JFrog Wins US Defense Department Security Certification
September 21, 2021

JFrog announced its JFrog Artifactory and JFrog Xray solutions are now accredited in Iron Bank and available via Platform One.

With this achievement, JFrog reinforces its commitment to providing a scalable, secure, development to edge DevOps and DevSecOps solution for its public sector customers and those in highly regulated industries such as finance, healthcare, energy, and transportation.

Under the DoD’s Platform One initiative, developers can now access a central binary repository of secure, Iron Bank-certified resources that have been hardened to the DoD’s specifications. This container registry has Continuous Authority to Operate (cATO), allowing developers to easily push validated code into production more quickly.

According to the Internet Crime Report, the FBI received nearly 2,500 ransomware complaints in 2020, up 20% from 2019, costing citizens nearly $29.1 million. Platform One aims to ensure all government entities can work with a collection of approved, hardened, cloud-native DevSecOps solutions along with collaboration tools, cybersecurity tools, open-source code, artifact repositories, and development tools. JFrog Artifactory provides a single, reliable source of truth for binary packages that follow the DevOps lifecycle from development to deployment at the edge. JFrog Xray works with JFrog Artifactory to enable multi-layer analysis of each binary or container image and flags any security vulnerabilities or compliance compromises to ensure software quality.

“We understand software needs to be hardened and trusted in order for the Federal government to rely on JFrog for their mission critical applications,” said Shlomi Ben Haim, Co-founder and CEO, JFrog. “Our vision is to enable all organizations to ‘shift left’ to bake security into every stage of development and seamlessly deploy updates across geographies, from ground to cloud, to any device throughout the software supply chain with ease and peace of mind.”

Iron Bank is the DoD Centralized Artifacts Repository (DCAR) of digitally signed, binary container images including both Free and Open-Source software (FOSS) and Commercial off-the-shelf (COTS). All artifacts are hardened according to the Container Hardening Guide, which allows software built in the system to be automatically authorized for use, a security process that usually takes months. Containers accredited in Iron Bank have DoD-wide reciprocity across classifications. Over 800 certified containers are available today including those offered by JFrog partners such as AWS, Docker, Microsoft Azure, Oracle, RedHat, and VMWare.

Share this

Industry News

April 17, 2025

GitLab announced the general availability of GitLab Duo with Amazon Q.

April 17, 2025

Perforce Software and Liquibase announced a strategic partnership to enhance secure and compliant database change management for DevOps teams.

April 17, 2025

Spacelift announced the launch of Saturnhead AI — an enterprise-grade AI assistant that slashes DevOps troubleshooting time by transforming complex infrastructure logs into clear, actionable explanations.

April 16, 2025

CodeSecure and FOSSA announced a strategic partnership and native product integration that enables organizations to eliminate security blindspots associated with both third party and open source code.

April 16, 2025

Bauplan, a Python-first serverless data platform that transforms complex infrastructure processes into a few lines of code over data lakes, announced its launch with $7.5 million in seed funding.

April 15, 2025

Perforce Software announced the launch of the Kafka Service Bundle, a new offering that provides enterprises with managed open source Apache Kafka at a fraction of the cost of traditional managed providers.

April 14, 2025

LambdaTest announced the launch of the HyperExecute MCP Server, an enhancement to its AI-native test orchestration platform, HyperExecute.

April 14, 2025

Cloudflare announced Workers VPC and Workers VPC Private Link, new solutions that enable developers to build secure, global cross-cloud applications on Cloudflare Workers.

April 14, 2025

Nutrient announced a significant expansion of its cloud-based services, as well as a series of updates to its SDK products, aimed at enhancing the developer experience by allowing developers to build, scale, and innovate with less friction.

April 10, 2025

Check Point® Software Technologies Ltd.(link is external) announced that its Infinity Platform has been named the top-ranked AI-powered cyber security platform in the 2025 Miercom Assessment.

April 10, 2025

Orca Security announced the Orca Bitbucket App, a cloud-native seamless integration for scanning Bitbucket Repositories.

April 10, 2025

The Live API for Gemini models is now in Preview, enabling developers to start building and testing more robust, scalable applications with significantly higher rate limits.

April 09, 2025

Backslash Security(link is external) announced significant adoption of the Backslash App Graph, the industry’s first dynamic digital twin for application code.

April 09, 2025

SmartBear launched API Hub for Test, a new capability within the company’s API Hub, powered by Swagger.

April 09, 2025

Akamai Technologies introduced App & API Protector Hybrid.