Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

JFrog

jfrog

Scan your software packages for security vulnerabilities with JFrog Xray

May 17, 2022 By Robi Nino In JFrog

Scanning your packages for security vulnerabilities and license violations should be done as early as possible in your SDLC, and the earlier the better. This concept is also known as “Shifting Left”, which helps your organization comply with security policies and standards early on in the software development process. As developers, this may seem like a hassle, but with JFrog CLI it’s easy!

Read Post
jfrog

How to Prevent the Next Log4j Style Zero-Day Vulnerability

May 17, 2022 By Asaf Karas, Oren Ish-Shalom, Ilya Khivrich In JFrog

Software testing is notoriously hard. Search Google for CVEs caused by basic CRLF (newline character) issues and you’ll see thousands of entries. Humanity has been able to put a man on the moon, but it hasn’t yet found a proper way to handle line endings in text files. It’s those subtle corner cases that have a strong tendency of being overlooked by programmers.

Read Post

OWASP Bay Area Meetup Host Sponsored by JFrog - April 28

May 17, 2022 By JFrog In JFrog
Followed by talks Talk #1 Demystifying the SBOM’s impact on Secure Software Deployment With the White House’s cybersecurity executive order in May 2021, has the Software Bill of Materials (aka SBOMs), graduated from being a “nice to have” to a “must-have” global standard when developing and deploying secure software from the cloud? In a nutshell, SBOMs provides visibility into which components make up a piece of software and detail how it was put together, so it's easy to determine if it contains security and compliance issues. In this talk, we’ll discuss • What exactly is an SBOM? • Securing your Software Supply Chain • Why SBOM must be a key element of your software development life cycle's (SDLC) security and compliance approach • The misconceptions that exist around SBOMs • Insights and best practices on SBOM creation and usage.
View Video

(SBOM) Creation of your Software Bill of Materials

May 13, 2022 By JFrog In JFrog
Because of growing software supply chain cyber-attacks and incidents like Log4J, tracking your Software Bill of Materials has become essential. It’s a list of the “ingredients” that make up a piece of software. SBOMs are used by software producers to manage components, software buyers to assess security and compliance, and operators to monitor risks and threats. SBOMs are required by military, and government agencies and will likely become the norm, especially in highly regulated industries. Documenting and reporting your SBOM will become a universal best practice.
View Video
jfrog

Get Peace of Mind about Security When Deploying Containers from Docker Desktop

May 10, 2022 By Eyal Ben Moshe In JFrog

Have you ever deployed Docker containers and hoped they delivered safe software? Would you like to get peace of mind that the contents of your containers are secure and clear of vulnerabilities? With JFrog Xray’s new integration with Docker Desktop Extensions, you will be able to do just that. By scanning for vulnerabilities locally before pushing to your remote repositories, your deployed software will inherently be more secure.

Read Post
jfrog

npm supply chain attack targets Germany-based companies with dangerous backdoor malware

May 10, 2022 By Andrey Polkovnychenko and Shachar Menashe In JFrog

The JFrog Security research team constantly monitors the npm and PyPI ecosystems for malicious packages that may lead to widespread software supply chain attacks. Last month, we shared a widespread npm attack that targeted users of Azure npm packages. Over the past three weeks, our automated scanners have detected several malicious packages in the npm registry, all using the same payload.

Read Post

CTO Corner with Yoav Landman, Episode 2: The Importance of Securing Binaries

Apr 27, 2022 By JFrog In JFrog
Want a glimpse at what it is like to be a CTO of a DevOps company? Join JFrog’s CTO Yoav Landman for our new CTO Corner Series. Each episode will feature a topic that is at the forefront of every technologist's mind… or should be. Yoav will be discussing hot topics in tech with other industry leaders giving you an opportunity to see behind the curtain of the decision makers.
View Video

FROGBOT : Securing your git repository!

Apr 26, 2022 By JFrog In JFrog
Frogbot scans every pull request created for security vulnerabilities with JFrog Xray. With Frogbot installed, you can make sure that new pull requests don’t add new security vulnerabilities to your code base alongside them. If they do, the creator of the pull request has the opportunity to change the code before it is merged. Frogbot reports its findings directly in the git UI. It simply adds a comment with its findings. You can think of Frogbot as your new team member, keeping your code safe.
View Video
jfrog

CVE-2022-21449 "Psychic Signatures": Analyzing the New Java Crypto Vulnerability

Apr 21, 2022 By Brian Moussalli, JFrog Security Research Team In JFrog

A few days ago, security researcher Neil Madden published a blog post, in which he provided details about a newly disclosed vulnerability in Java, CVE-2022-21449 or “Psychic Signatures”. This security vulnerability originates in an improper implementation of the ECDSA signature verification algorithm, introduced in Java 15.

Read Post
jfrog

Wolves or Sheep: How Xray Avoids False Positives in Vulnerabilities Scans

Apr 20, 2022 By Paul Garden In JFrog

You probably know the story of “the boy who cried ‘Wolf!’” In the ancient fable, villagers tire of a shepherd’s false alarms, and stop paying attention to them. That’s a lesson for software security teams, not just schoolchildren. Raising concerns about threats that turn out to be flimsy or false erodes the trust that binds your department, and even the faith your customers have in you.

Read Post
Subscribe to JFrog

Copyright © 2024 OpsMatters™. All rights reserved.