live vulnerability information about every public Go Module you’re using directly into your source editor from the rich metadata of JFrog GoCenter.
When software can travel around the globe at the speed of the cloud’s gusts, enterprises need to be extra certain the updates they release are safe for customers to use. If an app built in Palo Alto uses a vulnerable package from Belgrade, losses can ripple from Sheboygan to Shanghai. At JFrog, we believe enabling global DevSecOps in the cloud should be an easy process.
As continuous software deployments grow and become the accepted standard, security measures gain even more importance. From development and all the way through to production, security requirements should be adopted by all teams in an organization. JFrog IDE integrations provide security and compliance intelligence to the developer right from within their IDE.
For some organizations, even the best isn’t quite enough. That’s why JFrog Xray provides a way for you to specify your own additional data, to detect even more sensitive issues in your binaries before they can reach production. JFrog Xray is a tool for DevSecOps teams to gain insight into the open source components used in their applications.
Golang developers care a lot about security and as Go modules become more widely used, they need more ways to assure these publicly shared files are safe. One unique feature included with Golang version 1.13 is the foresight that went into authentication and security for Go modules. When a developer creates a new module or a new version of an existing module, a go.sum file included there creates a list of SHA-256 hashes that are unique to that module version.