DEVOPSdigest

JFrog announced the addition of JFrog Runtime to its suite of security capabilities, empowering enterprises to seamlessly integrate security into every step of the development process, from writing source code to deploying binaries into production.

The JFrog Platform streamlines collaboration between developers and security teams, automating DevSecOps tasks to save time and strengthen security for modern, cloud-native application development. It equips teams to monitor Kubernetes clusters in real time, enabling them to identify, prioritize, and quickly address security incidents based on actual risk. Additionally, it helps ensure image integrity and helps meet compliance requirements effectively.

“As organizations increasingly shift left to combat today’s growing threat landscape, the disconnect among siloed tools places additional strain on developers, security, and MLOps teams,” said Asaf Karas, CTO of JFrog Security. “Companies can alleviate this burden by adopting a unified platform that provides end-to-end visibility, remediation, and traceability across the development and security processes. By empowering DevOps, Data Scientists, and Platform engineers with an integrated solution that spans from secure model scanning and curation on the left to JFrog Runtime on the right, organizations can significantly enhance the delivery of trusted software at scale.”

JFrog Runtime empowers users to track and manage packages from various origins, organize repositories by environment types, and activate JFrog Xray policies, ultimately fortifying security from code to runtime. As part of the JFrog Platform, Runtime also addresses the visibility and alignment gaps among teams, optimizing version control and package development, while ensuring R&D, DevOps, and security teams can collaborate effectively and efficiently, saving developers hours of valuable time.

Key features and benefits of JFrog Runtime include:

- Real-Time Vulnerability Visibility: Gain real-time insights into vulnerabilities within your runtime environment.

- Accelerated Triage with Advanced Prioritization: Streamline the identification and prioritization of security incidents based on their business impact.

- Reduced Risk Through Exposure Management: Quickly identify the source and ownership of vulnerable packages, enabling faster risk mitigation.

- Protection for Cloud-Based Workloads: Aid in safeguarding applications with continuous monitoring for post-deployment threats such as malware attacks and privilege escalation.

- Comprehensive Analytics for Kubernetes clusters: Enable continuous runtime evaluation of workloads and containers for real-time vulnerability detection and alignment to the corresponding processes and files within JFrog Artifactory.

- Centralized Incident Awareness: Maintain a consolidated view of your runtime environment to facilitate accurate incident identification and response.

"A platform that unifies security across the software supply chain from development to production can provide critical visibility and traceability that developers and DevSecOps teams need to manage and remediate risks effectively," said Katie Norton, research manager, DevSecOps and Software Supply Chain Security at IDC. "JFrog's addition of runtime security supports a shift-left and shift-right strategy, fostering comprehensive protection and streamlined processes that lessen the strain on development and security teams.”

JFrog Runtime complements JFrog’s suite of advanced security capabilities including:

- AI/ML Model Curation: JFrog Curation helps defend your software supply chain by enabling early detection and blocking of malicious ML Models retrieved from open-source repositories like Hugging Face before they even enter your organization. JFrog’s universal, scalable security platform also natively proxies Hugging Face allowing developers to access open source AI/ML models while simultaneously detecting malicious models, block their use if needed, and enforcing license compliance to enable safer use of AI.

- Secure OSS Catalog: The JFrog open-source software (OSS) package catalog provides a “search engine for software packages” using the JFrog UI or via API. Backed by both public and JFrog data, the OSS Catalog gives users quick insight into the security and risk metadata associated with all OSS packages.