JFrog deepens its partnership with GitHub, launches runtime security service
Comment
Earlier this year, software supply chain platform (and binary specialist) JFrog announced a partnership with GitHub that, among other things, allowed developers and the teams that support them to trace code from source to binary package across the two platforms. On Tuesday, at JFrog’s SwampUp conference in Austin, the two companies are extending this early work on their integrations with a focus on security.
In addition, JFrog is launching a runtime security solution, as well as an integration with Nvidia’s NIM microservices, which expands its ambition as an MLOps platform after it acquired Qwak earlier this year.
JFrog CEO and co-founder Shlomi Ben Haim told me that the idea behind the GitHub partnership was always meant to go deeper than the original integration the two companies announced in May. JFrog’s and GitHub’s customers, he said, wanted the two companies to break down the walls between their products so they could choose the best-of-breed platforms for managing their source code and their binaries. What customers are telling him, Ben Haim said, is that they want a single pane of glass.
“What we hear from our users is: ‘Listen, this is very important. Source code security — very important. Software supply chain security — very important,” he said. “But we cannot just keep running between tools and scanners. We want to have one pane of glass to see all findings to be able to remediate faster, to be able to react faster, to be able to have full traceability for all sources. And JFrog comes with the binaries findings, while GitHub comes with the source code findings, so that everything will be on the developer platform, displayed on the GitHub security tab.”
Essentially, this means that JFrog Advanced Security and JFrog Curation, its service for tracking which open source packages are being used by developers, is now integrated directly with GitHub’s Advanced Security service.
“Developers often don’t realize there’s an issue until something breaks; it’s only then that they can start piecing together the puzzle to find out what went wrong. Our partnership with GitHub empowers teams to seamlessly navigate between code development and binary storage, enabling a more intuitive workflow,” said JFrog CTO and co-founder Yoav Landman. “This integration is expected to enhance the developer experience and traceability, ensuring they can easily connect their source code with the corresponding binaries while maintaining a consolidated view of security so they can focus on delivering high-quality software without the worry of unseen vulnerabilities.”
JFrog is now also participating in GitHub’s Copilot Extensions program, allowing developers to use Copilot Chat to ask coding questions about JFrog’s platform right in their IDE.
Because JFrog focuses on binaries, it’s no surprise that the company also wants to manage machine learning models. There, too, enterprises are quickly realizing that they need a DevSecOps solution to manage their software/model supply chain workflow. With NIM, Nvidia aims to create a de facto standard for managing and deploying inference microservices.
“As enterprises scale their generative AI deployments, a central repository can help them rapidly select and deploy models that are approved for development,” said Nvidia’s Pat Lee, who is the vice president of Enterprise Strategic Partnerships. “The integration of Nvidia NIM microservices into the JFrog platform can help developers quickly get fully compliant, performance-optimized models quickly running in production.”
JFrog’s security tools will now scan and monitor the security of these models, and Artifactory, JFrog’s service for storing and managing binaries, can become a company’s local model registry.
Ben Haim called the company’s overall strategy here “too integrated to fail.” “I give you what you already chose, just with a better experience. You already chose these tools. I just want you to have a better experience,” he said.
JFrog is also launching a runtime security solution that now watches over the binary while in production. Since JFrog knows exactly what is running in production — and can trace how that binary came to be from source code to deployment — the service can now tell its users when a binary is vulnerable.
“JFrog Runtime Security will provide full visibility and traceability for our customers, whether they shift right or left when it comes to binary scanning,” Ben Haim said.
He also noted that while JFrog obviously already secured the binaries that go into production, this is the first time the company is deploying sensors in the runtime environment.
“A platform that unifies security across the software supply chain from development to production can provide critical visibility and traceability that developers and DevSecOps teams need to manage and remediate risks effectively,” said Katie Norton, research manager, DevSecOps and Software Supply Chain Security at IDC. “JFrog’s addition of runtime security supports a shift-left and shift-right strategy, fostering comprehensive protection and streamlined processes that lessen the strain on development and security teams.”
Every weekday and Sunday, you can get the best of TechCrunch’s coverage.
Startups are the core of TechCrunch, so get our best coverage delivered weekly.
The latest Fintech news and analysis, delivered every Tuesday.
TechCrunch Mobility is your destination for transportation news and insight.
By submitting your email, you agree to our Terms and Privacy Notice.
