JFrog, the Liquid Software company and creator of the JFrog Software Supply Chain Platform, is announcing a series of updates—from integrations with major providers to new security features—that serve to drive productivity, reduce complexity, and provide robust security across the development cycle.
With JFrog’s new GitHub integration, organizations benefit from a unified, single pane of glass view of project status and security posture to remediate vulnerabilities at the binary level. This integration delivers a more intuitive, secure way to trace code from its source to the resulting binaries across both JFrog and GitHub platforms, driving developer efficiency while reducing risk and overall costs, according to the company.
Some of the new capabilities include:
- Bidirectional code navigation and job visibility: Bidirectional code navigation allows for more precise tracking and triage by natively linking code with its built software packages, making software provenance and dependencies more accessible to developers. This feature also comes with a new Job summary page on GitHub, offering an easily ingestible view of project health and security status.
- Unified, secure single sign-on (SSO): OpenID Connect (OIDC) single-sign on support and feature mapping better secures switches between GitHub Actions and the JFrog Platform, automating token management for identity verification.
- Consolidated security status dashboards: A centralized dashboard of security scan results from both GitHub and JFrog tools, as well as role permissions and identity managements, helps developers address potential vulnerabilities earlier in the development cycle.
- GitHub Copilot Extensions program: With JFrog’s participation, this extension increases developer productivity by offering a new chat feature that answers common coding questions relevant to their JFrog or GitHub environments.
The second of these updates—JFrog’s new product integration with NVIDIA NIM—combines the power of GPU-optimized, pre-approved AI models with unified DevSecOps processes in an end-to-end software supply chain workflow. JFrog Artifactory acts as a single, centralized repository for housing NVIDIA NIM images and its models, incorporating containerized AI models as software packages into existing software development workflows. This empowers enterprises to maintain a consistent, single source of truth for its software packages and AI models, further amplified by the visibility, governance, and control boons that JFrog’s DevSecOps strategy delivers, according to JFrog.
Fundamentally, this integration serves to lower the bar for AI adoption by empowering “organizations to manage NIM alongside all other software binaries in Artifactory, utilizing existing development and DevSecOps tools, integrations, access rights, governance, and processes already in place and used daily by teams when working with Artifactory,” explained Gal Marder, EVP of strategy at JFrog.
Offering centralized access control and management of NIM microservice containers alongside all other assets; comprehensive security and integrity with continuous scanning and JFrog auditing; optimized AI application performance via NVIDIA accelerated computing; and flexible deployment options through JFrog Artifactory, this integration eliminates the need for extensive AI-specific tools and methods to manage NIM models.
JFrog’s latest update also introduces JFrog Runtime, joining JFrog’s extensive suite of security capabilities. JFrog Runtime delivers complete software integrity and lineage from code to cloud, seamlessly integrating security into every step of the development process.
By connecting running artifacts and package locations, JFrog Runtime allows users to “know what is happening with the package from development to release so they can validate whether a vulnerability/malicious component/artifact was executed in runtime, pinpoint the location of that component within the repository, and then prioritize remediation based on applicability,” explained Marder. “JFrog Runtime helps ‘clear the blind spot’ that existed previously when it comes to monitoring applications in production at the binary level.”
JFrog Runtime allows teams to monitor Kubernetes clusters in real time, further helping security track and manage packages with differing origins, organize repositories by environment types, and activate JFrog Xray policies through a centralized runtime environment view. This not only works to strengthen security from code to runtime but also remediates visibility and alignment gaps across R&D, DevOps, and security teams while optimizing version control and package development.
To learn more about JFrog’s latest updates, please visit https://jfrog.com/.