Pegasystems announced the general availability of Pega Infinity ’24.1™.
JFrog unveiled new capabilities that set the standard for quality, security, MLOps and integrity of software releases.
From creation to production, the JFrog Platform infuses security at the binary level in every stage of the software development lifecycle to ensure applications are traceable, reliable, compliant, and secure.
“JFrog has been strategically investing heavily in the development of comprehensive, DevOps-centric security solutions aimed at addressing future threats. JFrog automates DevSecOps processes uniquely at the binary level, and our customers affirm that this is the most effective approach to safeguarding their software supply chain,” said Shlomi Ben Haim, co-founder and CEO, JFrog. “The industry is in a constant race against attackers, and JFrog consistently releases new capabilities that outpace other worldwide vendors. Customers’ range of protection with JFrog now spans from open-source and first-party code, secrets detection, IaC security, and Curation of OSS packages – and today brings in AI and MLOps security, caching and protection of customers’ ML models. JFrog continues to be set apart by our unique capability to control software binaries, made possible by the leading position of Artifactory.”
The new capabilities in the JFrog Software Supply Chain Platform continue to meet customers’ needs for comprehensive, DevOps-centric security and automation that drives a true shift-left strategy, including:
- AI and ML Model Security: JFrog’s new ML Model Management capabilities quickly scan and detect malicious machine learning models, block their use if needed, and ensure license compliance with company policies to enable safer use of AI. JFrog’s ML Model Management capabilities are currently available in Beta for JFrog Cloud customers.
- Static Application Security Testing (SAST): Seamlessly integrates with several developer environments to help customers quickly and accurately scan source code for zero-day security vulnerabilities. JFrog SAST also helps minimize false positives and prioritize remediation efforts using contextual analysis.
- Open-Source Software (OSS) Catalog: As part of JFrog Curation, Catalog provides a “search engine for software packages” in the JFrog UI or via API – that’s backed by both public and JFrog data – giving users immediate insight to the security and risk metadata associated with all OSS packages.
“With the alarming rise of software supply chain attacks, securing at the binary level with immutable software bundles is a must because it’s the only way to certify that what you’re releasing is safe for use,” said Asaf Karas, CTO, JFrog Security. “By providing a comprehensive platform that is developer-friendly and enterprise-ready – with security baked in at every phase, backed by an expert team of security researchers always watching for emerging threats – we can better arm companies to innovate faster with peace of mind in knowing their software is safe for use both today, and tomorrow.”
Each element of the JFrog Platform is backed by a dedicated team of security engineers and researchers actively investigating, analyzing, and exposing new vulnerabilities and attack methods. All new DevSecOps capabilities build upon JFrog’s already robust set of security products, designed to deliver a comprehensive and continuous approach to automatically securing binaries across all stages of software development and delivery, including:
- JFrog Curation, with its new OSS Catalog capability, helps organizations prevent malicious packages or vulnerabilities from ever entering their development environment.
- JFrog Xray for proactively detecting risky packages before deployment.
- JFrog Advanced Security with Contextual Analysis to help quickly assess critical vulnerability and secrets exposures once software is in production so timely remediation efforts can be executed.
While detailing the new security capabilities in the JFrog Platform, the company also unveiled new DevOps functionality, including:
- Hugging Face local repository – Native connection with popular AI repository – Hugging Face – allows Python developers and Data Scientists to easily proxy and cache the open source AI models they rely on from deletion or modification.
- ML Model Management: Brings AI model development in line with an organization’s existing software processes to accelerate and govern the continuous delivery of ML components.
- Release Lifecycle Management (RLM) abilities: Creates an immutable “Release Bundle” defining a software package and its components early in the software development lifecycle, providing a single source of truth for each application. JFrog RLM also uses anti-tampering systems, compliance checks, and evidence capture to collect data and insights on each release bundle at every stage of development for transparency on the quality of each build that can be easily shared with multiple stakeholders across DevOps, IT, and security.
Industry News
Mend.io and Sysdig unveiled a joint solution to help developers, DevOps, and security teams accelerate secure software delivery from development to deployment.
GitLab announced new innovations in GitLab 17 to streamline how organizations build, test, secure, and deploy software.
Kobiton announced the beta release of mobile test management, a new feature within its test automation platform.
Gearset announced its new CI/CD solution, Long Term Projects in Pipelines.
Rafay Systems has extended the capabilities of its enterprise PaaS for modern infrastructure to support graphics processing unit- (GPU-) based workloads.
NodeScript, a free, low-code developer environment for workflow automation and API integration, is released by UBIO.
IBM announced IBM Test Accelerator for Z, a solution designed to revolutionize testing on IBM Z, a tool that expedites the shift-left approach, fostering smooth collaboration between z/OS developers and testers.
StreamNative launched Ursa, a Kafka-compatible data streaming engine built on top of lakehouse storage.
GitKraken acquired code health innovator, CodeSee.
ServiceNow introduced a new no‑code development studio and new automation capabilities to accelerate and scale digital transformation across the enterprise.
Security Innovation has added new skills assessments to its Base Camp training platform for software security training.
CAST introduced CAST Highlight Extensions Marketplace — an integrated marketplace for the software intelligence product where users can effortlessly browse and download a diverse range of extensions and plugins.
Red Hat and Elastic announced an expanded collaboration to deliver next-generation search experiences supporting retrieval augmented generation (RAG) patterns using Elasticsearch as a preferred vector database solution integrated on Red Hat OpenShift AI.
Traceable AI announced an Early Access Program for its new Generative AI API Security capabilities.