December 2021

Part I: A Journey Into the World of Advanced Security Monitoring

Dec 30, 2021 By Nitzan Gotlib In JFrog

Dealing with hundreds of security alerts on a daily basis is a challenge. Especially when many are false positives that waste our time and all take up too much of our valuable time to sift through. Let me tell you how our security team fixed this, as we built security around the JFrog products. First, let me tell you a little bit about our team.

Read Post

JFrog

Read more about Part I: A Journey Into the World of Advanced Security Monitoring

Log4j Vulnerability Alert: 100s of Exposed Packages Uncovered in Maven Central

Dec 30, 2021 By Ilya Khivrich In JFrog

The high risk associated with newly discovered vulnerabilities in the highly popular Apache Log4j library – CVE-2021-44228 (also known as Log4Shell) and CVE-2021-45046 – has led to a security frenzy of unusual scale and urgency. Developers and security teams are pressed to investigate the impact of Log4j vulnerabilities on their software, revealing multiple technical challenges in the process.

Read Post

JFrog

Read more about Log4j Vulnerability Alert: 100s of Exposed Packages Uncovered in Maven Central

Log4j Detection with JFrog OSS Scanning Tools

Dec 28, 2021 By Ilya Khivrich In JFrog

The discovery of the Log4Shell vulnerability in the ubiquitous Apache Log4j package is a singular event in terms of both its impact and severity. Over 1 million attack attempts exploiting the Log4Shell vulnerability were detected within days after it was exposed, and it may take years before we see its full impact.

Read Post

JFrog

Read more about Log4j Detection with JFrog OSS Scanning Tools

Catching Log4j in the Wild: Find, Fix and Fortify

Dec 23, 2021 By Gianni Truzzi In JFrog

At many organizations, the surprise discovery that the widely used Apache log4j open source software has harbored a longtime critical vulnerability was as if Scrooge and the Grinch had teamed up for the biggest holiday heist of all. Incident response teams across the globe have scrambled to remediate thousands, if not millions of applications. “For cybercriminals this is Christmas come early,” explained Theresa Payton, former White House CIO and current CEO of Fortalice Solutions.

Read Post

JFrog

Read more about Catching Log4j in the Wild: Find, Fix and Fortify

Rethinking Your Software Distribution Infrastructure

Dec 22, 2021 By Avigail Ofer In JFrog

Accelerating software distribution is a critical part to enabling enterprise delivery at scale. Throughout the SDLC processes, we’re required to continuously distribute software packages — either to remote development teams as part of CI cycles, to production environments or devices for deployments, or for public downloads by your developers or partners ecosystem. The key attributes of Distribution workflows create network challenges around bandwidth, resiliency and availability.

Read Post

JFrog

Read more about Rethinking Your Software Distribution Infrastructure

Create Your Software Distribution "Fast Lane" with Distribution Edges

Dec 22, 2021 By Avigail Ofer In JFrog

Accelerating software distribution is a critical part of the modern DevOps stack. Modern application development has created new challenges around distribution at scale, leading organizations to rethink their software distribution infrastructure.

Read Post

JFrog

Read more about Create Your Software Distribution "Fast Lane" with Distribution Edges

Log4j Log4Shell Vulnerability Q&A

Dec 21, 2021 By Asaf Cohen In JFrog

In our recent webinar, Log4j Log4Shell Vulnerability Explained: All You Need To Know, our Senior Director Security Research expert Shachar Menashe shared information on the security issue and how to detect and remediate it. We are happy to share additional information in the following Q&A, based on the questions raised during the webinar.

Read Post

JFrog

Read more about Log4j Log4Shell Vulnerability Q&A

Your Log4shell Remediation Cookbook Using the JFrog Platform

Dec 18, 2021 By Asaf Cohen In JFrog

Last week, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java (specifically, the 2.x branch called Log4j2). The vulnerability was originally discovered and reported to Apache by the Alibaba cloud security team on November 24th. MITRE assigned CVE-2021-44228 to this vulnerability, which has since been dubbed Log4Shell by security researchers.

