JFrog is on a mission to create a world of software delivered without friction from developer to device, driven by a "liquid software" vision. The JFrog Software Supply Chain Platform is a single system of record that powers organisations to build, manage, and distribute software quickly and securely, to aid in making it available, traceable, and tamper-proof. The integrated security features also help identify, protect, and remediate against threats and vulnerabilities. Its new partnership with GitHub, the world’s leading AI-powered developer platform, will see the duo drive a best-of-breed integrated platform solution that allows joint customers to holistically manage EveryOps for developers.
Development teams need to manage both source code and binaries, so a bi-directional integration between JFrog and GitHub is a natural fit. The two companies have jointly built a roadmap to focus on seamless navigation and traceability between source code and binaries, continuous integration and deployment with GitHub Actions and JFrog Artifactory, as well as a unified view of security findings to provide one solution for software supply chain security and policies across GitHub and JFrog Advanced Security offerings. Additionally, the roadmap provides the ability to leverage GitHub Copilot to chat and query artifact and pipeline status to keep projects moving forward.
“It’s time for developers and DevOps Engineers to enjoy both worlds together as one; the best source code platform alongside the best artifact platform,” said JFrog CEO Shlomi Ben Haim. “Our customers adopt technology rapidly and require managing DevOps, Security, CI/CD, and AI initiatives while consolidating tools. We’re thrilled about this powerful partnership and integration with GitHub, as it will not only provide a seamlessly powerful experience using both platforms but also improve development efficiency and users’ happiness."
|
|
“We’re already seeing that GitHub Copilot is transforming the way developers write code. At the same time, more code means more binaries, which have their own management, security and delivery requirements,” said GitHub CEO Thomas Dohmke. “This is why we’re excited about a partnership with JFrog. We are taking our industry-leading technologies and seamlessly integrating them with the best-in-class artifact repository manager in Artifactory. With GitHub and JFrog, enterprises will have the most holistic option to generate, manage, secure, and deliver software across the supply chain.”
JFrog and GitHub now provide organizations with a seamless end-to-end experience in managing the Software Supply Chain:
- Bi-directional code and software package navigation – Allowing precise tracking and triage by offering native linking between code and built packages and vice versa, for more streamlined data, deeper compliance and security-oriented outputs, and software provenance.
- GitHub Actions tracking for stored artifacts – Seamless integration for resolving packages from Artifactory and storing binary artifacts generated by Actions, alongside build metadata in Artifactory, aiding more accurate SBOM generation.
- SSO, roles and project structures unification – Enabling seamless sign-on, project role mapping access management and CI integration to keep developers moving efficiently.
- Single pane of glass for JFrog & GitHub Advanced Security findings – Providing full security view of both source-focused and binary-focused security scans in a single place, providing full visibility of security posture from source to production and native linking of findings to either source or binaries (coming months).
- Copilot Chat integration – Allows developers to extend their Copilot Chat interactions to be interactively advised about the best software packages and versions to use, and to ask questions regarding security and JFrog project setup, etc., to gain a greater view of the software development lifecycle (coming months).
As an ongoing initiative, both companies are dedicated to maintaining a roadmap for continuous enhancements, ensuring users of both platforms can efficiently manage their code and binaries. Additional integration points will be introduced and shared regularly.
As CIOs and CISOs share more responsibilities throughout the software supply chain flow, the collaboration between GitHub and JFrog has already received strong support from customers across a variety of industries and roles.
“The community and market have been anticipating this natural ‘better together’ solution. Organizations are consolidating around major best-of-breed platforms, and the partnership between GitHub and JFrog has the potential to transform the DevOps and DevSecOps market and supercharge developers’ efficiency,” said Vimeo CIO and CISO Mark Carter. “This integration can simplify software supply chain security by displaying source-based security findings from GitHub alongside binary-based security findings from JFrog under GitHub’s Security tab, allowing developers to gain a holistic security view and shorten remediation times to improve the overall security posture. Software supply chain security is top of mind for every CISO, and this joint solution from JFrog and GitHub provides a critical, AI-infused cybersecurity control.”
JFrog has announced its upcoming annual user conference, swampUP, which is set to occur in Austin, Texas, from September 9 to 11, 2024. During this event, JFrog and GitHub will jointly present their vision, share ongoing roadmap items, and demonstrate recent developments for the community.
