JFrog Releases Curation
Written by Kay Ewbank   
Thursday, 13 July 2023

JFrog has introduced JFrog Curation, an automated DevSecOps solution that aims to vet and block malicious open source or third-party software packages and their respective dependencies before entering an organization’s software development environment.

JFrog provides an end-to-end DevOps platform for the software supply chain and has over 7K customers worldwide, including the majority (85%) of the Fortune 100.

The new tool is natively integrated with JFrog Artifactory binary repository, and the developers say it is unique in its use of binary metadata for identification of malicious packages with higher-severity CVEs, operational, or license compliance issues. The aim is that the technique removes the need to download each package for scanning before use.

jfrog

The JFrog team says that existing DevSecOps platforms may provide advice, but none actively check packages against automated policies at request time without downloading them.

JFrog Curation also validates incoming software packages against JFrog’s Security Research library of recorded Critical Vulnerabilities Exposures (CVE) and publicly available information so organizations can set up a trusted repository of pre-approved, third-party software components for use in development.

JFrog Curation is designed to enable developers, security leaders, and DevSecOps engineers to vet and block open source software components without compromising the developer experience or speed. It provides central visibility and governance of every open source package requested by a developer or build tool with accurate, metadata-based insights on all infected packages, with actionable advice on ways to remediate.

The software creates a comprehensive and transparent audit trail to help organizations comply with current and emerging regulatory requirements.

JFrog says the tool means developers can be confident they're using trusted OSS packages, without their speed of application development being impaired, and DevSecOps teams can now streamline OSS package usage and approvals. JFrog Curation provides out-of-the-box templatized policies to assist application security teams with pre-built customized policies for malicious packages, CVEs, license types, and operational risk (packages that are aged, immature, or unmaintained).

jfrog

More Information

JFrog Curation Webpage

Related Articles

JFrog Reveals The Popularity Of Software Technologies

JFrog Releases Conan 2

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


Gifts For Geeks 2024
22/11/2024

Are you ready for Thanksgiving, when overeating remorse and a surfeit of being thankful causes the unsettling thought that there are only four weeks till the Xmas break? So here is a mix of weird [ ... ]



Pico 2W Announced But There Is A Surprise!
25/11/2024

Raspberry Pi released the Pico 2 a few months ago and we have been waiting for the Pico 2W since then. But Pimoroni beat them to the draw with the Pico Plus 2W based on the RM2 radio module and hinted [ ... ]


More News

espbook

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Thursday, 13 July 2023 )