JFrog Ltd, the Liquid Software company and creator of the JFrog Software Supply Chain Platform, is announcing a new partnership with GitHub, the world’s leading AI-powered developer platform. Born from this partnership is a best of breed, integrated platform solution that merges every developer “Ops”—from DevOps to DevSecOps, MLOps, and GenAI-powered apps—within a single interface.
Key to this partnership is the relationship between source code and binaries, where “when developers begin a project, they use many open source software packages that they consume as binaries and they write code to add their own business logic. Before this code is deployed for execution, it is compiled into binaries,” explained Gal Marder, EVP of strategy at JFrog. These “binaries have become a major attack vector for hackers.”
Development teams are often in charge of managing both the source code and its binaries, as well as all its risks. JFrog and GitHub’s integrated solution centers bi-directional linking between source code and binaries that offers “more precise tracking and triage by natively linking code with its built software packages. This means attestation and provenance are assured more readily, and security-oriented results are easily traced across the supply chain and rapidly remediated,” noted Marder.
The platform also benefits developers through the marriage of GitHub Actions’ continuous integration and deployment, JFrog Artifactory’s unified view of security solutions, and GitHub’s Copilot for querying artifact and pipeline status. This seamless, end-to-end software supply chain management experience empowers developers to meet their growing responsibilities while consolidating tools, according to the companies.
Other benefits and capabilities delivered by JFrog and GitHub’s partnered solution include:
- Bi-directional code and software package navigation, streamlining data and encouraging deeper compliance, security-oriented outputs, and software provenance
- GitHub Actions tracking for stored artifacts for more accurate SBOM generation
- SSO, roles, and project structures unification with seamless sign-on, project role mapping, access management, and CI integration
- Unified view for JFrog and GitHub advanced security findings with both source-focused and binary-focused security scans, enhancing security posture visibility
- Copilot chat integration for interactive advisement on the best software packages and versions to utilize, as well as asking questions about security and JFrog project setup
- Comprehensive security and compliance across platforms with tightly integrated advanced security solutions and real-time dashboards that aggregate security findings for proactive risk management
- Ensured software quality, control, and reliability across the supply chain from code to deployment
- Cost savings across your toolchain through routine task automation and DevOps and security tool consolidation
JFrog and GitHub’s partnership enables enterprises to “merge myriad business initiatives into a single, comprehensive transformation of your digital business, utilizing platforms you trust and that technologists love,” said Marder.
Customers are already showing their support for JFrog and GitHub’s collaboration:
“The community and market have been anticipating this natural ‘better together’ solution. Organizations are consolidating around major best-of-breed platforms, and the partnership between GitHub and JFrog has the potential to transform the DevOps and DevSecOps market and supercharge developers’ efficiency,” said Mark Carter, CIO and CISO for Vimeo. “This integration can simplify software supply chain security by displaying source-based security findings from GitHub alongside binary-based security findings from JFrog under GitHub’s Security tab, allowing developers to gain a holistic security view and shorten remediation times to improve the overall security posture. Software supply chain security is top of mind for every CISO, and this joint solution from JFrog and GitHub provides a critical, AI-infused cybersecurity control."
"Beyond DevOps and DevSecOps practices, the future will require advanced interactions with AI tools,” said John Nuttall, director of technology for AT&T. “Chatting with GitHub’s Copilot to select the right and secure software package based on the extensive metadata stored in JFrog Catalog can be a game-changer. This integration will significantly enhance the efficiency of Copilot users across the software supply chain; binary-focused and code environments. This partnership offers the best of both worlds."
To learn more about JFrog and GitHub’s partnership, please visit https://jfrog.com/ or https://github.com/.