Business
JFrog Curation Redefines “Shift Left” Security for Enterprise Software Supply Chains
New product delivers centralized governance for automatically blocking malicious open-source packages and vulnerabilities from entering organizations
About this update from Jfrog Ltd.
[{"type":"text","content":"\nNew product delivers centralized governance for automatically blocking malicious open-source packages and vulnerabilities from entering organizations\n\n\n SUNNYVALE, Calif.--(BUSINESS WIRE)--\nJFrog Ltd. (Nasdaq: FROG), the Liquid Software company and creators of the JFrog Software Supply Chain Platform, today introduced JFrog Curation, an automated DevSecOps solution designed to thoroughly vet and block malicious open source or third-party software packages and their respective dependencies before entering an organization’s software development environment. Natively integrated with JFrog Artifactory binary repository, JFrog Curation is unique in its use of binary metadata for identification of malicious packages with higher-severity CVEs, operational, or license compliance issues - removing the need to download each package for scanning before use, which preserves developer speed and ease.\n\nThis press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230712412540/en/JFrog Curation Redefines \"Shift Left\" Security for Enterprise Software (Graphic: Business Wire)\n\"Software developers use millions of open source components to accelerate project delivery and gain a competitive edge, but this practice could be abused to inject malicious packages and vulnerabilities to the code - increasing the risk of software supply chain attacks,” said Asaf Karas, CTO of Security, JFrog. “Application security must be taken seriously and looked at holistically from the point of creation through runtime on edge devices. JFrog Curation takes the ‘shift left’ concept to the next level by automatically blocking use of risky open source software packages before entry to an organization, drastically reducing a company’s overall attack surface without compromising on speed or the developer experience.”\n\n\nThe use of open source software for development of commercial applications is now mainstream, with 87 percent of respondents to an IDC survey indicating open source would be their first choice over other commercial options.1 However, in 2022, more than 10 million people were impacted by software supply chain attacks targeting roughly 1,700 entities worldwide – nearly all of which included some element of faulty or nefarious open source code.2\n\n\n\"Security incidents such as log4Shell, Spring4She...