Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

JFrog

Keep OSS supply chain attacks off the menu: Tidelift catalogs + JFrog serve known-good components

How does your organization keep track of all of the open source components being used to develop applications and ensure they are secure and properly maintained? Our recent survey data shows that the larger an organization gets, the less confident they are in in their open source management practices. In companies over 10,000 employees, 39% are not very or not at all confident their open source components are secure, up to date, and well maintained.

What's New with JFrog Xray and DevSecOps

As we look to improve the quality and capabilities of the JFrog DevOps Platform, especially in the world of DevSecOps, we have added powerful new features to further enhance the award-winning JFrog Xray. The capabilities detailed below cement Xray’s position as a universal software composition analysis (SCA) solution trusted by developers and DevSecOps teams globally to quickly and continuously identify open source software vulnerabilities and license compliance violations.

Automatically Assess and Remediate the SolarWinds Hack

With software supply chain attacks on the rise, are you wondering how you can recover quickly from the recent SolarWinds breach at your company? Months after its discovery, the devastating SolarWinds hack remains a top concern for business, government and IT leaders. This destructive supply chain attack put the spotlight on software development security — a critical issue for the DevOps community.

Scaling Software Supply Chains Securely

Software supply chains are mission-critical for digital businesses, and as global conditions accelerate the growth in contactless interactions and transactions, many organizations are reviewing how to solve the challenge of scaling the volume and velocity of their software development and release processes to meet the digital demand. The latest JFrog Platform release delivers a rich payload of new capabilities to scale and secure the software supply chain for digital businesses.

How to set up Software Security and Compliance for Your Artifacts

The simplest way to ensure the safety of all the open source (OSS) components used by your teams and sites, is with a software composition analysis (SCA) tool. You need an automated and reliable way to manage and keep track of your open source usage. With JFrog Xray, you can set up vulnerability and license compliance scanning built into your software development lifecycle (SDLC).

Seven Tips to Evaluate and Choose the Right DevSecOps Solutions

Demand for DevSecOps products has been growing strongly, as more companies realize the importance of integrating security into their DevOps pipelines. However, IT and DevOps pros who dive into the DevSecOps market looking for options quickly realize that the number of DevSecOps tools and frameworks is vast and confusing.

Automate DAST in DevSecOps With JFrog and NeuraLegion

NeuraLegion’s VP Oliver Moradov takes us through how you can use JFrog and NeuraLegion to automate AppSec testing in your pipelines. The days of long release cycles are well and truly behind us — it is simply not feasible in our agile development world, with developers delivering software and more features at an unprecedented scale and speed. With DevOps, we have multiple development teams running multiple concurrent builds, which is great, but security testing has not kept up.

Stay Alert to Security With Xray and PagerDuty

When it comes to securing your software development against open source vulnerabilities, the earlier action occurs — by the right person — the safer you and your enterprise will be. Many IT departments rely on the PagerDuty incident response platform to improve visibility and agility across the organization.

Best DevSecOps Solution: DevOps Dozen 2020 Honors JFrog Xray

With so many esteemed adversaries competing in the same DevSecOps space, winning the “Best DevSecOps Solution” award feels even more special. We’re very grateful to the community and the DevOps Dozen2 judges who voted for JFrog Xray in this extremely tough category.