Scaling a risk-based AppSec program involves adapting your security practices to accommodate the growth and evolving needs of your business, while effectively managing and mitigating security risks.

For all developers who run containerized JavaScript workloads in production: Is relying on node:latest as your base image a safe choice? It's effective from a developer productivity standpoint as you're up and running quickly. Have you ever wondered if the image is secure? This blog post examines the potential security implications of using node:latest as your base image.

As a software engineer in a cloud-native world, you’re the first line of defense in web application security. Armed with a few best practices that have a huge impact, securing both the code you create and the code you compile can be simple. Here are five tips that make your role easier in protecting data with secure development.

The use of artificial intelligence in every area of life — from writing papers to maintaining critical infrastructure to manufacturing goods — is a controversial topic. Some are excited about the possibilities that come with AI/ML tech, while others are fearful and reticent. These differing opinions raise a fundamental question: will AI turn our modern-day society into a utopia or a dystopia?

For security leaders looking for a more modern approach to improve their application security posture and better manage enterprise risk, enter application security posture management, or ASPM. “Application security posture management analyzes security signals across software development, deployment, and operation to improve visibility, better manage vulnerabilities, and enforce controls, according to Gartner, which is bullish on the technology.

In this blog series, we’ve covered how AppSec integrations can enable a more secure SDLC, avoiding pitfalls when integrating AppSec for DevOps, and how to use integrations to automate security risk information collection and delivery. So let’s wrap up this series by taking a look at how an Integrated DevSecOps program can help future-proof your AppSec program.

Jenkins misconfigurations can have far-reaching consequences; Cisco Panoptica’s attack surface scanner can detect such misconfigurations. Jenkins is a widely used tool for continuous integration and continuous delivery and deployment (CI/CD). It allows enterprise developers to automate application delivery easily, either through an enterprise-hosted or a third-party hosted Jenkins service.

Every year, JFrog brings the DevOps community and some of the world’s leading corporations together for the annual swampUP conference, aimed at providing real solutions to developers and development teams in practical ways to prepare us all for what’s coming next.

Application security posture management (ASPM) aims to change the conversation and strategy around software supply chain security. Application portfolios are growing significantly, which is creating headaches for security teams that are responsible for identifying and remediating vulnerabilities flagged in applications. Meanwhile, some of these applications may have been created without IT oversight or awareness, and that only compounds the stress.