Skip to main content

JFrog & GitHub Partner to Integrate Best of Breed Platforms, Unifying Software Supply Chain Management & Security

JFrog Ltd (Nasdaq: FROG), the Liquid Software company and creators of the JFrog Software Supply Chain Platform, and GitHub, the world’s leading AI-powered developer platform, announced today a new partnership to drive a best of breed, integrated platform solution, allowing joint customers to holistically manage EveryOps for developers, including DevOps, DevSecOps, MLOps and GenAI-powered apps.

Development teams must manage both source code and binaries, making a bi-directional integration between JFrog and GitHub a natural fit. A jointly-built roadmap developed by the two companies focuses on seamless navigation and traceability between source code and binaries, continuous integration and deployment with GitHub Actions and JFrog Artifactory, a unified view of security findings to provide one solution for software supply chain security and policies across GitHub & JFrog Advanced Security offerings, and the ability to leverage GitHub Copilot to chat and query artifact and pipeline status to keep projects moving forward.

“It’s time for developers and DevOps Engineers to enjoy both worlds together as one; the best source code platform alongside the best artifact platform,” said Shlomi Ben Haim, CEO of JFrog. “Our customers adopt technology rapidly and require managing DevOps, Security, CI/CD, and AI initiatives while consolidating tools. We’re thrilled about this powerful partnership and integration with GitHub, as it will not only provide a seamlessly powerful experience using both platforms but also improve development efficiency and users’ happiness.”

In a J.P. Morgan report from April 30, 2024, Executive Director of Enterprise Software Equity Research, Pinjalim Bora, shared: “GitHub and JFrog are being increasingly considered as the best-of-breed platforms for DevOps. In fact, in a recent DevOps survey, 50% of customers who said they were using JFrog were using GitHub as their primary code repository.”

“We’re already seeing that GitHub Copilot is transforming the way developers write code. At the same time, more code means more binaries, which have their own management, security and delivery requirements,” said Thomas Dohmke, CEO, GitHub. “This is why we’re excited about a partnership with JFrog. We are taking our industry-leading technologies and seamlessly integrating them with the best-in-class artifact repository manager in Artifactory. With GitHub and JFrog, enterprises will have the most holistic option to generate, manage, secure, and deliver software across the supply chain.”

Joint JFrog and GitHub customer Morgan Stanley, a leading global financial services firm providing a wide range of investment banking, securities, wealth management and investment management services, commented on the joint approach.

“We are thrilled to see some of the enhancements come to life; we believe this collaboration between GitHub and JFrog has the potential to significantly impact the DevOps landscape,” noted Amol Shukla, Distinguished Engineer, Morgan Stanley. “For instance, establishing bi-directional links between GitHub Actions Workflows, and Release Artifacts created and stored in Artifactory could enhance the development experience and traceability across the software supply chain.”

JFrog and GitHub now provide organizations with a seamless end-to-end experience in managing the Software Supply Chain:

  • Bi-directional code and software package navigation – Allowing precise tracking and triage by offering native linking between code and built packages and vice versa, for more streamlined data, deeper compliance and security-oriented outputs, and software provenance.
  • GitHub Actions tracking for stored artifacts – Seamless integration for resolving packages from Artifactory and storing binary artifacts generated by Actions, alongside build metadata in Artifactory, aiding more accurate SBOM generation.
  • SSO, roles and project structures unification – Enabling seamless sign on, project role mapping and access management and CI integration to keep developers moving efficiently.
  • Single pane of glass for JFrog & GitHub Advanced Security findings – Providing full security view of both source-focused and binary-focused security scans in a single place, providing full visibility of security posture from source to production and native linking of findings to either source or binaries (coming months).
  • Copilot Chat integration – Allows developers to extend their Copilot Chat interactions to be interactively advised about the best software packages and versions to use, and to ask questions regarding security and JFrog project setup, etc., to gain a more complete view of the software development lifecycle (coming months).

As an ongoing initiative, both companies are dedicated to maintaining a roadmap for continuous enhancements, ensuring users of both platforms can efficiently manage their code and binaries. Additional integration points will be introduced and shared regularly.

“As developer responsibility has increased in areas of DevOps, ML, AI, security, and more, the push by many organizations to drive efficiency via tool consolidation is a natural move,” said Jim Mercer, Program Vice President of Software Development, DevOps and DevSecOps Research at IDC. “This announcement from GitHub and JFrog helps to enable this path, bringing together two of the most well-known platforms developers already use today in a cohesive, end-to-end vision that plays to the strengths of both solutions, simplifying how development, DevOps, and platform engineering teams work.”

