Parasoft announces the opening of its new office in Northeast Ohio.
JFrog announced its DevSecOps tool, JFrog Xray, now supports Amazon Web Services (AWS) Security Hub, a cloud security posture management service that performs best practice checks, aggregates alerts, and allows automated remediation.
JFrog, already part of the DevSecOps category under the AWS DevOps competency, also revealed it is participating in the new AWS Marketplace Vendor Insights, which helps streamline the complex third-party software risk assessment process by enabling JFrog to make security and compliance information available to customers through AWS Marketplace. By using AWS Marketplace Vendor Insights, customers can reduce the vendor assessment cycle from months down to a few hours by allowing them to access JFrog’s validated security profile.
“Security and trust are at the core of our JFrog product development philosophy. We’re proud to have achieved the AWS DevSecOps Competency, which recognizes JFrog’s technical expertise and our DevOps platform’s ability to securely enable customers through their cloud journey,” said Kelly Hartman, SVP of Global Channels and Alliances, JFrog. “We’re also proud to be part of AWS Marketplace Vendor Insights to provide customers with additional visibility when it comes to vendor solution risk assessments, so they can have greater peace of mind.”
JFrog Xray’s support of AWS Security Hub will help developers ensure security is continuously implemented across development pipelines and that they have a central location for visibility into vulnerability alerts, contextual applicability of the threat, and prioritization of remediation activities.
With JFrog’s new support of AWS Security Hub customers can utilize JFrog Xray to:
- Get a consolidated view of all license compliance and security vulnerabilities across their cloud instances.
- Enhance vulnerability identification, assessment, and management tapping into the JFrog Xray database of critical vulnerabilities exposures (CVEs).
- Better contextualize and prioritize vulnerabilities and automate remediation workflows to reduce Mean Time to Recovery (MTTR).
“AWS Marketplace Vendor Insights make it easier for a customer’s governance, risk, and compliance teams to assess software through a unified web-based dashboard. We are thrilled to partner with JFrog to deliver a streamlined compliance experience and to help customers secure their software supply chain,” said Chris Grusz, Director, Independent Software Vendor Partner and AWS Marketplace Business Development at AWS.
Industry News
Postman released v11, a significant update that speeds up development by reducing collaboration friction on APIs.
Sysdig announced the launch of the company’s Runtime Insights Partner Ecosystem, recognizing the leading security solutions that combine with Sysdig to help customers prioritize and respond to critical security risks.
Nokod Security announced the general availability of the Nokod Security Platform.
Drata has acquired oak9, a cloud native security platform, and released a new capability in beta to seamlessly bring continuous compliance into the software development lifecycle.
Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.
Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.
ActiveState unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source.
Lineaje released Open-Source Manager (OSM), a solution to bring transparency to open-source software components in applications and proactively manage and mitigate associated risks.
Synopsys announced the availability of Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform®.
Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.
F5 announced new security offerings: F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments.
Code Intelligence announced a new feature to CI Sense, a scalable fuzzing platform for continuous testing.
WSO2 is adding new capabilities for WSO2 API Manager, WSO2 API Platform for Kubernetes (WSO2 APK), and WSO2 Micro Integrator.