Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

jfrog

The Software Supply Chain Risks You Need to Know

Sep 6, 2022 By Nati Davidi, SVP JFrog Security In JFrog

Code that an organization’s developers create is only the beginning of modern software development. In fact, first-party code is likely to be only a small proportion of an application – sometimes as little as 10% of the application’s artifact ecosystem. An enterprise’s software supply chain is made of many parts, from many sources: open source packages, commercial software, infrastructure-as-code (IaC) files, and more.

Read Post

Using Containers Responsibly

Aug 31, 2022 By JFrog In JFrog
Tools to package your applications and services into container images are abound. They’re easier to use and integrate into your CI/CD pipelines now more than ever. We can appreciate these advancements in the form of time savings and decreasing complexity when deploying to a cloud native environment, but we cannot completely ignore the details involved in these technologies. It’s tempting to take simplicity for granted, but sometimes we do this at the expense of keeping our software safe and secure!
View Video

FROGBOT : Securing your git repository! What is new!

Aug 30, 2022 By JFrog In JFrog
GitHub Security Alerts! Support for Yarn 2... Frogbot scans every pull request created for security vulnerabilities with JFrog Xray and in version 2.3.2 it even opens pull requests for upgrading vulnerable dependencies to a version with a fix! With Frogbot installed, you can make sure that new pull requests don’t add new security vulnerabilities to your code base alongside them. If they do, the creator of the pull request has the opportunity to change the code before it is merged.
View Video
jfrog

CVE-2021-38297 - Analysis of a Go Web Assembly vulnerability

Aug 30, 2022 By Uriya Yavnieli In JFrog

The JFrog Security Research team continuously monitors reported vulnerabilities in open-source software (OSS) to help our customers and the wider community be aware of potential software supply chain security threats and their impact. In doing so, we often notice important trends and key learnings worth highlighting.

Read Post
jfrog

SATisfying our way into remote code execution in the OPC UA industrial stack

Aug 25, 2022 By Or Peles, Omer Kaspi and Uriya Yavnieli In JFrog

The JFrog Security team recently competed in the Pwn2Own Miami 2022 hacking competition which focuses on Industrial Control Systems (ICS) security. One of our research targets for the competition was the Unified Automation C++-based OPC UA Server SDK. Other than the vulnerabilities we disclosed as part of the pwn2own competition, we managed to find and disclose eight additional vulnerabilities to the vendor. These vulnerabilities were fixed in the SDK in version 1.7.7.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.