UPDATED 23:41 EDT / MAY 25 2022

SECURITY

JFrog led ‘Project Pyrsia’ seeks to secure software from vulnerabilities and malicious code

DevOps company JFrog Ltd. today introduced Project Pyrsia, an open-source software community initiative that uses blockchain technology to secure software packages from vulnerabilities and malicious code.

Project Pyrsia is an open-source-based, decentralized, secure build network and software package repository aimed at helping developers establish a chain of provenance for their software components, creating greater confidence and trust.

The new project is not designed by JFrog alone. Participants in Project Pyrsia include Docker Inc., DeployHub Inc., Shenzen Futureway Technology Co. Ltd. and Oracle Corp. With Pyrsia, JFrog says, developers can use open-source software knowing their components have not been compromised, without needing to build, maintain, or operate complex processes for securely managing dependencies.

“Open-source is everywhere and, while it has always been seen as a seed for innovation and modernization, the recent rise of software supply chain attacks has made every organization vulnerable,” Shlomi Ben Haim, co-founder and chief executive of JFrog, said in a statement. “Led by developers and for developers, JFrog is proud to work with the community on developing Project Pyrsia so everyone can continue to embrace open source with confidence while protecting the software supply chain.”

The idea behind the project is that while open-source software is a critical element of nearly every technology we use today, there’s no question that the volume, sophistication and severity of software supply chain attacks have increased in the last year. In recent times, the JFrog Security Research team tracked more than 20 different open-source software supply chain attacks – two of which were zero-day or yet-undiscovered threats. JFrog argues that although open-source components are designed to make development more efficient, not knowing where your software comes from makes it hard-to-spot risks –seeding doubt and uncertainty about its safety.

Pyrsia integrates with package management systems developers are using so they can certify their software components without foregoing compatibility, security, or efficiency. The project employs standards such as Sigstore’s Cosign and Notary V2 to allow developers to quickly access their containers leveraging the Pyrsia network. Using digital signatures, developers receive an immutable chain of evidence for their code, providing peace of mind from knowing the exact source of their packages.

Image: JFrog

A message from John Furrier, co-founder of SiliconANGLE:

Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.

  • 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
  • 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.