Earlier this yr, software program provide chain platform (and binary specialist) JFrog introduced a partnership with GitHub that, amongst different issues, allowed builders and the groups that assist them to hint code from supply to binary package deal throughout the 2 platforms. On Tuesday, at JFrog’s SwampUp convention in Austin, the 2 firms are extending this early work on their integrations with a give attention to safety.
As well as, JFrog can also be launching a runtime safety resolution, in addition to an integration with Nvidia’s NIM microservices, which expands its ambition as an MLOps platform after it acquired Qwak earlier this yr.
Deeper GitHub integration
JFrog CEO and co-founder Shlomi Ben Haim instructed me that the concept behind the GitHub partnership was all the time meant to go deeper than the unique integration the 2 firms introduced in Could. JFrog’s and GitHub’s clients, he mentioned, needed the 2 firms to interrupt down the partitions between their merchandise so they may select the best-of-breed platforms for managing their supply code and their binaries. What clients are telling him, Ben Haim mentioned, is that they need a single pane of glass.
“What we hear from our users is: ‘Listen, this is very important. Source code security — very important. Software supply chain security — very important,” he mentioned. “But we cannot just keep running between tools and scanners. We want to have one pane of glass to see all findings to be able to remediate faster, to be able to react faster, to be able to have full traceability for all sources. And JFrog for comes with the binaries findings, while GitHub come with the source code findings, so that everything will be on the developer platform, displayed on the GitHub security tab.”
Basically, which means JFrog Superior Safety and JFrog Curation, its service for monitoring which open supply packages are being utilized by builders, is now built-in straight with GitHub’s Superior Safety service.
“Developers often don’t realize there’s an issue until something breaks; it’s only then that they can start piecing together the puzzle to find out what went wrong. Our partnership with GitHub empowers teams to seamlessly navigate between code development and binary storage, enabling a more intuitive workflow,” mentioned JFrog CTO and co-founder Yoav Landman. “This integration is expected to enhance the developer experience and traceability, ensuring they can easily connect their source code with the corresponding binaries while maintaining a consolidated view of security so they can focus on delivering high-quality software without the worry of unseen vulnerabilities.”
Jfrog is now additionally collaborating in GitHub’s Copilot Extensions program, permitting builders to make use of Copilot Chat to ask coding questions on JFrog’s platform proper of their IDE.
Nvidia NIM integration
Since JFrog focuses on binaries, it’s no shock that the corporate additionally needs to handle machine studying fashions. There, too, enterprises are shortly realizing that they want a DevSecOps resolution to handle their software program/mannequin provide chain workflow. With NIM, Nvidia goals to create a de facto commonplace for managing and deploying inference microservices.
“As enterprises scale their generative AI deployments, a central repository can help them rapidly select and deploy models that are approved for development,” mentioned Nvidia’s Pat Lee, who’s the vp of Enterprise Strategic Partnerships. “The integration of Nvidia NIM microservices into the JFrog platform can help developers quickly get fully compliant, performance-optimized models quickly running in production.”
JFrog’s safety instruments will now scan and monitor the safety of those fashions, and Artifactory, JFrog’s service for storing and managing binaries, can change into an organization’s native mannequin registry.
Ben Haim referred to as the corporate’s total technique right here “too integrated to fail.” “I give you what you already chose, just with a better experience. You already chose these tools. I just want you to have a better experience,” he mentioned.
JFrog Runtime Safety
JFrog can also be launching a runtime safety resolution that now watches over the binary whereas in manufacturing. Since JFrog is aware of precisely what’s operating in manufacturing — and may hint how that binary got here to be from supply code to deployment — the service can now inform its customers when a binary is weak.
“JFrog Runtime Security will provide full visibility and traceability for our customers, whether they shift right or left when it comes to binary scanning,” Ben Haim mentioned.
He additionally famous that whereas JFrog clearly already secured the binaries that go into manufacturing, that is the primary time the corporate is deploying sensors within the runtime surroundings.
“A platform that unifies security across the software supply chain from development to production can provide critical visibility and traceability that developers and DevSecOps teams need to manage and remediate risks effectively,” mentioned Katie Norton, analysis supervisor, DevSecOps and Software program Provide Chain Safety at IDC. “JFrog’s addition of runtime security supports a shift-left and shift-right strategy, fostering comprehensive protection and streamlined processes that lessen the strain on development and security teams.”