Read Post

JFrog

Read more about Your Log4shell Remediation Cookbook Using the JFrog Platform

Introduction to JFrog Xray

Dec 15, 2021 By JFrog In JFrog

JFrog Xray is a universal software composition analysis (SCA) solution that natively integrates with Artifactory as part of the JFrog Platform. Xray gives developers and DevSecOps teams an easy way to proactively identify open source vulnerabilities and license compliance violations before they manifest in production.

View Video

JFrog

Read more about Introduction to JFrog Xray

Log4j Log4Shell Vulnerability: All You Need To Know

Dec 15, 2021 By JFrog In JFrog

On December 9, 2021, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java. Since then, the trivially exploitable (weaponized PoCs are available publicly) and extremely popular library has reportedly been massively exploited and has gotten wide coverage on media and social networks.

View Video

JFrog

Read more about Log4j Log4Shell Vulnerability: All You Need To Know

Build your software distribution fast lane with Distribution Edges

Dec 15, 2021 By JFrog In JFrog

DO YOU NEED TO CONTINUOUSLY PUBLISH AND DISTRIBUTE YOUR SOFTWARE TO SHARE WITH: Then you know what a hassle it can be -- with network bottlenecks, security overhead, and operational challenges managing distribution infrastructure at scale slowing down your releases.

View Video

JFrog

CI CD
DevOps

Read more about Build your software distribution fast lane with Distribution Edges

Kroger Uses JFrog Xray for Software Security and License Compliance

Dec 15, 2021 By JFrog In JFrog

Kroger leverages the JFrog platform to give developers visibility into their software vulnerabilities and make informed decisions on what to fix. See how Kroger has implemented secure DevOps processes with automated vulnerability scanning and open-source software (OSS) license compliance capabilities to support their development and security teams.

View Video

JFrog

Read more about Kroger Uses JFrog Xray for Software Security and License Compliance

Log4j Log4Shell 0-Day Vulnerability: All You Need To Know

Dec 13, 2021 By Shachar Menashe In JFrog

Last Thursday, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java (specifically, the 2.x branch called Log4j2). The vulnerability was originally discovered and reported to Apache by the Alibaba cloud security team on November 24th. MITRE assigned CVE-2021-44228 to this vulnerability, which has since been dubbed Log4Shell by security researchers.

Read Post

JFrog

Read more about Log4j Log4Shell 0-Day Vulnerability: All You Need To Know

Glide to JFrog DevSecOps with the New Experience

Dec 13, 2021 By Eyal Ben Moshe In JFrog

We’re excited to share with you that we have launched a completely new way to start using the JFrog DevOps Platform that you – as a developer – will love. We’ve provided a super-easy, developer-friendly path to discovering how Artifactory and Xray can help you produce safer apps, faster, getting started through the command line shell and IDE that you use every day.

Read Post

JFrog

Read more about Glide to JFrog DevSecOps with the New Experience

JFrog + Liquibase Demo

Dec 8, 2021 By JFrog In JFrog

View Video

JFrog

CI CD
DevOps

Read more about JFrog + Liquibase Demo

Day 2 Apps Deployed, the Database is on Fire

Dec 8, 2021 By JFrog In JFrog

Use DevOps practices to deploy your database changes seamlessly! Join Robert Reeves of Liquibase and Melissa McKay of JFrog as they discuss the advantages of using tried and true DevOps methodologies and automation to keep your database driven application up and running in production. The 2021 State of DevOps Report tells us that elite performers are 3.4 times more likely to adopt database change management practices. DevOps is for everyone including our database professional friends.

View Video

JFrog

Read more about Day 2 Apps Deployed, the Database is on Fire

Malicious npm Packages Are After Your Discord Tokens - 17 New Packages Disclosed

Dec 8, 2021 By Andrey Polkovnychenko and Shachar Menashe In JFrog

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. Most recently we disclosed 11 malicious packages in the PyPI repository, a discovery that shows attacks are getting more sophisticated in their approach.

