Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

JFrog

jfrog

Rising CVEs and the need for speed: Enhancing software security with JFrog Xray and PagerDuty

Nov 30, 2023 By Kristian Taernhed In JFrog

With the proliferation of CVEs (Common Vulnerabilities and Exposures), we have witnessed a remarkable surge in associated risks over the past five years. 2022 was a record-breaking year with 25,096 new CVEs found, the most discovered CVEs ever. Unfortunately, 2023 is on track to beat that record.

Read Post
jfrog

Cloud Integrations: JFrog Achieves AWS PrivateLink Service Ready Validation

Nov 20, 2023 By Kate Kwiatkowski In JFrog

At JFrog, we talk about being universal and too integrated to fail. In addition to more than 30 technologies and package types supported natively, this also means supporting our customers in their hybrid and cloud infrastructure. One such key integration capability for customers leveraging Amazon Web Services (AWS) is AWS PrivateLink.

Read Post

DevNext Workshop 2: Innovate More...Remediate Less with JFrog DevOps-Centric Security

Nov 16, 2023 By JFrog In JFrog
Watch the recording of the second workshop in the JFrog DevNext series - JFrog Security. The live audience experienced a real-time, hands-on event to help them develop their skills with the JFrog platform and how to easily secure their software supply chain.
View Video

Release Fast and Secure or Die!

Nov 3, 2023 By JFrog In JFrog
Repetitive tasks are the antithesis of speed. The only way to deliver software rapidly, securely and with quality is to automate software packages across the software supply chain to drive enhanced testing, improve decision-making, eliminate bottlenecks and holistically manage your software resources. Join Yossi Shaul, SVP of R&D, JFrog, and Gali Zisman, VP of Product, JFrog, to explore JFrog’s new release-first approach, including exclusive swampUP announcements, first-time demonstrations & key product advancements!
View Video

Shielding the Foundation: Security Across Your SSC

Nov 3, 2023 By JFrog In JFrog
Developers are now the target of the attacker, with binaries available publicly. While it's unlikely that the concept of security point solutions will completely disappear, it’s clear that the market is demanding a consolidated, comprehensive approach to pipeline security across the attack surface. With the increasing complexity of software supply chains, security and governance are becoming critical on developer’s machines, at the C-level and in boardrooms. In this session, Eyal Dyment, VP of Security Product for JFrog, details how next-gen software supply chain solutions must incorporate robust, holistic security or risk being the next tool to be consolidated.
View Video
jfrog

Arbitrary File Creation vulnerability in plexus-archiver - CVE-2023-37460

Oct 24, 2023 By Uriya Yavnieli In JFrog

The JFrog Security research team constantly monitors open-source projects to find new vulnerabilities or malicious packages and share them with the wider community to help improve their overall security posture. As part of this effort, the team recently discovered a new security vulnerability in plexus-archiver, an archive creation and extraction package.

Read Post
jfrog

Unveiling Secrets Detection with JFrog Frogbot

Oct 17, 2023 By Michael Sverdlov In JFrog

In today’s interconnected world, secrets are the keys to unlocking sensitive data and systems. Like hidden gems for attackers, any inadvertent exposure of these secrets could lead to data breaches, unauthorized access, and security compromises. As organizations adopt DevOps practices, artifacts containing secrets are often stored and shared across various stages of the software supply chain, amplifying the risk of exposure.

Read Post
jfrog

CVE-2023-38545 & CVE-2023-38546 Curl and libcurl Vulnerabilities: All you need to know

Oct 10, 2023 By Yair Mizrahi In JFrog

On Wednesday, October 4th 2023, Daniel Stenberg, one of Curl’s core maintainers announced that a forthcoming release of Curl, version 8.4.0, is scheduled to be available on October 11th 2023 at approximately 06:00 UTC. The upcoming release will include fixes for two Curl vulnerabilities that they had discovered. One of these vulnerabilities is rated as having low severity (CVE-2023-38546), whereas the second one is considered high severity (CVE-2023-38545).

Read Post
Subscribe to JFrog

Copyright © 2024 OpsMatters™. All rights reserved.