Operations | Monitoring | ITSM | DevOps | Cloud
The Place Where Modern Operations & Technology Come Together
JFrog
Unboxing BusyBox - 14 new vulnerabilities uncovered by Claroty and JFrog
Embedded devices with limited memory and storage resources are likely to leverage a tool such as BusyBox, which is marketed as the Swiss Army Knife of embedded Linux. BusyBox is a software suite of many useful Unix utilities, known as applets, that are packaged as a single executable file. Within BusyBox you can find a full-fledged shell, a DHCP client/server, and small utilities such as cp, ls, grep, and others.
Embrace your updates - creating a world of daily software releases without fear!
Imagine a world where we would all enjoy updating the software we use. A world where software producers could be excited about releasing every day without fear. This is the future of 'liquid software', when updates, like water, run freely to all corners of the world. In this session, JFrog co-founder and chief data scientist Fred Simon will share his vision of achieving trusted continuous updates in the DevOps world, in which software is constant. He will show us why continuous software updates are critical for our modern world.
Announcing the JFrog Slack App for Artifactory and Xray Cloud
Imagine a world where every team member could directly contribute to software together. We’re living in that world now. With more than 10 million daily active users, Slack is one of the most ‘lived in’ collaboration tools used by software development teams around the world.
Migrate and Modernize: How to Upgrade Your DevOps as You Move to the Cloud
Understand how to transform your IT with AWS infrastructure and JFrog DevOps. Join our webinar to learn how JFrog and AWS can help you transform your DevOps and infrastructure to a more nimble and secure environment. In this webinar, you will gain insight on the strategies and best practices to overcome the challenges of legacy infrastructure and older application build and deployment approaches. In this webinar you will discover.
Deploy Iron Bank-Approved Artifactory/Xray on AWS GovCloud and RKE2
With Artifactory and Xray now included in the U.S. Department of Defense’s Iron Bank container repository, we’re eager to help you benefit from this accreditation. Today, we’ll explain how to deploy these hardened JFrog images on AWS GovCloud using Rancher Kubernetes Edition (RKE2.) Specifically, we’ll describe the installation and configuration of the Iron Bank-accredited Artifactory version 7.21.7 and Xray version 3.30.2.
CVE-2021-37136 & CVE-2021-37137 - Denial of Service (DoS) in Netty's Decompressors
The JFrog Security research team has recently disclosed two denial of service issues (CVE-2021-37136, CVE-2021-37137) in Netty, a popular client/server framework which enables quick and easy development of network applications such as protocol servers and clients. In this post we will elaborate on one of the issues – CVE-2021-37136.
New Xray Features Enhance Workflows, Productivity and UX
The recently released JFrog Xray versions 3.31 & 3.32 have brought to the table a raft of new capabilities designed to improve and streamline your workflows, productivity and user experience. The new features, detailed below, solidify Xray as the optimum universal software composition analysis (SCA) solution for JFrog Artifactory that’s trusted by developers and DevSecOps teams to identify and eliminate open source software vulnerabilities and license compliance violations from their releases.
JFrog Cold Artifact Storage: Retention Policies for Your Binaries
With the trend towards smaller but more frequent software releases, your binaries and artifacts keep accumulating faster. Our enterprise customers each maintain an average of 20 million unique artifacts, adding 130% more each year. Eventually, a clutter of outdated binaries forms, and fInding the binaries you need becomes unwieldy, difficult, and confusing. Over time, your artifact repository’s performance can suffer from degradation.
CVE-2020-27304 - RCE via Directory Traversal in CivetWeb HTTP server
JFrog has recently disclosed a directory traversal issue in CivetWeb, a very popular embeddable web server/library that can either be used as a standalone web server or included as a library to add web server functionality to an existing application. The issue has been assigned to CVE-2020-27304.