|
By Asaf Ezra
In the never-ending quest to speed up software release cycles, ensuring the security and integrity of application artifacts has never been more critical. As applications are continuously built, tested, and deployed, every element of the software pipeline—from source code to container images—needs to be trusted and verifiable. A key aspect of maintaining this trust is image integrity protection and validation.
On September 23rd, Twitter user Simone Margaritelli (@evilsocket) announced that he has discovered and privately disclosed a CVSS 9.9 GNU/Linux unauthenticated RCE, which affects almost all Linux distributions, and that the public disclosure will happen on September 30th, Due to a suspected leak in the disclosure process, @evilsocket decided to advance the disclosure, and on September 26th, the vulnerabilities were disclosed in @evilsocket’s blog, along with a full proof of concept.
|
By Shlomi Ben Haim
At swampUP 2024 in Austin just a few days ago, we explored the EveryOps Matters approach with the crowd of developers, driven by a consolidated view from their companies’ boardrooms and 2024 CIO surveys. The message was clear: “EveryOps” isn’t just a strategy or tech trend — it’s a fundamental, ongoing mindset shift that must drive developers’ proactive actions in an ever-evolving software landscape. It’s not optional; it’s essential.
|
By Yonatan Arbel
Picture this: You’ve just settled in at home after a long day, ready to relax, when suddenly your phone buzzes. It’s a notification about a failed build in your latest project. Your heart sinks. Your mind starts racing to connect the dots… What went wrong? Where is it broken? There’s usually no one immediately available to answer these questions, and you know it will require a large manual effort to get to the bottom of the issue.
|
By Asaf Karas
When it comes to software supply chain security, we all do everything we can to prevent insecure software from being released into production. Hence we see software supply chain security shifting left to discover potential threats as early as possible in the software development lifecycle. But what happens when vulnerabilities are only discovered after an application has been distributed to its operating environment?
JFrog’s security research team continuously monitors open-source software registries, proactively identifying and addressing potential malware and vulnerability threats to foster a secure and reliable ecosystem for open-source software development and deployment. This blog details a PyPI supply chain attack technique the JFrog research team discovered had been recently exploited in the wild.
|
By Ori Hollander
NOTE: This research was recently presented at Black Hat USA 2024, under the title “From MLOps to MLOops – Exposing the Attack Surface of Machine Learning Platforms”. The JFrog Security Research team recently dedicated its efforts to exploring the various attacks that could be mounted on open source machine learning (MLOps) platforms used inside organizational networks.
|
By Yonatan Arbel
During 2023, the U.S. witnessed a record high in supply chain cyber-attacks, affecting 2,769 organizations. This figure represents the largest number recorded since 2017, marking an approximate 58% annual increase in impacted entities. If there ever was a doubt, now it’s crystal clear that YOUR SOFTWARE SUPPLY CHAIN IS A TARGET. Developers, DevOps and Security teams must prioritize processes that enhance security for all phases of the software supply chain.
|
By Goni Golan
On Sunday, June 2nd 2024, a fix commit was pushed for a vulnerability in GNU’s popular Wget tool. Two weeks later, the vulnerability was assigned the ID CVE-2024-38428 and later was classified as a critical vulnerability – with a CVSS score of 9.1. In this blog, we take a dive deep into this threat by seeing what caused it, what consequences it might have, and how it can be mitigated.
|
By Shani Achwal
According to Gartner, almost two-thirds of U.S. businesses were directly impacted by a software supply chain attack. So it’s not a question of whether to secure your software supply chain, but rather what is the most effective and efficient way to provide end-to-end security during all phases of the software development lifecycle (SDLC). Download the Ebook.
|
By JFrog
In this executive interview with CyberRisk Alliance, JFrog’s Field CISO, Paul Davis, discusses the growing challenges of securing development workflows and the evolving role of the CISO. With an increasing focus on information security, Paul shares insights on balancing development speed with the need for robust security in today’s software environments.
