JFrog, a leading software supply chain platform, has deepened its partnership with GitHub and unveiled a new runtime security solution. Announced during JFrog’s SwampUp conference in Austin, the enhanced collaboration with GitHub emphasizes security, allowing developers to trace code from source to binary packages across both platforms. This integration extends JFrog’s advanced security and open-source package tracking services directly into GitHub’s Advanced Security service, simplifying workflows for developers who want a single, consolidated security view.
JFrog CEO Shlomi Ben Haim explained that this expanded partnership addresses customer demand for greater transparency and traceability in the software supply chain. By integrating JFrog Advanced Security and JFrog Curation into GitHub’s platform, users can now navigate seamlessly between their source code and binaries, all within GitHub’s security tab. This unified approach provides developers with full traceability, enabling faster issue detection and remediation.
According to JFrog CTO Yoav Landman, the partnership is aimed at streamlining developer workflows. “Developers often don’t realize there’s an issue until something breaks. “Our collaboration with GitHub allows teams to seamlessly manage both code development and binary storage,” said Landman to media. This integration enhances traceability and offers a unified security overview, enabling developers to focus on crafting high-quality software without worrying about concealed vulnerabilities.
In addition to its GitHub integration, JFrog has introduced a new runtime security solution. This service tracks binaries in production environments, providing full visibility and traceability from source code to deployment. The company is also integrating with Nvidia’s NIM microservices, expanding its presence in the MLOps space following its acquisition of Qwak earlier this year.
The runtime security service now actively monitors for vulnerabilities in real-time, scanning the production binaries and notifying users when a binary becomes compromised. By embedding sensors in the runtime environment, JFrog extends its security offerings beyond development and into live production. This marks the first time the company has deployed sensors in the runtime, further securing the software supply chain from development to production.
Katie Norton, research manager for DevSecOps and Software Supply Chain Security at IDC, highlighted the significance of this approach: “A platform that integrates security throughout the software supply chain, from development to production, offers essential visibility and traceability. This is crucial for developers and DevSecOps teams to manage and address risks effectively.”
With the addition of runtime security and its deeper GitHub integration, JFrog is positioning itself as a comprehensive DevSecOps platform, providing end-to-end protection for the software supply chain.
