Parasoft announces the opening of its new office in Northeast Ohio.
JFrog and Carahsoft Technology announced a partnership that empowers U.S. Government organizations to safeguard their software supply chains with automated DevSecOps workflows to secure software services consumed by citizens.
Under the agreement, Carahsoft will serve as a JFrog Public Sector Distributor, making its platform solution available to the Public Sector through Carahsoft’s reseller partners and NASA Solutions for Enterprise-Wide Procurement (SEWP) V and Information Technology Enterprise Solutions – Software 2 (ITES-SW2) contracts.
“With the number and severity of security threats on the rise, plus increasing regulatory requirements, government organizations must ensure their software is compliant and secure, while also meeting their IT transformation goals,” said Shlomi Ziv, SVP of Americas, JFrog. “Our partnership with Carahsoft will provide public sector organizations with reliable solutions that incorporate security from the start while unburdening DevOps teams from complex and time-consuming remediation processes and ensuring compliance.”
“Supply chain attacks in recent years have highlighted the importance of integrating security into each phase of software development,” said Natalie Gregory, Vice President of Open Source Solutions at Carahsoft. “JFrog’s platform provides agencies with unparalleled security, agility and peace of mind for their software supply chain. We’re excited to make these capabilities available to the Public Sector through our reseller partner network and supply Government agencies with the tools needed to enhance their security.”
Compliance with NIST SP 800-218 and the SSDF is mandatory for government organizations. The JFrog Software Supply Chain Platform is designed to assure customers that their environment complies with NIST 800-218 guidelines in accordance with the Office of Management and Budget (OMB) M-22-16 memorandum. All JFrog solutions are created using the SSDF, which is consistent with both the White House Executive Order (EO) 14028 and the White House Memorandum on Improving the Cybersecurity of National Security, Department of Defense (DoD) and Intelligence Community Systems in the NSM-8. The JFrog Platform supports on-premise, hybrid, cloud, multi-cloud or air-gapped environments and can be hosted on Amazon Web Services, Microsoft Azure or the Google Cloud Platform.
Industry News
Postman released v11, a significant update that speeds up development by reducing collaboration friction on APIs.
Sysdig announced the launch of the company’s Runtime Insights Partner Ecosystem, recognizing the leading security solutions that combine with Sysdig to help customers prioritize and respond to critical security risks.
Nokod Security announced the general availability of the Nokod Security Platform.
Drata has acquired oak9, a cloud native security platform, and released a new capability in beta to seamlessly bring continuous compliance into the software development lifecycle.
Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.
Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.
ActiveState unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source.
Lineaje released Open-Source Manager (OSM), a solution to bring transparency to open-source software components in applications and proactively manage and mitigate associated risks.
Synopsys announced the availability of Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform®.
Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.
F5 announced new security offerings: F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments.
Code Intelligence announced a new feature to CI Sense, a scalable fuzzing platform for continuous testing.
WSO2 is adding new capabilities for WSO2 API Manager, WSO2 API Platform for Kubernetes (WSO2 APK), and WSO2 Micro Integrator.