|
By JFrog
Artificial intelligence (AI) is revolutionizing problem-solving and innovation in DevSecOps. Leveraging AI responsibly is essential for building secure, trustworthy systems. Governments are crafting policies to ensure AI's benefits while mitigating risks. Join JFrog's VP of Product Marketing, Jens Eckels, and BSA CEO, Victoria A. Espinel, as they explore how BSA’s Policy Solutions for Building Responsible AI provides a framework to achieve these goals, focusing on governance, innovation, and transparency.
|
By JFrog
Uncover Critical Gaps in Software Supply Chain Security A recent survey of over 300 global IT executives found that while 23% of organizations experienced software supply chain (SSC) breaches, only 30% prioritize SSC security. Our APAC tech leaders dive into these insights and offer practical solutions to enhance your security posture. Discover the latest trends and effective measures to protect your software supply chain.
|
By JFrog
Melissa McKay, JFrog Developer Advocate, and Sunil Bemarkar, AWS Sr. Partner Solutions Architect, discuss practical ways to mature your MLOps approach including bringing model use and development into your existing secure software supply chain and development processes. Watch to learn more and get a demo of the JFrog and Amazon SageMaker integration.
|
By JFrog
Artificial Intelligence and Machine Learning have hit the mainstream – particularly the use of Gen AI and LLMs to help organizations automate manual processes and analyze data at machine speed with dramatic results. How can ML and Gen AI help DevOps teams better secure the software supply chain? As the volume of code grows exponentially, these evolving technologies offer new, more efficient means to secure, deliver and scale software – but with accompanying risks that must be mitigated.
|
By JFrog
Join JFrog’s Senior Solution Engineer, Mike Holland, and Technical Success Manager, Harpreet Singh, as they showcase the power of the JFrog Software Supply Chain platform. Designed to detect third-party components, track dependencies, and enforce compliance, this platform is essential for efficient and reliable software development. In this session, you'll learn.
|
By JFrog
The JFrog Software Supply Chain Platform is the single source of truth to accelerate delivery of trusted software releases.
|
By JFrog
Together, JFrog and Qwak instill governance, transparency, visibility, and security into every facet of the development and deployment lifecycle for ML models. From managing dependencies to ensuring compliance and optimizing storage, this integration empowers your organization to embrace the future of machine learning with confidence and efficiency. Watch this demo for an overview of the integration.
|
By JFrog
Carmine Acanfora, Solutions Architect at JFrog in the EMEA region, leads this security best practices webinar. In this webinar, we discuss the advanced features of the JFrog Advanced Security solution, now available in self-hosted mode. We will take the time to address your questions, particularly on topics crucial for all developers, such as: Don't miss this opportunity to explore JFrog's latest security solution and learn how to accelerate and secure your software supply chain with the first DevOps-oriented security solution on the market.
|
By JFrog
Curious to see what all the AI/ML hype is about? Watch our DevSecOps Hangout and hear how ML Model management benefits organizations by providing a single place to manage ALL software binaries, bringing DevOps best practices to ML development, and allowing organizations to ensure the integrity and security of ML models – all while leveraging an existing solution they already have in place. Watch our expert educational talks and panel discussion with our Technology Partner Qwak on MLOps, DevSecOps, AI, and Machine Learning.
|
By JFrog
Cloud DevOps tools offer greater flexibility, rapid deployment, cloud automation, reduced IT costs, and low upfront costs with subscription pricing. Setting up your environment with Artifactory on the cloud on your choice provides unlimited scalability allowing you to grow according to your needs and is easily achieved by using cloud storage providers (Amazon AWS, Google GCP or Microsoft Azure) in your environment with Artifactory.
|
By JFrog
Software businesses of every industry and all sizes, from small startups to large enterprises, are looking for ways to accelerate their software development process in the race to innovate and deliver their offerings to their customers ahead of their competition.
