JFrog

Sunnyvale, CA, USA
2008
Jul 26, 2022   |  By Alex Hung & Daniel Miakotkin
SecOps demands vigilance, but it requires visibility, too. With JFrog’s latest integration for Xray with AWS Security Hub, you can help make sure that discovered vulnerabilities are not just seen, but quickly acted on. AWS Security Hub is the cloud security posture management service available to AWS users. It provides central security administration across AWS accounts, performing security best practice checks, aggregating alerts, and enabling automated remediation.
Jul 20, 2022   |  By John Cabaniss and Gianni Truzzi
Shifting security left means preventing developers from using unacceptably vulnerable software supply chain components as early as possible: before their first build. By helping assure that no build is ever created using packages with known vulnerabilities, this saves substantial remediation costs in advance. Some JFrog customers restrict the use of open source software (OSS) packages to only those that have been screened and approved by their security team.
Jul 12, 2022   |  By Andrey Polkovnychenko
The JFrog Security research team continuously monitors popular open-source software (OSS) repositories with our automated tooling to avert potential software supply chain security threats, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. At times, we notice trends that are worth analyzing and learning from.
Jul 11, 2022   |  By Deep Datta and Karol Harezlak
The JFrog DevOps Platform is your mission-critical tool for your software development pipelines. The results of key binary management events in Artifactory, Xray, and Distribution can reveal whether or not your software pipelines are on-track to deliver production-quality releases.
Jun 28, 2022   |  By Brian Moussalli
This past March we posted an analysis of a vulnerability in the Apache HTTP Server mod_sed filter module, CVE-2022-23943, in which a Denial of Service (DoS) can be triggered due to a miscalculation of buffers’ sizes. While analyzing this Apache httpd vulnerability and its patch, we suspected that although the fix resolved the issue, it created a new unwanted behavior. Our suspicion turned out to be true: we discovered that another way to cause a DoS was introduced.
Jun 14, 2022   |  By Uriya Yavnieli
A few weeks ago, a new version for Fastjson was released (1.2.83) which contains a fix for a security vulnerability that allegedly allows an attacker to execute code on a remote machine. According to several publications, this vulnerability allows an attacker to bypass the “AutoTypeCheck” mechanism in Fastjson and achieve remote code execution. This Fastjson vulnerability only recently received a CVE identifier – CVE-2022-25845, and a high CVSS – 8.1.
Jun 9, 2022   |  By Ori Hollander
The JFrog Security Research team is constantly looking for new and previously unknown software vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered a denial of service (DoS) vulnerability in Envoy Proxy, a widely used open-source edge and service proxy server, designed for cloud-native applications and high traffic websites.
May 25, 2022   |  By Amit Ezer
Today at swampUP, our annual DevOps conference, JFrog CTO Yoav Landman unveiled the next step toward making the Liquid Software vision of continuous, secure updates a truly universal reality. We’ve introduced JFrog Connect, a new solution designed to help developers update, manage, monitor, and secure remote Linux & Internet of Things (IoT) devices at scale.
May 25, 2022   |  By Ali Sardar
Securing your software supply chain requires proactively identifying compliance issues and security vulnerabilities early in your software development lifecycle. Additionally early detection must be coupled with an organized and agile method of response that brings together developers, operations and SRE teams to accelerate remediation workflows across the organization.
May 25, 2022   |  By Sushrut Athavale and Mritunjay Kumar
In 2022, JFrog and ServiceNow engaged in a series of meaningful conversations around the state of DevSecOps and how the industry could benefit from tighter integrations with IT-Operations tools.
Aug 10, 2022   |  By JFrog
In this interview Tom walked us through the importance of devloper native observability and how it can be easily obtained with Lightrun.
Jun 29, 2022   |  By JFrog
SBOMs provide essential visibility into all the components that make up a piece of software and detail how it was put together. With an SBOM in hand it’s possible to determine if software contains existing security and compliance issues or is impacted by newly discovered vulnerabilities. The SBOM is imperative due to the White House’s cybersecurity executive order from May 2021 requiring them for all government software purchases and many private organizations following suit.
Jun 27, 2022   |  By JFrog
Hear about Pyrsia, the Decentralized Package Network. JFrog Solutions Engineering Manager William Manning will be interviewing JFrog Development Manager Sudhindra Rao on this new community initiative. Pyrsia enables developers to quickly and easily leverage any package with confidence and transparency.
Jun 14, 2022   |  By JFrog
William Manning, JFrog Solutions Engineering Manager, hosts "Monthly JFrog Xray Demo." See how Xray provides intelligent supply chain security and compliance at DevOps speed. JFrog Xray is a software composition analysis (SCA) solution that scans your open source software (OSS) dependencies for security vulnerabilities and license compliance issues.
Jun 2, 2022   |  By JFrog
Attacks on the open-source value chain (OS supply chain) are becoming more sophisticated, and we, as software developers, are becoming the focus of these attacks. So what are the essential first steps, and what should you focus on? This raises the question of suitable methods and tools. At the same time, the company's strategic orientation must be considered in this security strategy. In the recent past, we have also learned that attacks are increasingly targeting individual infrastructure elements of software development, such as the classic CI/CD pipeline.
Jun 2, 2022   |  By JFrog
Attacks on the open-source value chain (OS supply chain) are becoming more sophisticated, and we, as software developers, are becoming the focus of these attacks. So what are the essential first steps, and what should you focus on? This raises the question of suitable methods and tools. At the same time, the company's strategic orientation must be considered in this security strategy. In the recent past, we have also learned that attacks are increasingly targeting individual infrastructure elements of software development, such as the classic CI/CD pipeline.