AT&T, the American-based multinational telecommunications company and a joint customer of JFrog and GitHub, noted from their Technology office:

“Beyond DevOps and DevSecOps practices, the future will require advanced interactions with AI tools,” said John Nuttall, Director of Technology for AT&T. “Chatting with GitHub’s Copilot to select the right and secure software package based on the extensive metadata stored in JFrog Catalog can be a game-changer. This integration will significantly enhance the efficiency of Copilot users across the software supply chain; binary-focused and code environments. This partnership offers the best of both worlds.”

As CIOs and CISOs share more responsibilities throughout the software supply chain flow, the collaboration between GitHub and JFrog has already received strong support from customers across a variety of industries and roles.

“The community and market have been anticipating this natural ‘better together’ solution. Organizations are consolidating around major best-of-breed platforms, and the partnership between GitHub and JFrog has the potential to transform the DevOps and DevSecOps market and supercharge developers’ efficiency,” said Mark Carter, CIO and CISO for Vimeo. “This integration can simplify software supply chain security by displaying source-based security findings from GitHub alongside binary-based security findings from JFrog under GitHub’s Security tab, allowing developers to gain a holistic security view and shorten remediation times to improve the overall security posture. Software supply chain security is top of mind for every CISO, and this joint solution from JFrog and GitHub provides a critical, AI-infused cybersecurity control.”

The partnership roadmap was also endorsed by Fidelity Investments, which has standardized on GitHub and JFrog, supporting over 50 million individual investors and managing trillions of US dollars in assets.

“The world of software supply chain management introduces many challenges and points of friction for developers. The integration between JFrog’s Software Supply Chain Platform and GitHub’s Developer Platform was designed to provide a ‘secure by default’ developer experience,” said Gerard McMahon, Head of ALM Tools and Platforms for Fidelity Investments. “This collaboration gives developers a single source of truth for code and binaries, and security teams gain full traceability and a unified view to monitor and remediate threats, reducing risk.”

In support of the GitHub and JFrog partnership vision, Uzi Yona, Director of IT, DevOps & Engineering for Phillips also stated: “Among the strong integration capabilities between JFrog and GitHub, allowing fully-transparent and frictionless data flow between GitHub Actions/Workflows and Artifactory assets will simplify the lives of software developers, and will reduce the configuration and support load dramatically.”

The post JFrog & GitHub Partner to Integrate Best of Breed Platforms, Unifying Software Supply Chain Management & Security appeared first on SD Times.



from SD Times https://ift.tt/kMZoFPR
Labels:

Comments

Post a Comment

Popular posts from this blog

Difference between Web Designer and Web Developer Neeraj Mishra The Crazy Programmer

Have you ever wondered about the distinctions between web developers’ and web designers’ duties and obligations? You’re not alone! Many people have trouble distinguishing between these two. Although they collaborate to publish new websites on the internet, web developers and web designers play very different roles. To put these job possibilities into perspective, consider the construction of a house. To create a vision for the house, including the visual components, the space planning and layout, the materials, and the overall appearance and sense of the space, you need an architect. That said, to translate an idea into a building, you need construction professionals to take those architectural drawings and put them into practice. Image Source In a similar vein, web development and design work together to create websites. Let’s examine the major responsibilities and distinctions between web developers and web designers. Let’s get going, shall we? What Does a Web Designer Do?
Post a Comment
Read more

A guide to data integration tools

CData Software is a leader in data access and connectivity solutions. It specializes in the development of data drivers and data access technologies for real-time access to online or on-premise applications, databases and web APIs. The company is focused on bringing data connectivity capabilities natively into tools organizations already use. It also features ETL/ELT solutions, enterprise connectors, and data visualization. Matillion ’s data transformation software empowers customers to extract data from a wide number of sources, load it into their chosen cloud data warehouse (CDW) and transform that data from its siloed source state, into analytics-ready insights – prepared for advanced analytics, machine learning, and artificial intelligence use cases. Only Matillion is purpose-built for Snowflake, Amazon Redshift, Google BigQuery, and Microsoft Azure, enabling businesses to achieve new levels of simplicity, speed, scale, and savings. Trusted by companies of all sizes to meet
Post a Comment
Read more

2022: The year of hybrid work

Remote work was once considered a luxury to many, but in 2020, it became a necessity for a large portion of the workforce, as the scary and unknown COVID-19 virus sickened and even took the lives of so many people around the world.  Some workers were able to thrive in a remote setting, while others felt isolated and struggled to keep up a balance between their work and home lives. Last year saw the availability of life-saving vaccines, so companies were able to start having the conversation about what to do next. Should they keep everyone remote? Should they go back to working in the office full time? Or should they do something in between? Enter hybrid work, which offers a mix of the two. A Fall 2021 study conducted by Google revealed that over 75% of survey respondents expect hybrid work to become a standard practice within their organization within the next three years.  Thus, two years after the world abruptly shifted to widespread adoption of remote work, we are declaring 20
Post a Comment
Read more