Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

jfrog

Don't Guess What to Scan: Runtime Scope Ensures Full Production Coverage

Oct 15, 2025 By Ariel Antoni In JFrog
Are you confident that you’re scanning for security vulnerabilities on all your software running in production? If this question makes you uncomfortable don’t worry. First, you’re not alone. Second – keep reading. Almost all security teams today face a massive challenge: they’re drowning in data but lack direction.
Read Post

Reimagining Trust in Software Releases: A New Approach to Supply Chain Integrity (Part 2)

Oct 6, 2025 By JFrog In JFrog
Only secure, verified, compliant software should reach production. Full stop. With increasing pressure on modern development teams to deliver across security and compliance requirements, a fully-secured, attestable pipeline demands complete visibility and control across the entire release lifecycle in a single solution.
View Video

Reimagining Trust in Software Releases: A New Approach to Supply Chain Integrity (Part 1)

Oct 6, 2025 By JFrog In JFrog
Only secure, verified, compliant software should reach production. Full stop. With increasing pressure on modern development teams to deliver across security and compliance requirements, a fully-secured, attestable pipeline demands complete visibility and control across the entire release lifecycle in a single solution.
View Video

DevSecOps Unlocked: Fortify Your Software Supply Chain

Oct 3, 2025 By JFrog In JFrog
How can you ensure your software supply chain is resilient and prepared for the challenges ahead? In this exclusive session, we’ll reflect on key lessons from 2024 and showcase how JFrog is leading the way in securing DevOps pipelines for 2025 and beyond. Join us for an engaging conversation with industry experts as we uncover real-world insights, explore actionable strategies, and demonstrate innovations designed to safeguard your software delivery lifecycle in an evolving threat landscape.
View Video
jfrog

From Silos to Synergy: Unifying Your Security Tools for a Stronger More Resilient Software Supply Chain

Oct 1, 2025 By Paul Davis In JFrog
In the race to secure today’s ever-expanding attack surface, many companies have made a practice of using a mix of tools to monitor, assess, and remediate threats. This practice has resulted in a fragmented and chaotic landscape of security solutions across several teams, increasing complexity and forcing companies to have a reactive vs. proactive security posture.
Read Post
jfrog

Shifting Security 'Lefter' Than Left Is The Key To Avoiding Risky Packages

Sep 19, 2025 By Asaf Karas In JFrog
As the AI revolution accelerates, developers are being inundated with a dazzling array of new software packages and game-changing tools such as GitHub CoPilot, Sourcegraph, Qodo, Cursor, Goose, and others that promise incredible advances in productivity and impact. The excitement over this is high and just keeps on growing.
Read Post
jfrog

swampUP 2025 Recap: The Quantum Shift in Software Delivery Requires a Unified Approach

Sep 17, 2025 By The JFrog Team In JFrog
And that’s a wrap! Held in beautiful Napa Valley, swampUP 2025, JFrog’s annual customer conference brought together developers, operations, security, compliance, and AI/ML leaders – all facing the same burning challenges posed by the AI-driven quantum shift in software delivery. In the keynotes, breakout sessions, and side-conversations over wine and coffee, a common theme was made clear: a unified Software Supply Chain platform is essential to thrive in the new reality.
Read Post
jfrog

Chaotic Deputy: Critical vulnerabilities in Chaos Mesh lead to Kubernetes cluster takeover

Sep 16, 2025 By Natan Nehorai In JFrog
JFrog Security Research recently discovered and disclosed multiple CVEs in the highly popular Chaos engineering platform – Chaos-Mesh. The discovered CVEs, which we’ve named Chaotic Deputy are CVE-2025-59358, CVE-2025-59360, CVE-2025-59361 and CVE-2025-59359. The last three Chaotic Deputy CVEs are critical severity (CVSS 9.8) vulnerabilities which can be easily exploited by in-cluster attackers to run arbitrary code on any pod in the cluster, even in the default configuration of Chaos-Mesh.
Read Post
jfrog

Stop the Chaos: How to Centralize, Secure, and Control Developer Extensions

Sep 10, 2025 By Achinoam Katsoff-Sitton In JFrog
Picture this: A new developer joins your team, excited to start contributing. On day one, they spend hours installing and configuring their IDE, searching for the “right” extensions. Their setup ends up being completely different from everyone else’s. Sound familiar? Worse yet, what if that “productivity-boosting” extension or new MCP server they just installed also secretly opened a backdoor in your codebase?
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.