Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

JFrog

jfrog

CVE-2022-3602 and CVE-2022-3786 - High-severity OpenSSL Vulnerabilities Finally Published

Nov 2, 2022 By Shachar Menashe In JFrog

On October 25th, The OpenSSL team announced that OpenSSL 3.0.7 will contain a fix for a critical severity vulnerability that affects OpenSSL 3.x. The full details about the vulnerability were held in an embargo until November 1st. Due to the rarity of an OpenSSL critical-severity issue and the overwhelming popularity of OpenSSL, social media was flooded with messages about this issue, expecting a “Log4Shell”-level event.

Read Post

Supply Chain Security Intro Workshop

Nov 1, 2022 By JFrog In JFrog
More and more attacks are aimed at the entire supply chain, which means that we developers are increasingly targeted by the attackers. Attacks like the SolarWinds hack show us that making sure you don’t use vulnerable dependencies isn’t enough. The attackers have their sights set on the entire development process with its components. In this workshop, we will look at the first steps and try them out in practice which will enable you to integrate the topic of security into your everyday life as a developer.
View Video
jfrog

Malicious Packages Are a Rising Threat in Software Supply Chain Attacks

Oct 24, 2022 By Jonathan Sar Shalom In JFrog

Welcome to the first post of the malicious software packages series for the DevOps and DevSecOps community. Each Monday, this technical series will focus on various malicious packages and their effects on the software supply chain, all published over the next four weeks. We’ll dive deeper into malicious packages in each post, including Here we go. Let’s discuss malicious software packages in your software supply chain.

Read Post
jfrog

JFrog's Advanced Security Scanners Discovered Thousands of Publicly Exposed API Tokens - And They're Active

Oct 20, 2022 By The JFrog Security Research Team In JFrog

The JFrog Security Research team released the findings of a recent investigation wherein they uncovered thousands of publicly exposed, active API tokens. This was accomplished while the team tested the new Secrets Detection feature in the company’s JFrog Advanced Security solution, part of JFrog Xray.

Read Post
jfrog

DevOps-Centric Security is Finally Here | Announcing JFrog Advanced Security

Oct 18, 2022 By Nati Davidi In JFrog

Today marks an exciting day for JFrog and a substantial step forward towards ensuring end-to-end software supply chain security. JFrog Advanced Security is our unique approach for DevOps-centric security, and the only solution that was built especially for today’s modern DevOps workflows.

Read Post

JFrog Advanced Security

Oct 18, 2022 By JFrog In JFrog
Introducing JFrog Advanced Security, the world’s first DevOps-centric security solution designed to control and protect your software supply chain from code to containers to production. As part of JFrog Xray and integrated into the universal JFrog DevOps Platform, these security features focus at the binary level, revealing issues that are not visible in source code alone. These new features go beyond the traditional software composition analysis (SCA) capabilities of JFrog Xray, with a focus on container security.
View Video

#DevOpsSpeakeasy at #devoxxMA 2022 with Carlos Sanchez @csanchez

Oct 6, 2022 By JFrog In JFrog
In this interview, we speak with Carlos Sanchez @csanchez Senior Cloud Software Engineer at Adobe, member at the Apache Software Foundation, author of Jenkins Kubernetes plugin about Kubernetes!! How moving to Kubernetes opens the door to a world of possibilities, the amount of workloads that can be run and the flexibility it provides. However this comes at a cost on managing the resources used by many applications and teams. Java applications can be specially challenging when running in containers.
View Video
Subscribe to JFrog

Copyright © 2024 OpsMatters™. All rights reserved.