❯ curl -IL https://repository.example.com/
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.24.0 (Ubuntu)
Date: Fri, 21 Feb 2025 08:44:06 GMT
Content-Type: text/html
Content-Length: 154
Location: https://repository.example.com/ui/
Connection: keep-alive
HTTP/1.1 502 Bad Gateway❯ curl -IL --user-agent "Microsoft Edge" https://repository.example.com/
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.24.0 (Ubuntu)
Date: Fri, 21 Feb 2025 08:52:12 GMT
Content-Type: text/html
Content-Length: 154
Location: https://repository.example.com/ui/
Connection: keep-alive
HTTP/1.1 200 OKHuh.. rumor of #jfrog using #databrokers to get more data on people trying out their service and making some aggressive style marketing movements. I didn't send them my number.. why and how are they texting me?
Anyone know someone at #JFrog I could reach out to, concerning their SaaS solution for #Artifactory ?
Ran into issues where it looks like they need to update some of their AWS backend infra configuration to support IPv6 (dualstack) to accept users that are reaching out from IPv6-only environments. Otherwise, packages are unable to be downloaded from their hosted endpoints in those scenarios.
GitHub has announced a new partnership with JFrog Ltd., bringing advanced security capabilities directly into the GitHub developer workflow. #GitHub http://dlvr.it/TFrvss #GitHub #JFrog #DevSecOps
JFrog Enters NVIDIA AI Microservices Space to Accelerate Innovation
#AiModels #AI #APIs #DevOpsteams #JFrog #Microservices #MLOpsplatform #NVIDIAAI #NVIDIA #QwakAI
https://theaiwired.com/jfrog-enters-nvidia-ai-microservices-space-to-accelerate-innovation/
Excited to be presenting on the weird and wild world of AI security at #jfrog #swampup in Austin on September 11th, drop me a line if you're coming :)
https://swampup.jfrog.com/session/the-old-the-new-and-the-strange-securing-deep-learning-in-2024/
#BSI WID-SEC-2024-1765: [NEU] [hoch] #JFrog #Artifactory: Schwachstelle ermöglicht Manipulation von Dateien
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in JFrog Artifactory ausnutzen, um Dateien zu manipulieren.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1765
Supply chain attack na Pythona, czyli o krok od kolejnego dużego incydentu
Często słyszy się określenie, że bezpieczeństwo to ciągła „gra w kotka i myszkę” lub wyścig. W rzeczy samej, często badacze muszą ścigać się z przestępcami, aby zapobiec poważnym atakom. Od czasu ataku na SolarWinds, dużą popularność i rozgłos zyskują ataki na łańcuch dostaw. Na łamach sekuraka opisywaliśmy wielokrotnie sytuacje, w...
#WBiegu #Jfrog #Pypi #Python #Supplychain
https://sekurak.pl/supply-chain-attack-na-pythona-czyli-o-krok-od-kolejnego-duzego-incydentu/
JFrog prevents massive Python supply chain attack with timely discovery
https://stackdiary.com/jfrog-prevents-massive-python-supply-chain-attack-with-timely-discovery/
#Python #JFrog #Security #TokenLeak #GitHub #Docker #SupplyChain #CodeSafety #Cybersecurity #DevOps #BinaryAnalysis #PyPI #SoftwareSecurity #TechAlert #DataProtection #CodingMishap #InfoSec #DeveloperTools #CloudSecurity #EthicalHacking #APISecrets #ContainerSecurity #BugBounty #WhiteHat #SecretScanning #PythonDev #IncidentResponse #ThreatPrevention #SecurityResearch #CyberVigilance
#JFrog / Zero tolerance for the sad horrific truth
Israelis are thin skinned and can’t deal with criticism. Who knew.
Q: You are an Israeli company with branches around the world. Has the war affected you?
Shlomi Ben-Chaim: "On October 11th, one of the employees wrote anti-Israel words on her Instagram. She was fired within two hours. She is suing me. We are a global Israeli company, no one will hide or conceal this, we grew up here. This is the flag on NASDAQ and in Netiv HaAsara. We are present in many countries, in Europe and the USA, in India and China, and it's like providing education at home. Don't be surprised if your employees behave this way if you don't set boundaries for them. JFrog has a very clear set of values written by the employees, not by management, and every employee must respect them. Not comfortable with them? It's a free country, work somewhere else. Anyone who came out against Israeliness in any manifestation was out of the company. This is natural loyalty, I believe this is how they would act in any company in the world."
GitHub і JFrog оголосили про інтеграцію: єдиний вхід, спільні панелі та робота з кодом https://itc.ua/ua/tehnologiyi/github-i-jfrog-ogolosyly-pro-integratsiyu-yedynyj-vhid-spilni-paneli-ta-robota-z-kodom/ #Технології #Новини #GitHub #JFrog
#JFrog found that nearly 20% of #DockerHub repositories contained malicious content, so perhaps it is time for a reminder: Do not use random images you know nothing about.
I had two repositories in my account that were (I deleted them) not directly malicious, but were also very much not intended to be used by anyone but me. One of them was even called donotuse! Yet they were pulled hundreds of times. 🤷
Seriously it seems #JFrog is more about trying to get people to buy a license, and packing so much into what was at one time a simple management tool, that now it's near impossible to determine what you need to do. Very disappointed in that.
Anyone out there knowledgeable about a good #Maven repository manager? I've been looking at #JFrog #Artifactory and well, it isn't as I remember it from 10 years ago, and it doesn't seem to fit our needs. I need one where the admin user can control what libraries are available/cached in our local repository, and also download the dependencies so we don't have to constantly go looking that all of them are present. I would prefer an #OpenSourceSoftware solution if possible.
Over 100 Malicious AI/ML Models -
“JFrog” Found on AI Developer Platform Hugging Face.
As many as 100 malicious artificial intelligence (AI) / machine learning (ML) models have been discovered in the Hugging Face platform. These include instances where loading a pickle file leads to code execution. The model's payload grants the attacker a shell on the compromised machine.
Every link in the digital supply chain demands rigorous scrutiny.
Great threat hunting job by the JFrog team.
Though I am waiting for some coworkers to work through some Artifactory issues with JFrog support...
Using Renovate with JFrog Artifactory
https://medium.com/towards-aws/using-renovate-with-jfrog-artifactory-445a99a2df68
#jfrog #artifactory #devops #dependencycheck #binary #containers
