Tackling the Container Iceberg
Container images are based on many direct and indirect open source dependencies, which most developers are not aware of.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Enable Global DevSecOps with Cloud Enterprise and Xray on AWS
When software can travel around the globe at the speed of the cloud’s gusts, enterprises need to be extra certain the updates they release are safe for customers to use. If an app built in Palo Alto uses a vulnerable package from Belgrade, losses can ripple from Sheboygan to Shanghai. At JFrog, we believe enabling global DevSecOps in the cloud should be an easy process.
Whitesource and CircleCI Orbs: Secure your CI/CD Pipelines from Start to Finish
Open source software components play an important role by providing us with the building blocks of our products. However, even as we enjoy the benefits of open source components, they are not without their challenges, especially when it comes to security vulnerabilities.
Block Security Vulnerabilities from Entering Your Code
As continuous software deployments grow and become the accepted standard, security measures gain even more importance. From development and all the way through to production, security requirements should be adopted by all teams in an organization. JFrog IDE integrations provide security and compliance intelligence to the developer right from within their IDE.
DevSecOps Best Practices with JFrog Platform
In this webinar, you will learn how to leverage JFrog Xray to enable DevSecOps. We will also cover security topics such as circle of trust, security between locations, security replication, access tokens, and auditing.
Security in Go Modules and Vulnerabilities in GoCenter at GoSF Meetup in San Francisco
Deep Datta from the JFrog Community Team shares his learnings about Go 1.13 introducing important security features to Go Modules including a checksumdb. He explains how this works and provides information on other tools in GoCenter that keep modules secure include vulnerability scanning and Jfrog Xray.
DevSecOps Best Practices with JFrog Xray
JFrog builds security products that enable organizations to trust their pipeline from development to deployment and production. In this webinar, you will learn how to leverage JFrog Xray to achieve radical transparency of the binary components in your data center. Understand the impact of these components on production system quality, performance, and architectural changes. We will also cover security topics such as circle of trust, security between locations, security replication, access tokens, and auditing.
Image scanning for CircleCI
In this blog post, we are going to cover how to perform container image scanning for CircleCI using Sysdig Secure. Image scanning allows DevOps teams to detect and resolve issues, like known vulnerabilities and incorrect configurations, directly in their CI/CD pipelines. Using Sysdig Secure, you can enforce image policies to block vulnerabilities before they reach production environments and fix them faster while the developer still has the context.
M. Loewinger, Smartbear: "Each product has a DevOps lead who manages Detectify and all its findings"
Detectify user story: Smartbear offers automated software testing solutions that help development and testing teams ensure quality throughout the software development lifecycle. Martin Loewinger, Director of SaaS Operators at Smartbear, and his team use Detectify to ensure security is a part of each product CI/CD pipeline, so that they can help their end users with test automation and monitoring.
Customize Xray DevSecOps With Private Data
For some organizations, even the best isn’t quite enough. That’s why JFrog Xray provides a way for you to specify your own additional data, to detect even more sensitive issues in your binaries before they can reach production. JFrog Xray is a tool for DevSecOps teams to gain insight into the open source components used in their applications.