Read Post

JFrog

Read more about Malicious npm Packages Are After Your Discord Tokens - 17 New Packages Disclosed

Episode 1: DevSecOps Coffee Break Series Add OSS Security & Compliance to Artifactory

Dec 2, 2021 By JFrog In JFrog

Introduction to JFrog Xray and how to reduce vulnerability and license risks of the open source and 3rd party dependencies you rely on.

View Video

JFrog

Read more about Episode 1: DevSecOps Coffee Break Series Add OSS Security & Compliance to Artifactory

Episode 2: DevSecOps Coffee Break Series | Creation of Your Software Bill Of Materials SBOM

Dec 2, 2021 By JFrog In JFrog

Learn what an SBOM is, how it will benefit you, which misconceptions exist around it, and why it must be a key element of your SDLC security and compliance process.

View Video

JFrog

Read more about Episode 2: DevSecOps Coffee Break Series | Creation of Your Software Bill Of Materials SBOM

Episode 4: DevSecOps Coffee Break Series | 'Shift Left' Security With A Developer Centric Approach

Dec 2, 2021 By JFrog In JFrog

Learn best practices to immediately “shift left” in your Cl/CD process and fix vulnerabilities before they move into the next stage of your SDLC.

View Video

JFrog

Read more about Episode 4: DevSecOps Coffee Break Series | 'Shift Left' Security With A Developer Centric Approach

Episode 5: DevSecOps Coffee Break Series | If JFrog is Good Enough For The Government, Why Not You

Dec 2, 2021 By JFrog In JFrog

JFrog Artifactory and JFrog Xray achieved Iron Bank Certification - see how they can improve your SDLC security posture with the JFrog Platform.

View Video

JFrog

Read more about Episode 5: DevSecOps Coffee Break Series | If JFrog is Good Enough For The Government, Why Not You

Episode 3: DevSecOps Coffee Break Series | Securing Your Software Supply Chain

Dec 2, 2021 By JFrog In JFrog

Learn how you can protect your software development lifecycle (SDLC) from supply chain attacks, and ensure the software you deliver to your employees and your customers is safe.

View Video

JFrog

Read more about Episode 3: DevSecOps Coffee Break Series | Securing Your Software Supply Chain

Operations | Monitoring | ITSM | DevOps | Cloud

December 2021

Part I: A Journey Into the World of Advanced Security Monitoring

Log4j Vulnerability Alert: 100s of Exposed Packages Uncovered in Maven Central

Log4j Detection with JFrog OSS Scanning Tools

Catching Log4j in the Wild: Find, Fix and Fortify

Rethinking Your Software Distribution Infrastructure

Create Your Software Distribution "Fast Lane" with Distribution Edges

Log4j Log4Shell Vulnerability Q&A

Your Log4shell Remediation Cookbook Using the JFrog Platform

Introduction to JFrog Xray

Log4j Log4Shell Vulnerability: All You Need To Know

Build your software distribution fast lane with Distribution Edges

Kroger Uses JFrog Xray for Software Security and License Compliance

Log4j Log4Shell 0-Day Vulnerability: All You Need To Know

Glide to JFrog DevSecOps with the New Experience

JFrog + Liquibase Demo

Day 2 Apps Deployed, the Database is on Fire

Malicious npm Packages Are After Your Discord Tokens - 17 New Packages Disclosed

Episode 1: DevSecOps Coffee Break Series Add OSS Security & Compliance to Artifactory

Episode 2: DevSecOps Coffee Break Series | Creation of Your Software Bill Of Materials SBOM

Episode 4: DevSecOps Coffee Break Series | 'Shift Left' Security With A Developer Centric Approach

Episode 5: DevSecOps Coffee Break Series | If JFrog is Good Enough For The Government, Why Not You

Episode 3: DevSecOps Coffee Break Series | Securing Your Software Supply Chain

Monthly Archive

Follow Us