JFrog Ltd. the Liquid Software company and creators of the JFrog Software Supply Chain Platform, today unveiled new capabilities that set the standard for quality, security, MLOps and integrity of software releases. From creation to production, the JFrog Platform infuses security at the binary level in every stage of the software development lifecycle to ensure applications are traceable, reliable, compliant, and secure.
"JFrog has been strategically investing heavily in the development of comprehensive, DevOps-centric security solutions aimed at addressing future threats. JFrog automates DevSecOps processes uniquely at the binary level, and our customers affirm that this is the most effective approach to safeguarding their software supply chain," said Shlomi Ben Haim, co-founder and CEO, JFrog. "The industry is in a constant race against attackers, and JFrog consistently releases new capabilities that outpace other worldwide vendors. Customers’ range of protection with JFrog now spans from open-source and first-party code, secrets detection, IaC security, and Curation of OSS packages - and today brings in AI and MLOps security, caching and protection of customers' ML models. JFrog continues to be set apart by our unique capability to control software binaries, made possible by the leading position of Artifactory."
The new capabilities in the JFrog Software Supply Chain Platform continue to meet customers’ needs for comprehensive, DevOps-centric security and automation that drives a true shift-left strategy, including:
- AI and ML Model Security: JFrog’s new ML Model Management capabilities quickly scan and detect malicious machine learning models, block their use if needed, and ensure license compliance with company policies to enable safer use of AI. JFrog's ML Model Management capabilities are currently available in Beta for JFrog Cloud customers.
- Static Application Security Testing (SAST): Seamlessly integrates with several developer environments to help customers quickly and accurately scan source code for zero-day security vulnerabilities. JFrog SAST also helps minimize false positives and prioritize remediation efforts using contextual analysis.
- Open-Source Software (OSS) Catalog: As part of JFrog Curation, Catalog provides a “search engine for software packages'' in the JFrog UI or via API – that’s backed by both public and JFrog data – giving users immediate insight to the security and risk metadata associated with all OSS packages.
“With the alarming rise of software supply chain attacks, securing at the binary level with immutable software bundles is a must because it’s the only way to certify that what you’re releasing is safe for use,” said Asaf Karas, CTO, JFrog Security. “By providing a comprehensive platform that is developer-friendly and enterprise-ready – with security baked in at every phase, backed by an expert team of security researchers always watching for emerging threats – we can better arm companies to innovate faster with peace of mind in knowing their software is safe for use both today, and tomorrow.”
Each element of the JFrog Platform is backed by a dedicated team of security engineers and researchers actively investigating, analyzing, and exposing new vulnerabilities and attack methods. All new DevSecOps capabilities build upon JFrog’s already robust set of security products, designed to deliver a comprehensive and continuous approach to automatically securing binaries across all stages of software development and delivery, including:
- JFrog Curation, with its new OSS Catalog capability, helps organizations prevent malicious packages or vulnerabilities from ever entering their development environment.
- JFrog Xray for proactively detecting risky packages before deployment.
- JFrog Advanced Security with Contextual Analysis to help quickly assess critical vulnerability and secrets exposures once software is in production so timely remediation efforts can be executed.
While detailing the new security capabilities in the JFrog Platform, the company also unveiled new DevOps functionality, including:
- Hugging Face local repository - Native connection with popular AI repository – Hugging Face – allows Python developers and Data Scientists to easily proxy and cache the open source AI models they rely on from deletion or modification.
- ML Model Management: Brings AI model development in line with an organization’s existing software processes to accelerate and govern the continuous delivery of ML components.
- Release Lifecycle Management (RLM) abilities: Creates an immutable “Release Bundle” defining a software package and its components early in the software development lifecycle, providing a single source of truth for each application. JFrog RLM also uses anti-tampering systems, compliance checks, and evidence capture to collect data and insights on each release bundle at every stage of development for transparency on the quality of each build that can be easily shared with multiple stakeholders across DevOps, IT, and security.
"The most recent IDC DevOps survey (DevOps Practices, Tooling, and Perceptions Survey, IDC# US49379723, Jan 2023) reveals that platforms are being used more widely to improve productivity, security, and collaboration. Additionally, as organizations continue shifting left - putting more work on developers and DevOps teams — they can accelerate that transition by enabling DevOps and Platform engineers with an integrated platform that streamlines development and security processes, can help scale trusted software delivery," said Jim Mercer, Research Vice President, DevOps & DevSecOps, IDC.