DEVOPSdigest

JFrog released JFrog Advanced Security – a binary-focused, DevSecOps solution providing holistic security coverage from any source to any destination.

Natively integrated with JFrog’s Artifactory binary repository and JFrog Xray’s software composition analysis tool, JFrog Advanced Security capabilities offer users a full platform experience and coverage for software supply chain security at scale.

JFrog Advanced Security is designed to provide visibility and control of a company’s software supply chain using a single, unified platform and intuitive UI, which helps dramatically reduce overhead, and quickly identify malicious code that commonly compromises development, deployment, and runtime processes.

“The depth of security and remediation solutions vendors provide is limited by the data they own, protect, and analyze. JFrog functions as a single source of record for companies’ binaries at the heart of our customers’ software supply chain. This means JFrog is uniquely positioned to provide security solutions from the inside out, with comprehensive and holistic solutions,” said Shlomi Ben Haim, co-founder and CEO of JFrog. “This is required in a world where every developer has become the target, and every DevOps team knows the only way the entire supply chain can be secured is through binaries. Our customers asked us to provide end-to-end coverage and control, and we’re excited and proud to launch the most advanced security solution we’ve ever introduced as part of our DevOps platform.”

“Many of today’s enterprise software security solutions fall short because they only focus on source code and what happens before that software is in production,” said Asaf Karas, CTO, JFrog Security. “However, to truly protect your software supply chain you need to consider both code in development and in production at the binary level. JFrog Advanced Security provides a rich set of binary and source code analysis capabilities spanning from developer to production environments in a single, integrated DevOps platform – helping eliminate complexity, streamline security detection, assessment, and remediation efforts.”

By creating an intelligent bridge between developers, security, and operations teams, fueled by a highly-skilled security research team, JFrog Advanced Security is designed to be a single source of truth for guiding critical vulnerability exposure (CVE) detection, assessment, and remediation strategies using:

- Exposed Secrets Detection: Uncover “secrets” such as passwords, access tokens and private keys that have been leaked or left exposed in any container stored in JFrog Artifactory to prevent the accidental leak of API keys, internal tokens, or credentials that can put enterprises at risk.

- Container Contextual Analysis: This industry-first technology provides the ability to scan containers for the presence of malicious packages or use of vulnerable open-source code inside enterprise applications early in the development process. Container Contextual Analysis can also detail which open source vulnerabilities are actually exploitable in the context of a company’s own code, allowing developers to disregard or de-prioritize non-applicable incidents, which helps sharpen focus and remediation efforts.

- Insecure use of Libraries and Services: Helps developers to quickly identify whether common open-source software libraries and services are used or configured insecurely, leaving their enterprises susceptible to attack.

- Vulnerable Infrastructure-as-Code (IaC): Customers can inspect IaC files stored in their JFrog Artifactory instance to ensure cloud infrastructure deployments are not misconfigured – making them exploitable.

- Single Scalable Architecture: The JFrog Platform provides both a legend of artifacts within an organization, augmented by JFrog Advanced Security features for comprehensive control and safeguarding of an entire software portfolio across on prem, cloud, multi-cloud and hybrid deployments extending out to the edge at any scale.

- Native Integration with Artifactory: JFrog Artifactory is the core of the JFrog Platform, functioning as a universal binary repository, allowing companies to securely control and manage update flows across the software supply chain at scale.