Yet Another Case for Using Exclude Patterns in Remote Repositories: Namespace Shadowing Attack
The npm Registry is vulnerable for supply chain impersonation attacks. Make sure you create npm scoped packages and force exclude patterns.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Stay Alert to Security With Xray and PagerDuty
When it comes to securing your software development against open source vulnerabilities, the earlier action occurs — by the right person — the safer you and your enterprise will be. Many IT departments rely on the PagerDuty incident response platform to improve visibility and agility across the organization.
Best DevSecOps Solution: DevOps Dozen 2020 Honors JFrog Xray
With so many esteemed adversaries competing in the same DevSecOps space, winning the “Best DevSecOps Solution” award feels even more special. We’re very grateful to the community and the DevOps Dozen2 judges who voted for JFrog Xray in this extremely tough category.
SDLC Security: It's Personal for JFrog
The SolarWinds hack, which has affected high-profile Fortune 500 companies and large U.S. federal government agencies, has put the spotlight on software development security — a critical issue for the DevOps community and for JFrog. At a fundamental level, if the code released via CI/CD pipelines is unsafe, all other DevOps benefits are for naught.
Adding Helm Chart Security Mitigation Notes to ChartCenter
Earlier this year, we launched ChartCenter, our newest community platform to help Kubernetes developers find Helm charts. This new free Helm central repository was built with chart immutability in mind— meaning every version of a Helm chart and every version in ChartCenter will always be available even if the original source goes down.
DevSecOps Best Practices With The JFrog Platform
JFrog Xray – an integral part of the JFrog Unified DevOps platform – enables continuous security and compliance throughout your SDLC: spanning binaries management, container images, and your end-to-end CI/CD pipelines. In this webinar, you will learn how to leverage JFrog Xray to enable DevSecOps.
[webinar] How To Build A Cloud Native DevSecOps Pipeline With JFrog and AWS
Are you taking advantage of the best practices to easily adopt DevSecOps in the cloud? Discover the strategies and tools you can use to ensure you can easily overcome the challenges of securing your software releases.
How The JFrog Platform Drives DevSecOps At Scale
With the JFrog Platform at the core of your DevSecOps tool chain, you will over achieve your deployment frequency and change lead time metrics. By integrating JFrog into your existing CI environment current skills (people) and processes are maximized, while aggregating all the commercial and open source software artifacts, dependencies and documentation for re-use across all of your development projects to drive consistency and quality of the build.
A Few Minutes More: Add Xray DevSecOps to Artifactory Enterprise on Azure
In a prior blog post, we explained how to install or update Artifactory through the Azure Marketplace in the amount of time it takes for your coffee order to arrive on the counter. Now you can add to your self-managed (BYOL) Artifactory deployment Xray, the cream of software component analysis (SCA) tools, through the Azure Marketplace as well.
Air Gap Distribution Delivers Peace of Mind to Isolated Environments
The best way to stay out of danger is to keep far away from where danger lurks. But in the internet age, the global network means risk to your systems is from everywhere, at all times. With estimates that worldwide damage from cybercrime will exceed 6 trillion dollars by 2021, many companies choose, or are required by regulations to isolate their most sensitive systems to avoid any type of security breach.