Select the directory option from the above "Directory" header!

Menu
JFrog Curation blocks malicious open source software packages

JFrog Curation blocks malicious open source software packages

DevSecOps system validates incoming software packages against JFrog’s security research library to establish a repository of trustworthy components for software developers to use.

Credit: Titima Ongkantong / Shutterstock

JFrog has unveiled JFrog Curation, a devsecops system designed to prevent malicious or risky open source or third-party software packages from entering an organisation’s software development pipeline.

JFrog Curation blocks the use of risky open source software packages without compromising development speed or the developer experience, JFrog said.

It uses binary metadata for identifying malicious packages with higher-severity CVEs (Critical Vulnerabilities and Exposures), operational, or license compliance issues. This removes the need to download each package for scanning before use, thus preserving developer ease and speed, JFrog said.

JFrog Curation validates incoming software packages against JFrog’s security research library of recorded CVEs and publicly available information to establish a repository of pre-approved, third-party software components for development use.

It provides central visibility and governance of every open source package requested by a developer or build tool and creates an audit trail to comply with regulatory requirements, JFrog said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags JFrog

Show Comments