New Security, DevOps, MLOps capabilities in JFrog’s Software Supply Chain Platform empower organizations to build and release software with confidence from code to runtime
swampUP — JFrog Ltd. (“JFrog”) (Nasdaq: FROG), the Liquid Software company and creators of the JFrog Software Supply Chain Platform, today unveiled new capabilities that set the standard for quality, security, MLOps and integrity of software releases. From creation to production, the JFrog Platform infuses security at the binary level in every stage of the software development lifecycle to ensure applications are traceable, reliable, compliant, and secure.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230913032137/en/
JFrog unveils the industry's first end-to-end platform for accelerating the build and release of secure software. (Graphic: Business Wire)
“JFrog has been strategically investing heavily in the development of comprehensive, DevOps-centric security solutions aimed at addressing future threats. JFrog automates DevSecOps processes uniquely at the binary level, and our customers affirm that this is the most effective approach to safeguarding their software supply chain,” said Shlomi Ben Haim, co-founder and CEO, JFrog. “The industry is in a constant race against attackers, and JFrog consistently releases new capabilities that outpace other worldwide vendors. Customers’ range of protection with JFrog now spans from open-source and first-party code, secrets detection, IaC security, and Curation of OSS packages - and today brings in AI and MLOps security, caching and protection of customers' ML models. JFrog continues to be set apart by our unique capability to control software binaries, made possible by the leading position of Artifactory.”
The new capabilities in the JFrog Software Supply Chain Platform continue to meet customers’ needs for comprehensive, DevOps-centric security and automation that drives a true shift-left strategy, including:
- AI and ML Model Security: JFrog’s new ML Model Management capabilities quickly scan and detect malicious machine learning models, block their use if needed, and ensure license compliance with company policies to enable safer use of AI. JFrog's ML Model Management capabilities are currently available in Beta for JFrog Cloud customers.
- Static Application Security Testing (SAST): Seamlessly integrates with several developer environments to help customers quickly and accurately scan source code for zero-day security vulnerabilities. JFrog SAST also helps minimize false positives and prioritize remediation efforts using contextual analysis.
- Open-Source Software (OSS) Catalog: As part of JFrog Curation, Catalog provides a “search engine for software packages'' in the JFrog UI or via API – that’s backed by both public and JFrog data – giving users immediate insight to the security and risk metadata associated with all OSS packages.
“With the alarming rise of software supply chain attacks, securing at the binary level with immutable software bundles is a must because it’s the only way to certify that what you’re releasing is safe for use,” said Asaf Karas, CTO, JFrog Security. “By providing a comprehensive platform that is developer-friendly and enterprise-ready – with security baked in at every phase, backed by an expert team of security researchers always watching for emerging threats – we can better arm companies to innovate faster with peace of mind in knowing their software is safe for use both today, and tomorrow.”
Each element of the JFrog Platform is backed by a dedicated team of security engineers and researchers actively investigating, analyzing, and exposing new vulnerabilities and attack methods. All new DevSecOps capabilities build upon JFrog’s already robust set of security products, designed to deliver a comprehensive and continuous approach to automatically securing binaries across all stages of software development and delivery, including:
- JFrog Curation, with its new OSS Catalog capability, helps organizations prevent malicious packages or vulnerabilities from ever entering their development environment.
- JFrog Xray for proactively detecting risky packages before deployment.
- JFrog Advanced Security with Contextual Analysis to help quickly assess critical vulnerability and secrets exposures once software is in production so timely remediation efforts can be executed.
While detailing the new security capabilities in the JFrog Platform, the company also unveiled new DevOps functionality, including:
- Hugging Face local repository - Native connection with popular AI repository – Hugging Face – allows Python developers and Data Scientists to easily proxy and cache the open source AI models they rely on from deletion or modification.
- ML Model Management: Brings AI model development in line with an organization’s existing software processes to accelerate and govern the continuous delivery of ML components.
- Release Lifecycle Management (RLM) abilities: Creates an immutable “Release Bundle” defining a software package and its components early in the software development lifecycle, providing a single source of truth for each application. JFrog RLM also uses anti-tampering systems, compliance checks, and evidence capture to collect data and insights on each release bundle at every stage of development for transparency on the quality of each build that can be easily shared with multiple stakeholders across DevOps, IT, and security.
“The most recent IDC DevOps survey (DevOps Practices, Tooling, and Perceptions Survey, IDC# US49379723, Jan 2023) reveals that platforms are being used more widely to improve productivity, security, and collaboration. Additionally, as organizations continue shifting left - putting more work on developers and DevOps teams — they can accelerate that transition by enabling DevOps and Platform engineers with an integrated platform that streamlines development and security processes, can help scale trusted software delivery,” said Jim Mercer, Research Vice President, DevOps & DevSecOps, IDC.
To learn more about the new DevOps and security capabilities in the JFrog Software Supply Chain Platform, visit the following resource pages:
- JFrog Static Application Security Testing (SAST) product page and blog
- JFrog ML Model Management product page and blog
- JFrog Curation product page and blog
- JFrog Release Lifecycle Management product page and blog
Like this story? Post this on X (formerly Twitter): .@jfrog pumps-up its #SoftwareSupplyChain Platform for the new era of #security threats at #swampUP 2023. Learn more:bit.ly/48etyS0
#DevSecOps #cybersecurity #DevOps #Developers
JFrog Ltd. (Nasdaq: FROG), is on a mission to create a world of software delivered without friction from developer to device. Driven by a “Liquid Software” vision, the JFrog Software Supply Chain Platform is a single system of record that powers organizations to build, manage, and distribute software quickly and securely, ensuring it is available, traceable, and tamper-proof. The integrated security features also help identify, protect, and remediate against threats and vulnerabilities. JFrog’s hybrid, universal, multi-cloud platform is available as both self-hosted and SaaS services across major cloud service providers. Millions of users and 7K+ customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely embrace digital transformation. Once you leap forward, you won’t go back! Learn more at jfrog.com and follow us on Twitter: @jfrog.
Cautionary Note About Forward-Looking Statements
This press release contains “forward-looking” statements, as that term is defined under the U.S. federal securities laws, including but not limited to statements regarding JFrog’s product capabilities and anticipated benefits to customers.
These forward-looking statements are based on our current assumptions, expectations and beliefs and are subject to substantial risks, uncertainties, assumptions and changes in circumstances that may cause the impact of JFrog’s products to differ materially from those expressed or implied in any forward-looking statement. There are a significant number of factors that could cause actual results, performance or achievements, to differ materially from statements made in this press release, including but not limited to risks detailed in our filings with the Securities and Exchange Commission, including in our annual report on Form 10-K for the year ended December 31, 2022, our quarterly reports on Form 10-Q, and other filings and reports that we may file from time to time with the Securities and Exchange Commission. Forward-looking statements represent our beliefs and assumptions only as of the date of this press release. We disclaim any obligation to update forward-looking statements.