|
By JFrog
Today, we live in a very connected world, where our devices, homes and cars all communicate with each other, and every company with a product or service has the need to develop software. It is one of the primary mediums by which they strive to provide better products, services and solutions, and has become paramount to a company's success. To continuously improve their software, companies must have sound DevOps or DevSecOps practices in place.
|
By JFrog
In today's enterprises, software is your company's everyday face, whether through the desktop, the cloud, or a mobile device, to all parts of the globe. Cars are computers on wheels. Thermostats are data terminals. Banks live in your phone. In this new world, software updates serve customer's demands. Each one you deliver is your opportunity to renew - or, if botched, destroy - their trust. How can you make every update top-notch at top speed?
|
By JFrog
Over the last several years, software development has evolved from deploying products periodically to building them on an ongoing basis using CI servers. A company's end product may be built on a daily or even hourly basis. This means that DevOps must support the continual flow of code from the individual developer's machine to the organization's production environment.
|
By JFrog
Two numbers are shaking the foundations of business. What do these two figures mean to your business? They mean that, odds are your competitive landscape is irrevocably changed - already. To start, expectations for delivery speed for new products, services, and everything are faster. The new table stakes in the DevOps world have raised the bar on collaboration, cross-organizational visibility, efficiency, even company culture. Another thing these two simple stats mean is that most businesses are already there, or heading there now.
- October 2024 (3)
- September 2024 (5)
- August 2024 (6)
- July 2024 (4)
- June 2024 (2)
- May 2024 (8)
- April 2024 (2)
- March 2024 (4)
- February 2024 (5)
- January 2024 (9)
- December 2023 (10)
- November 2023 (7)
- October 2023 (5)
- September 2023 (12)
- August 2023 (5)
- July 2023 (3)
- June 2023 (6)
- May 2023 (5)
- April 2023 (6)
- March 2023 (6)
- February 2023 (5)
- January 2023 (2)
- December 2022 (3)
- November 2022 (8)
- October 2022 (9)
- September 2022 (6)
- August 2022 (11)
- July 2022 (4)
- June 2022 (8)
- May 2022 (15)
- April 2022 (7)
- March 2022 (9)
- February 2022 (10)
- January 2022 (3)
- December 2021 (17)
- November 2021 (3)
- October 2021 (6)
- September 2021 (7)
- August 2021 (4)
- July 2021 (5)
- June 2021 (8)
- May 2021 (4)
- April 2021 (1)
- March 2021 (2)
- February 2021 (5)
- December 2020 (2)
- November 2020 (1)
- October 2020 (4)
- September 2020 (1)
- July 2020 (4)
- June 2020 (1)
- May 2020 (4)
- April 2020 (4)
- March 2020 (1)
- February 2020 (2)
- January 2020 (6)
- December 2019 (2)
- November 2019 (2)
JFrog products seamlessly integrate with practically any development environment on Earth, from legacy code to the most recent containers and micro-services.
JFrog's end-to-end platform provides a fully automated pipeline for distributing trusted software releases. Connecting all developers, DevOps engineers and product owners to end devices, the JFrog Platform ensures software flows quickly and free from interruption.
End-to-End Universal DevOps Platform:
- JFrog Artifactory: The undisputed software repository leader for integrated, universal artifact management at enterprise scale.
- JFrog Container Registry: The world’s most flexible, hybrid container registry, with enterprise-grade resiliency backed by JFrog Artifactory.
- JFrog XRay: Universal security vulnerability & compliance analysis, natively integrated with Artifactory for continuous governance across the DevOps pipeline.
- JFrog Pipelines: Universally orchestrate software releases and master the entire CI/CD pipeline from code to production.
- JFrog Distribution: Secure and validate your software releases, allowing trusted, optimized software distribution on a global scale.
- JFrog Mission Control: A single access point providing a centralized dashboard to oversee your DevOps pipeline.
Universal Artifact Management for DevOps Acceleration.