JFrog Unveils Industry’s First End-to-End Platform for Accelerating the Build and Release of Secure Software
New Security,
DevOps, MLOps capabilities in JFrog’s Software Supply Chain Platform empower
organizations to build and release software with confidence from code to
runtime
swampUP India – September 15, 2023 — JFrog
Ltd. (“JFrog”) (Nasdaq: FROG), the Liquid Software company
and creators of the JFrog Software Supply Chain Platform, today
unveiled new capabilities that set the standard for quality, security, MLOps and integrity
of software releases. From creation to production, the JFrog Platform infuses
security at the binary level
in every stage of the software development lifecycle to ensure
applications are traceable, reliable, compliant, and secure.
"JFrog has
been strategically investing heavily in the development of comprehensive,
DevOps-centric security solutions aimed at addressing future threats. JFrog
automates DevSecOps processes uniquely at the binary level, and our customers
affirm that this is the most effective approach to safeguarding their software
supply chain," said Shlomi Ben Haim, co-founder and CEO, JFrog. "The
industry is in a constant race against attackers, and JFrog consistently
releases new capabilities that outpace other worldwide vendors. Customers’
range of protection with JFrog now spans from open-source and first-party code,
secrets detection, IaC security, and Curation of OSS packages - and today
brings in AI and MLOps security, caching and protection of customers' ML models.
JFrog continues to be set apart by our unique capability to control software
binaries, made possible by the leading position of Artifactory."
The new
capabilities in the JFrog Software Supply Chain Platform continue to meet
customers’ needs for comprehensive, DevOps-centric security and automation that
drives a true shift-left strategy, including:
?
AI and
ML Model Security: JFrog’s new ML
Model Management capabilities quickly scan and detect malicious machine
learning models, block their use if needed, and ensure license compliance with
company policies to enable safer use of AI. JFrog's ML Model Management
capabilities are currently available in Beta for JFrog Cloud customers.
?
Static
Application Security Testing (SAST): Seamlessly integrates with several developer
environments to help customers quickly and accurately scan source code for
zero-day security vulnerabilities. JFrog SAST also helps minimize false
positives and prioritize remediation efforts using contextual analysis.
?
Open-Source
Software (OSS) Catalog: As part of JFrog
Curation, Catalog provides a “search engine for software
packages'' in the JFrog UI or via API – that’s backed by both public and JFrog
data – giving users immediate insight to the security and risk metadata
associated with all OSS packages.
“With the
alarming rise of software supply chain attacks, securing at the binary level
with immutable software bundles is a must because it’s the only way to certify
that what you’re releasing is safe for use,” said Asaf Karas, CTO, JFrog
Security. “By providing a comprehensive platform that is developer-friendly and
enterprise-ready – with security baked in at every phase, backed by an expert
team of security researchers always watching for emerging threats – we can
better arm companies to innovate faster with peace of mind in knowing their
software is safe for use both today, and tomorrow.”
Each element of
the JFrog Platform is backed by a dedicated team of security engineers and
researchers actively investigating, analyzing, and exposing new vulnerabilities
and attack methods. All new DevSecOps capabilities build upon JFrog’s already
robust set of security products, designed to deliver a comprehensive and
continuous approach to automatically securing binaries across all stages of
software development and delivery, including:
?
JFrog Curation, with its new OSS Catalog capability,
helps organizations prevent malicious packages or vulnerabilities from ever
entering their development environment.
?
JFrog
Xray for proactively
detecting risky packages before deployment.
?
JFrog Advanced Security with
Contextual Analysis to help quickly assess critical vulnerability and secrets
exposures once software is in production so timely remediation efforts can be
executed.
While detailing
the new security capabilities in the JFrog Platform, the company also unveiled
new DevOps functionality, including:
?
Hugging Face
local repository - Native connection with popular AI repository
– Hugging Face – allows
Python developers and Data Scientists to easily proxy and cache the open source
AI models they rely on from deletion or modification.
?
ML Model
Management: Brings AI model development in line with an
organization’s existing software processes to accelerate and govern the
continuous delivery of ML components.
?
Release
Lifecycle Management (RLM) abilities: Creates an
immutable “Release Bundle” defining a software package and its components early
in the software development lifecycle, providing a single source of truth for
each application. JFrog RLM also uses anti-tampering systems, compliance
checks, and evidence capture to collect data and insights on each release
bundle at every stage of development for transparency on the quality of each
build that can be easily shared with multiple stakeholders across DevOps, IT,
and security.
"The most
recent IDC DevOps survey (DevOps Practices, Tooling, and Perceptions Survey,
IDC# US49379723, Jan 2023) reveals that platforms are being used more widely to
improve productivity, security, and collaboration. Additionally, as
organizations continue shifting left - putting more work on developers and
DevOps teams — they can accelerate that transition by enabling DevOps and
Platform engineers with an integrated platform that streamlines development and
security processes, can help scale trusted software delivery," said Jim
Mercer, Research Vice President, DevOps & DevSecOps, IDC.
To learn more
about the new DevOps and security capabilities in the JFrog Software Supply
Chain Platform, visit the following resource pages:
? JFrog
Static Application Security Testing (SAST) product page
and blog
? JFrog ML
Model Management product page and blog
? JFrog
Curation product page and blog
? JFrog Release
Lifecycle Management product page and blog
###
Like
this story? Post this on X (formerly Twitter): .@jfrog pumps-up its
#SoftwareSupplyChain Platform for the new era of #security threats at #swampUP
2023. Learn more:bit.ly/48etyS0
#DevSecOps #cybersecurity #DevOps #Developers
About JFrog
JFrog Ltd.
(Nasdaq: FROG), is on a mission to create a world of software delivered without
friction from developer to device. Driven by a “Liquid Software” vision, the
JFrog Software Supply Chain Platform is a single system of record that powers
organizations to build, manage, and distribute software quickly and securely,
ensuring it is available, traceable, and tamper-proof. The integrated security
features also help identify, protect, and remediate against threats and
vulnerabilities. JFrog’s hybrid, universal, multi-cloud platform is available
as both self-hosted and SaaS services across major cloud service providers.
Millions of users and 7K+ customers worldwide, including a majority of the
Fortune 100, depend on JFrog solutions to securely embrace digital
transformation. Once you leap forward, you won’t go back! Learn more at jfrog.com and follow us
on Twitter: @jfrog.
Cautionary Note About Forward-Looking
Statements
This press
release contains “forward-looking” statements, as that term is defined under
the U.S. federal securities laws, including but not limited to statements
regarding JFrog’s product capabilities and anticipated benefits to customers.
These
forward-looking statements are based on our current assumptions, expectations
and beliefs and are subject to substantial risks, uncertainties, assumptions
and changes in circumstances that may cause the impact of JFrog’s products to
differ materially from those expressed or implied in any forward-looking
statement. There are a significant number of factors that could cause actual
results, performance or achievements, to differ materially from statements made
in this press release, including but not limited to risks detailed in our
filings with the Securities and Exchange Commission, including in our annual
report on Form 10-K for the year ended December 31, 2022, our quarterly reports
on Form 10-Q, and other filings and reports that we may file from time to time
with the Securities and Exchange Commission. Forward-looking statements
represent our beliefs and assumptions only as of the date of this press
release. We disclaim any obligation to update forward-looking statements.
###