May 31, 2022   |  By JFrog
Securing your software supply chain is absolutely critical as attackers are getting more sophisticated in their ability to infect software at all stages of the development lifecycle. This webinar will be a technical showcase of the different types of malicious packages that are prevalent today in the PyPI (Python) and npm (Node.js) package repositories. All examples shown in the webinar will be based on real data and malicious packages that were identified and disclosed by the JFrog security research team.
May 18, 2022   |  By JFrog
Tune in for our webinar series DevSecOps 101 and learn the importance and benefits of bringing security into the DevOps culture. Combining application security plus speed, reliability, and frequency allows you to enable development teams to secure what they build at their own pace, allowing for easier and faster remediation.
May 17, 2022   |  By JFrog
Followed by talks Talk #1 Demystifying the SBOM’s impact on Secure Software Deployment With the White House’s cybersecurity executive order in May 2021, has the Software Bill of Materials (aka SBOMs), graduated from being a “nice to have” to a “must-have” global standard when developing and deploying secure software from the cloud? In a nutshell, SBOMs provides visibility into which components make up a piece of software and detail how it was put together, so it's easy to determine if it contains security and compliance issues. In this talk, we’ll discuss • What exactly is an SBOM? • Securing your Software Supply Chain • Why SBOM must be a key element of your software development life cycle's (SDLC) security and compliance approach • The misconceptions that exist around SBOMs • Insights and best practices on SBOM creation and usage.
May 13, 2022   |  By JFrog
Because of growing software supply chain cyber-attacks and incidents like Log4J, tracking your Software Bill of Materials has become essential. It’s a list of the “ingredients” that make up a piece of software. SBOMs are used by software producers to manage components, software buyers to assess security and compliance, and operators to monitor risks and threats. SBOMs are required by military, and government agencies and will likely become the norm, especially in highly regulated industries. Documenting and reporting your SBOM will become a universal best practice.
Jan 12, 2020   |  By JFrog
Software businesses of every industry and all sizes, from small startups to large enterprises, are looking for ways to accelerate their software development process in the race to innovate and deliver their offerings to their customers ahead of their competition.
Jan 12, 2020   |  By JFrog
Cloud DevOps tools offer greater flexibility, rapid deployment, cloud automation, reduced IT costs, and low upfront costs with subscription pricing. Setting up your environment with Artifactory on the cloud on your choice provides unlimited scalability allowing you to grow according to your needs and is easily achieved by using cloud storage providers (Amazon AWS, Google GCP or Microsoft Azure) in your environment with Artifactory.
Jan 1, 2020   |  By JFrog
In today's enterprises, software is your company's everyday face, whether through the desktop, the cloud, or a mobile device, to all parts of the globe. Cars are computers on wheels. Thermostats are data terminals. Banks live in your phone. In this new world, software updates serve customer's demands. Each one you deliver is your opportunity to renew - or, if botched, destroy - their trust. How can you make every update top-notch at top speed?
Jan 1, 2020   |  By JFrog
Today, we live in a very connected world, where our devices, homes and cars all communicate with each other, and every company with a product or service has the need to develop software. It is one of the primary mediums by which they strive to provide better products, services and solutions, and has become paramount to a company's success. To continuously improve their software, companies must have sound DevOps or DevSecOps practices in place.
Dec 1, 2019   |  By JFrog
Two numbers are shaking the foundations of business. What do these two figures mean to your business? They mean that, odds are your competitive landscape is irrevocably changed - already. To start, expectations for delivery speed for new products, services, and everything are faster. The new table stakes in the DevOps world have raised the bar on collaboration, cross-organizational visibility, efficiency, even company culture. Another thing these two simple stats mean is that most businesses are already there, or heading there now.
Dec 1, 2019   |  By JFrog
Over the last several years, software development has evolved from deploying products periodically to building them on an ongoing basis using CI servers. A company's end product may be built on a daily or even hourly basis. This means that DevOps must support the continual flow of code from the individual developer's machine to the organization's production environment.

JFrog products seamlessly integrate with practically any development environment on Earth, from legacy code to the most recent containers and micro-services.

JFrog's end-to-end platform provides a fully automated pipeline for distributing trusted software releases. Connecting all developers, DevOps engineers and product owners to end devices, the JFrog Platform ensures software flows quickly and free from interruption.

End-to-End Universal DevOps Platform:

  • JFrog Artifactory: The undisputed software repository leader for integrated, universal artifact management at enterprise scale.
  • JFrog Container Registry: The world’s most flexible, hybrid container registry, with enterprise-grade resiliency backed by JFrog Artifactory.
  • JFrog XRay: Universal security vulnerability & compliance analysis, natively integrated with Artifactory for continuous governance across the DevOps pipeline.
  • JFrog Pipelines: Universally orchestrate software releases and master the entire CI/CD pipeline from code to production.
  • JFrog Distribution: Secure and validate your software releases, allowing trusted, optimized software distribution on a global scale.
  • JFrog Mission Control: A single access point providing a centralized dashboard to oversee your DevOps pipeline.

Universal Artifact Management for DevOps Acceleration.