DEVOPSdigest

JFrog and GitHub unveiled new integrations.

This deepening collaboration provides developers with a consolidated view of project status and security posture to help quickly address potential vulnerabilities discovered by the companies’ respective Advanced Security offerings. Additionally, to help developers quickly gain insight on third-party packages, the companies announced a Copilot chat extension to quickly select software packages that are updated, approved by the organization, and safe for use.

“For developers to be productive, they need complete information about the quality and security of the code and binaries they integrate into their software. Our partnership with GitHub enables teams to do this quickly and with confidence using Copilot,” said Yoav Landman, CTO and Co-Founder, JFrog. “Our partnership also allows developers to navigate between code and the binary artifacts produced by the build process through a more intuitive workflow so they can build and release trusted software, faster. We're excited about our shared roadmap, and look forward to driving a single platform experience for our customers."

JFrog’s integration with GitHub is expected to offer an easier, more secure way to trace code from its source to the resulting binaries across both platforms with the following key capabilities:

- Copilot Chat Integration for Software Package Insights: The new GitHub Copilot extension boosts developer productivity by providing insights on open-source packages within the JFrog binary environment alongside GitHub code data, eliminating the need to search through documentation or online forums. It also aligns recommendations with organizational curation policies, enabling informed software package choices that consider security and market adoption. Combining Copilot's chat features with JFrog's artifact metadata creates an invaluable AI-powered assistant for developers.

- Consolidated, Single Pane of Glass Security Dashboard: A unified view of security scan results from GitHub Advanced Security and JFrog Advanced Security (including the scanners that found the Python vulnerability mentioned above), helping developers address and remove potential software vulnerabilities earlier in the development lifecycle, saving time and reducing risk.

- Bidirectional End-to-End Release Lineage: The new job summary page on GitHub offers a quick view of the health and security status of each GitHub Actions Workflow, allowing developers to quickly see the output packages from each build, navigate to their location in JFrog Artifactory and back again. This bidirectional navigation utilizes a software bill of materials (SBOM) preserved in JFrog Artifactory, enhancing software lineage traceability.

- Dynamic Project Mapping and Authentication: Improved automatic authorization and seamless project mapping between GitHub Repositories and JFrog Projects in Artifactory utilizing current OpenID Connect (OIDC) integration, eliminating the need for developers to reauthenticate per repository.