More and more attacks are aimed at the entire supply chain, which means that we developers are increasingly targeted by the attackers. Attacks like the SolarWinds hack show us that making sure you don’t use vulnerable dependencies isn’t enough. The attackers have their sights set on the entire development process with its components. In this workshop, we will look at the first steps and try them out in practice which will enable you to integrate the topic of security into your everyday life as a developer.
Meet our partner experts and learn more about how JFrog's Pyrsia project (the decentralized package network) works hard to secure the #softwaresupplychain! Learn more at https://pyrsia.io/. #DevOps #DevSecOps
With JFrog Advanced Security, you can now intelligently deliver secure software at speed and scale with the industry’s only DevOps-centric security solution. The new advanced security solution unifies developers, operations, and security teams to safeguard the software supply chain in a holistic, hybrid, multi-cloud platform.
Introducing JFrog Advanced Security, the world’s first DevOps-centric security solution designed to control and protect your software supply chain from code to containers to production. As part of JFrog Xray and integrated into the universal JFrog DevOps Platform, these security features focus at the binary level, revealing issues that are not visible in source code alone. These new features go beyond the traditional software composition analysis (SCA) capabilities of JFrog Xray, with a focus on container security.
In this interview, we speak with Carlos Sanchez @csanchez Senior Cloud Software Engineer at Adobe, member at the Apache Software Foundation, author of Jenkins Kubernetes plugin about Kubernetes!! How moving to Kubernetes opens the door to a world of possibilities, the amount of workloads that can be run and the flexibility it provides. However this comes at a cost on managing the resources used by many applications and teams. Java applications can be specially challenging when running in containers.
In this interview, we speak to Eyal Ben Moshe, Head of the Ecosystem Engineering Group at JFrog, about the importance of shifting left and providing tools for developers to keep their software secure. He specifically discusses the release of Frogbit and Docker Desktop Extension and teases the BuildInfo resource, the metadata associated with a build in Artifactory.
With OSS, not knowing where all your software comes from means hard-to-spot risks to the integrity of your services. Without constant identity checks and safety protocols for keys and secrets, open-source dependencies can open the door to breaches, exploits, and supply chain attacks. Enter Pyrsia -- your torch that lights up the open-source supply chain!