Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on Continuous Integration and Development, and related technologies.

Malware Civil War - Malicious npm Packages Targeting Malware Authors

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to avert potential software supply chain security threats, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. Most recently we disclosed 25 malicious packages in the npm repository that were picked up by our automated scanning tools.

How to secure your CI pipeline

Many enterprises still struggle to get security right. To protect their business, it is critical they focus on security during the entire infrastructure and application lifecycle, including continuous integration (CI). Developers are becoming more autonomous as they transition to a DevOps way of working, with more people requiring access to production systems.

Efforts to Secure OSS fired up after Log4Shell

Who would have thought software could rattle the White House? But a vulnerability in Log4J, a popular open source software project, exposed critical digital infrastructure to remote code execution attacks. This prompted the US Government to engage big tech, infosec professionals, and open source organizations to come together to help secure open source software.

Dedicated hosts for macOS are now available

Dedicated hosts for macOS are now available on CircleCI. This new layer of support is built exclusively for macOS and offers Apple developers unprecedented storage, security, and scalability on CircleCI. By reserving a dedicated host, teams can unlock access to a bare metal instance that provides exclusive access to an entire host machine for 24 hours.

Xray: New Year, New Security Features

As part of our ongoing efforts to offer you the most comprehensive and advanced SDLC protection capabilities, JFrog continues to boost the capabilities of our Xray security and compliance product. In this blog, we offer an overview of recent Xray improvements, all aimed at helping you fortify your software, reduce risk, scale security, streamline compliance and accelerate releases with confidence.

Continuous Build and Deployment of Go Applications with Google Cloud Build

We've gone through many iterations of ways to build, deploy and distribute applications written in Go at Cloud 66. Unlike Rails, Go applications can be web applications, daemons or CLIs and therefore have different requirements. I'll share some of what we've learned with you in this post.

New Year, New Features in Artifactory

Let’s start 2022 off the right with new features and updates that will extend JFrog Artifactory’s power and reach in addressing challenges with managing your binaries from development to production. Join JFrog’s Irena Guy Product Manager, Evgeny Karasik Senior Product Manager, Ben Ifrach Product Manager, and Eyal Ben Moshe Development Manager, Ecosystem. In this session, you'll learn about the new updates.