Operations | Monitoring | ITSM | DevOps | Cloud

February 2022

jfrog

Customizing the JFrog Xray Horizontal Pod Autoscaler

Feb 24, 2022 By Joey Naor, Developer Support Engineer at JFrog In JFrog
In cloud native computing (Kubernetes in our case), there is a requirement to automatically scale the compute resources used for performing a task. The autoscaling cloud computer strategy allows to dynamically adjust the active number of application servers and allocated resources instead of responding manually in real-time to traffic surges that necessitate more resources and instances.
Read Post
jfrog

How to set up a Private, Remote and Virtual Go Registry

Feb 23, 2022 By Batel Zohar In JFrog
The simplest way to manage and organize your Go dependencies is with a Go Repository. You need reliable, secure, consistent and efficient access to your dependencies that are shared across your team, in a central location. Including a place to set up multiple registries, that work transparently with the Go client. With the JFrog free cloud subscription, including JFrog Artifactory, Xray and Pipelines, you can set up a free local, remote and virtual Go Registry in minutes.
Read Post
jfrog

Malware Civil War - Malicious npm Packages Targeting Malware Authors

Feb 22, 2022 By Andrey Polkovnychenko and Shachar Menashe In JFrog
The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to avert potential software supply chain security threats, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. Most recently we disclosed 25 malicious packages in the npm repository that were picked up by our automated scanning tools.
Read Post
jfrog

Xray: New Year, New Security Features

Feb 16, 2022 By Paul Garden, JFrog Product Marketing Manager In JFrog
As part of our ongoing efforts to offer you the most comprehensive and advanced SDLC protection capabilities, JFrog continues to boost the capabilities of our Xray security and compliance product. In this blog, we offer an overview of recent Xray improvements, all aimed at helping you fortify your software, reduce risk, scale security, streamline compliance and accelerate releases with confidence.
Read Post

New Year, New Features in Artifactory

Feb 15, 2022 By JFrog In JFrog
Let’s start 2022 off the right with new features and updates that will extend JFrog Artifactory’s power and reach in addressing challenges with managing your binaries from development to production. Join JFrog’s Irena Guy Product Manager, Evgeny Karasik Senior Product Manager, Ben Ifrach Product Manager, and Eyal Ben Moshe Development Manager, Ecosystem. In this session, you'll learn about the new updates.
View Video
jfrog

CVE-2021-44521 - Exploiting Apache Cassandra User-Defined Functions for Remote Code Execution

Feb 15, 2022 By Omer Kaspi In JFrog
JFrog’s Security Research team recently disclosed an RCE (remote code execution) issue in Apache Cassandra, which has been assigned to CVE-2021-44521 (CVSS 8.4). This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra.
Read Post
jfrog

JFrog Discloses 3 Remote Access Trojans in PyPI

Feb 14, 2022 By Andrey Polkovnychenko and Shachar Menashe In JFrog
The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to detect and avert potential software supply chain security threats. After validating the findings, the team reports any security vulnerabilities or malicious packages discovered to repository maintainers and the wider community.
Read Post
jfrog

Our Solution for Scalable Multi-Region SaaS Deployment

Feb 8, 2022 By Uri Peled and Amit Michaely In JFrog
Just like many other production DevOps engineering teams, our JFrog team deploys new version releases several times a day to AWS, Azure and GCP, across more than 20 cloud regions. This process used to take us many hours and could have even failed if it was done alongside maintenance by other teams.
Read Post

New Year, New Features in Xray

Feb 8, 2022 By JFrog In JFrog
Let’s start 2022 off the right with new features and updates that will extend JFrog Xray’s power and reach in addressing challenges with securing your binaries from development to production. Join Sarit Tager, VP Product Security as she discusses how Xray provides intelligent supply chain security and compliance at DevOps speed. JFrog Xray is a software composition analysis (SCA) solution that scans your open source software (OSS) dependencies for security vulnerabilities and license compliance issues.
View Video
jfrog

CVE-2021-44142: Critical Samba Vulnerability Allows Remote Code Execution

Feb 8, 2022 By Itay Vaknin, Brian Moussalli In JFrog
Recently, a critical out-of-bounds vulnerability, assigned to CVE-2021-44142, was disclosed in Samba versions prior to 4.13.17. The Samba vulnerability carries a critical CVSS of 9.9 and allows attackers to remotely execute code on machines running a Samba server with a vulnerable configuration. The vulnerability was disclosed as part of the Pwn2Own Austin competition where researchers are challenged to exploit widely-used software and devices with unknown vulnerabilities.
Read Post
jfrog

Don't Miss Out: Highlights from DevOps Cloud Days 2022

Feb 4, 2022 By Brian Cox In JFrog
If you didn’t attend our recently concluded DevOps Cloud Days online conference, you missed a learning event that those who did called “fantastic” and “meaningful.” In written feedback, developers, operations staff, and security admins who attended described the presentations as “powerful,” “inspiring” and “excellent.” Fortunately, it wasn’t your last chance to share that fruitful experience with us.
Read Post

DevOps Roundtable with Transact Campus

Feb 3, 2022 By JFrog In JFrog
Join us for an exclusive round table event where you will have the opportunity to ask Mrinal Virnave, Senior Director of Software Architecture at Transact Campus & JFrog’s own technical expert Bill Manning your most pressing DevOps questions, like: During our sit down, Mrinal Virnavewill elaborate on how his team increased productivity by transforming their developer experience and creating a centralized and secure process.
View Video
jfrog

Design Considerations for Software Distribution to Edge & IoT Applications

Feb 3, 2022 By Juan Perez In JFrog
Make no mistake: You can’t overlook software distribution in DevOps. At risk are the reliability, security and speed of your software releases — and your business itself. This is especially true in enterprises that are releasing across numerous edge endpoints or IoT devices. As your releases’ cadence and payload grow, software distribution challenges multiply, particularly at the edge.
Read Post
jfrog

The Impact of CVE-2022-0185 Linux Kernel Vulnerability on Popular Kubernetes Engines

Feb 1, 2022 By Itay Vaknin and Jonathan Sar Shalom In JFrog
Last week, a critical vulnerability identified as CVE-2022-0185 was disclosed, affecting Linux kernel versions 5.1 to 5.16.1. The security vulnerability is an integer underflow in the Filesystem Context module that allows a local attacker to run arbitrary code in the context of the kernel, thus leading to privilege escalation, container environment escape, or denial of service.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.