JFrog has unveiled JFrog Curation, a devsecops system designed to forestall malicious or dangerous open supply or third-party software program packages from coming into a corporation’s software program growth pipeline.
JFrog Curation blocks the usage of dangerous open supply software program packages with out compromising growth pace or the developer expertise, JFrog stated. It makes use of binary metadata for figuring out malicious packages with higher-severity CVEs (Crucial Vulnerabilities and Exposures), operational, or license compliance points. This removes the necessity to obtain every package deal for scanning earlier than use, thus preserving developer ease and pace, JFrog stated.
JFrog Curation validates incoming software program packages towards JFrog’s safety analysis library of recorded CVEs and publicly accessible data to ascertain a repository of pre-approved, third-party software program elements for growth use. It offers central visibility and governance of each open supply package deal requested by a developer or construct device and creates an audit path to adjust to regulatory necessities, JFrog stated.
Copyright © 2023 IDG Communications, Inc.