Welcome to TechCrunch Fintech! It’s finally cooling down here in my home base of Austin, Texas, and that makes me happy. In this week’s newsletter, we’re looking at a big…
The Mate XT Ultimate Design costs roughly $2,800 and is only available in China for now.
Featured Article
Apple’s lineup of announcements echoed many of the anticipated hardware reveals, including the new iPhone 16, AirPods 4, the Apple Watch Series 10 and more.
Neat helps other companies sell insurance products to their own customers. In insurance lingo, it focuses on affinity insurance contracts linked to another service or product.
EV warranty startup Amber is expanding nationwide, bringing on new vehicles and offering a new remote diagnostic scan — all signs that the one-year-old company is putting its recent $3.18…
A SpaceX Falcon 9 lifted off in the early hours of Tuesday morning carrying a crew that will attempt the first commercial spacewalk and travel higher than any crewed mission…
Amazon has announced a new pilot package delivery service in Frankfurt, Germany, that meshes electric road and rail transport. The e-commerce giant will use vans from its delivery depot to…
Apple’s relationship with Google as its search partner is taking a new turn with Apple’s introduction of visual search, or “Visual Intelligence,” as the iPhone maker dubbed it Monday during…
Spotter, a startup that underwrites creators and offers AI tools, raised $7.4 million, according to a Form D filing viewed by TechCrunch. A representative for Spotter confirmed the filing’s legitimacy,…
Cities spend hundreds of millions each year on paratransit services, or public rides for disabled residents, yet those services remain limited and unpredictable. Wheelchair users often face late pickups, hindering…
Lucid Motors is just a few months away from finally launching its electric SUV, and the company now says the upcoming vehicle — dubbed Gravity — will have Tesla’s North…
MariaDB‘s short-lived tenure as a public company is all but over, as the struggling database business is now fully under the auspices of K1 Investment Management. MariaDB also announced a…
In addition, JFrog is launching a runtime security solution, as well as an integration with Nvidia’s NIM microservices.
In the world of pharmaceuticals, companies aim to operate under GMP guidelines — a set of production and manufacturing measures to assure standards for medicinal products. But too often, the…
In addition to the code, StackGen also visualizes what the new infrastructure will look like, and users can drag and drop additional resources in this interfaces as needed.
Goods are shipped around the world via roads, rail, and air. Why not space, too? That’s the question posed by Inversion Space, a Los Angeles-based startup that’s developing a reentry…
A new report from Congruent Ventures and SVB highlights startups that could significantly reduce carbon emissions, mitigating climate change.
Smartcat, founded in 2016, is among the vendors providing automated translation tools geared toward enterprises, and its co-founder and CEO, Ivan Smolnikov, says business is good.
Form3, a startup building tools to connect financial players with each other to enable account payments, has it raised $60 million to continue expanding its business.
The Threads team is not yet working on a separate inbox or a direct messaging system for the social network, despite user demands and will continue to use Instagram inbox. However, the…
Google has once again lost in its bid to overturn a 2017 antitrust decision by the European Commission. The bloc found its shopping comparison service had broken competition rules —…
A love of food — and, well, cheese — has landed German fermentation startup Formo‘s co-founder Roman Plewka and its team a hefty $61 million Series B round to keep…
Swiggy is considering boosting the fresh issue component of its IPO by $150 million, targeting a total of $1.4 billion.
AppsForBharat, the startup behind Hindu devotional app Sri Mandir, has raised $18 million to penetrate into global markets and add new features.
You could argue whether Cybertruck owners crave attention, but attention they receive, often by critics poking fun at the vehicles. People seem to particularly delight at Cybertruck mishaps, as when…
Cambridge University spinout CardiaTec is striving to tackle cardiovascular diseases, one of the world’s leading causes of death, with AI.
Online platforms have now overtaken TV for the first time as the most popular resource for news among adult consumers, at 71% versus 70%, according to new research.
Apple has announced new features for the latest version of watchOS, watchOS 11, including translation and an upgraded Smart Stack.
Hello and welcome back to TechCrunch Space. Let’s dive into the news! Want to reach out with a tip? Email Aria at aria.techcrunch@gmail.com or send a message on Signal at…
With another new iPhone comes another new iPhone button: Camera Control, which was announced at Apple’s “Glowtime” event on Monday.
Powered by WordPress VIP
source
Sponsor:News technical sponsor
Sponsor:News AI sponsor
Sponsor: AI sponsor
Sponsor: AI sponsor
Leave a Comment