Express Computer
Home  »  News  »  JFrog Curation Redefines “Shift Left” Security for Enterprise Software Supply Chains

JFrog Curation Redefines “Shift Left” Security for Enterprise Software Supply Chains

0 80

JFrog Ltd. the Liquid Software company and creators of the JFrog Software Supply Chain Platform, introduced JFrog Curation, an automated DevSecOps solution designed to thoroughly vet and block malicious open source or third-party software packages and their respective dependencies before entering an organisation’s software development environment. Natively integrated with JFrog binary repository, JFrog Curation is unique in its use of binary metadata for identification of malicious packages with higher-severity CVEs, operational, or license compliance issues – removing the need to download each package for scanning before use, which preserves developer speed and ease.

“Software developers use millions of open source components to accelerate project delivery and gain a competitive edge, but this practice could be abused to inject malicious packages and vulnerabilities to the code – increasing the risk of software supply chain attacks,” said Asaf Karas, CTO of Security, JFrog. “Application security must be taken seriously and looked at holistically from the point of creation through runtime on edge devices. JFrog Curation takes the ‘shift left’ concept to the next level by automatically blocking the use of risky open source software packages before entry to an organisation, drastically reducing a company’s overall attack surface without compromising on speed or the developer experience.”

The use of open-source software for the development of commercial applications is now mainstream, with 87 percent of respondents to an IDC survey indicating open source would be their first choice over other commercial options. However, in 2022, more than 10 million people were impacted by software supply chain attacks targeting roughly 1,700 entities worldwide – nearly all of which included some element of faulty or nefarious open source code.

“Security incidents such as log4Shell, Spring4Shell, etc., have taught us that what’s safe today may not be safe tomorrow when using public open source libraries,” said Jim Mercer, IDC Research Vice President of DevOps and DevSecOps. “A tool that simplifies the developer experience while ensuring packages comply with established, regularly updated security policies, and are validated against relevant vulnerability databases, is essential for securing modern DevOps workflows.”

JFrog Curation also validates incoming software packages against JFrog’s Security Research library of recorded Critical Vulnerabilities Exposures (CVE) and publicly available information to help establish a trusted repository of pre-approved, third-party software components for use in development. By effectively bridging public package repositories, developers, production, and security personas, JFrog Curation helps improve efficiency while preventing time-consuming and costly remediation efforts later.

JFrog Curation is designed to enable developers, security leaders, and DevSecOps engineers to:
-Vet and block open-source software components without compromising the developer experience or speed.
-Have central visibility and governance of every open source package requested by a developer or build tool with accurate, metadata-based insights on all infected packages, with actionable advice on ways to remediate.
-Create a comprehensive and transparent audit trail to help organisations comply with current and emerging regulatory requirements.
-Optimise the developer experience with frictionless, validated software component retrieval.
-Avoid the unruly sprawl of various tool suites through its integration with the JFrog Software Supply Chain Platform, which provides consistent, automated processes across development environments.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image