Operations | Monitoring | ITSM | DevOps | Cloud

JFrog

Shifting Left for DevSecOps Success

Mar 11, 2022 By JFrog In JFrog
Catch this session to see exactly what does “shift left” security mean? More importantly, how does this strategy affect a developer’s workflow? In this workshop we walk attendees through the steps of setting up an end-to-end DevSecOps solution to automate your build artifact storage, vulnerability detection, testing, and deployment. Lastly, attendees learn how to take advantage of JFrog’s IDE integration and JFrog XRay to increase your confidence in the security of your application, all within a freely available DevSecOps environment!
View Video
jfrog

Shifting Left for DevSecOps Success

Mar 10, 2022 By Bill Manning In JFrog
Not long ago, developers built applications with little awareness about security and compliance. Checking for vulnerabilities, misconfigurations and policy violations wasn’t their job. After creating a fully-functional application, they’d throw it over the proverbial fence, and a security team would evaluate it at some point – or maybe never. Those days are gone – due to three main shifts.
Read Post
jfrog

DirtyPipe (CVE-2022-0847) - the new DirtyCoW?

Mar 9, 2022 By Itay Vaknin In JFrog
A few days ago, security researcher Max Kellermann published a vulnerability named DirtyPipe which was designated as CVE-2022-0847. This vulnerability affects the Linux kernel and if exploited, can allow a local attacker to gain root privileges. The vulnerability gained extensive media follow-up, since it affects all Linux-based systems with a 5.8 or later kernel, without any particular exploitation prerequisites.
Read Post
jfrog

Amplify Artifactory and Distribution Changes Through PagerDuty

Mar 2, 2022 By Deep Datta In JFrog
When automated software delivery runs smoothly, it can whisper, and quietly attend to itself. But when your delivery and distribution pipeline runs into a problem, it must shout. Boosting the volume of Artifactory and Distribution change events and issues through PagerDuty can help ensure they’re heard by everyone whose job it is to monitor your software delivery pipeline.
Read Post
jfrog

JFrog Discloses 5 Memory Corruption Vulnerabilities in PJSIP - A Popular Multimedia Library

Mar 1, 2022 By Uriya Yavniely In JFrog
JFrog’s Security Research team is constantly looking for new and previously unknown security vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered 5 security vulnerabilities in PJSIP, a widely used open-source multimedia communication library developed by Teluu. By triggering these newly discovered vulnerabilities, an attacker can cause arbitrary code execution in the application that uses the PJSIP library.
Read Post
jfrog

Customizing the JFrog Xray Horizontal Pod Autoscaler

Feb 24, 2022 By Joey Naor, Developer Support Engineer at JFrog In JFrog
In cloud native computing (Kubernetes in our case), there is a requirement to automatically scale the compute resources used for performing a task. The autoscaling cloud computer strategy allows to dynamically adjust the active number of application servers and allocated resources instead of responding manually in real-time to traffic surges that necessitate more resources and instances.
Read Post
jfrog

How to set up a Private, Remote and Virtual Go Registry

Feb 23, 2022 By Batel Zohar In JFrog
The simplest way to manage and organize your Go dependencies is with a Go Repository. You need reliable, secure, consistent and efficient access to your dependencies that are shared across your team, in a central location. Including a place to set up multiple registries, that work transparently with the Go client. With the JFrog free cloud subscription, including JFrog Artifactory, Xray and Pipelines, you can set up a free local, remote and virtual Go Registry in minutes.
Read Post
jfrog

Malware Civil War - Malicious npm Packages Targeting Malware Authors

Feb 22, 2022 By Andrey Polkovnychenko and Shachar Menashe In JFrog
The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to avert potential software supply chain security threats, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. Most recently we disclosed 25 malicious packages in the npm repository that were picked up by our automated scanning tools.
Read Post
jfrog

Xray: New Year, New Security Features

Feb 16, 2022 By Paul Garden, JFrog Product Marketing Manager In JFrog
As part of our ongoing efforts to offer you the most comprehensive and advanced SDLC protection capabilities, JFrog continues to boost the capabilities of our Xray security and compliance product. In this blog, we offer an overview of recent Xray improvements, all aimed at helping you fortify your software, reduce risk, scale security, streamline compliance and accelerate releases with confidence.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.