JFrog unveils new DevSecOps contextual analysis capabilities – India Education | Latest Education News | World Education News

Bangalore—JFrog Ltd. (“JFrog”) (NASDAQ: FROG), the Liquid Software Company and creators of the JFrog DevOps platform, today introduced advanced contextual scanning security features in JFrog Xray, the company’s DevSecOps solution. . Proof of the integrated roadmap following its acquisition of Vdoo, JFrog Xray’s new features allow customers to more accurately determine the threat level and relevance of common vulnerability exposures (CVEs), leading to faster and faster remediation. precisely ranked. With JFrog Artifactory, this release of Xray provides a holistic, automated, and scalable solution for finding, replacing, retrieving, and prioritizing dangerous CVEs.

Rather than spending time and resources finding or fixing every new CVE based on the Common Vulnerability Scoring System (CVSS), JFrog Xray’s contextual scanning capabilities take a smart approach to software scans. at the binary level, painting a more complete picture of the applicability and danger of each vulnerability. Knowing if a particular CVE is relevant to your environment and easily exploitable will help already overstretched DevSecOps teams quickly identify and close their most critical security vulnerabilities. Because JFrog Xray is part of the JFrog platform, once a vulnerability is identified, customers can securely build, distribute and connect required end-to-end software updates.

“We are excited to offer our customers an integrated platform approach to quickly determine the applicability and risk of each CVE and then deploy the appropriate remediation,” said Nati Davidi, SVP, JFrog Security. “With so many vulnerabilities these days, customers need solutions that help them focus on what really needs protection. By providing binary-level detection of each vulnerability, Xray’s Contextual Analysis helps developers and security teams make more informed decisions about the impact of a particular vulnerability so they can execute quickly and safely. confidence in remediation plans, while reducing overhead.

In a world where software vulnerabilities and attacks are growing at an unprecedented rate in terms of volume and sophistication, industry research indicates that the average time it takes businesses and agencies to fix security vulnerabilities has increased from 197 days to 202 days during the first half of 2021[1]. Traditional software composition analysis (SCA) tools can often find hundreds of vulnerabilities in a single scan, giving development teams the daunting task of determining which vulnerabilities really matter. Using advanced binary scans of container images, JFrog Xray’s contextual analysis provides a more accurate picture of existing vulnerabilities, if they are relevant and/or easily exploitable, allowing developers and DevSecOps teams to prioritize efforts and resources for rapid correction.

Identifying and evaluating relevant contextual factors, such as the existence of an accessible path to the vulnerable code or a configuration variable that affects CVE applicability, typically requires in-depth manual analysis by security experts. This approach cannot meet the needs of modern enterprises to secure DevOps at speed and scale. As a recognized Certified Numbering Authority (CNA), JFrog’s Security Research team continuously monitors, identifies and analyzes existing and emerging CVEs to determine if they are susceptible to exploitation by attackers around the world. real. With JFrog Xray, customers benefit from this in-depth research, which offers insight into how the vulnerability can be exploited and clear guidance on remediation tactics, delivered through an automated and scalable platform.

Contextual analysis and other new features of JFrog Xray will be gradually rolled out to the JFrog client base starting mid-February. This update to JFrog Xray is supported in multiple languages ​​and architectures, including JS, Java, and Python, based on JFrog’s universal product philosophy. For more information on contextual analysis and other new features in the latest version of JFrog Xray, read this blog or visit the JFrog Xray solution page. Interested parties can also register to learn more about new context analysis, improved CVE data, Git dependency analysis, and SBOM capabilities in JFrog Xray during our “New Year, New Features in Xray” webinar.

Sam D. Gomez