close
close

JFrog Announces Runtime Launch with NVIDIA and GitHub Partnerships on swampUP

Posted on by darion

JFrog Ltd., a Liquid Software company and creator of the JFrog software supply chain platform, today announced the addition of the JFrog runtime to its suite of security capabilities, enabling enterprises to seamlessly integrate security into every step of the software development process, from writing source code to deploying binaries to production.

The JFrog platform streamlines collaboration between developers and security teams by automating DevSecOps tasks to save time and strengthen security for modern, cloud-native application development. It enables teams to monitor Kubernetes clusters in real time, allowing them to identify, prioritize, and quickly resolve security incidents based on real risk. It also helps ensure image integrity and effectively meet compliance requirements.

“As organizations increasingly shift left to combat today’s growing threat landscape, the disconnect between siloed tools is placing additional strain on development, security, and MLOps teams,” said Asaf Karas, CTO at JFrog Security. “Organizations can reduce this burden by adopting a unified platform that provides end-to-end visibility, remediation, and traceability across development and security processes. By equipping DevOps, data scientists, and platform engineers with an integrated solution that includes secure scanning and model triage on the left, and JFrog Runtime on the right, organizations can significantly increase the delivery of trusted software at scale.”

A recent IDC study sponsored by JFrog found that organizations spend an average of $542 per developer per week on security or DevSecOps tasks, which equates to $1.89 million per year. Developers want to focus on coding, while security teams prioritize risk mitigation.

JFrog Runtime enables users to track and manage packages from different sources, organize repositories by environment types, and activate JFrog Xray policies, ultimately strengthening security from code to runtime. As part of the JFrog platform, Runtime also addresses gaps in visibility and alignment between teams, optimizing version control and package development, while ensuring R&D, DevOps, and security teams can collaborate effectively and efficiently, saving developers valuable time.

“Runtime security is critical to our customers as it ensures their applications are protected while they are running. As cloud environments become more complex and containerized applications become more prevalent, real-time visibility into potential vulnerabilities is essential,” said Paul Goldman, CEO, iTMethods. “JFrog Runtime will help improve our customers’ security by enabling them to quickly detect and respond to threats, protecting their data and maintaining trust in their cloud services.”

Industry research shows that one in five applications contain runtime exposures, and 20 percent of all applications have serious, critical, or apocalyptic runtime issues. By automating security for fast-moving, dynamic applications, such as those running in containers, JFrog Runtime Security addresses the unique needs for visibility and insight in cloud environments.

Key features and benefits of the JFrog runtime include:

  • Real-time vulnerability visibility: Get real-time visibility into security vulnerabilities in your runtime environment.

  • Accelerated selection with advanced prioritization: Improve identification and prioritization of security incidents based on their business impact.

  • Reduced risk through exposure management: Quickly identifying the source and owner of vulnerable packets enables faster risk mitigation.

  • Cloud workload protection: Helps secure applications by continuously monitoring for post-deployment threats such as malware attacks and privilege escalation.

  • Comprehensive Kubernetes cluster analytics: Enables continuous, real-time assessment of workloads and containers to detect security vulnerabilities and match them to appropriate processes and files within JFrog Artifactory.

  • Central incident reporting: Maintain a consolidated view of your execution environment to facilitate accurate incident identification and response.

“A platform that unifies security across the software supply chain from development to production can provide the critical visibility and traceability that developers and DevSecOps teams need to effectively manage and remediate risk,” said Katie Norton, research manager, DevSecOps and Software Supply Chain Security at IDC. “JFrog’s addition of runtime security supports a shift-left and shift-right strategy, supporting comprehensive protection and streamlined processes that reduce the burden on development and security teams.”

The JFrog runtime complements the JFrog suite of advanced security features, including:

  • AI/ML Model Curation: JFrog Curation helps protect your software supply chain by enabling early detection and blocking of malicious ML models downloaded from open source repositories like Hugging Face before they even reach your organization. JFrog’s universal, scalable security platform also natively supports Hugging Face, enabling developers to access open source AI/ML models while detecting malicious models, blocking their use if necessary, and enforcing license compliance to enable safer use of AI.

  • OSS Secure Directory: The JFrog Open Source Software (OSS) Package Catalog provides a “software package search engine” through the JFrog user interface or through the API. The OSS Catalog, supported by both public and JFrog data, provides users with a quick look at the security and risk metadata associated with all OSS packages.