GitHub and JFrog Collaborate to Streamline DevSecOps Processes

Jessie A Ellis  May 31, 2024 18:27  UTC 10:27

0 Min Read

In a significant move to enhance DevSecOps practices, GitHub and JFrog have announced a new partnership. This collaboration is set to enable developers to manage both code and binaries more efficiently across two of the most widely used developer platforms globally, according to The GitHub Blog.

Integration for Improved Efficiency

As code volumes continue to grow exponentially, the collaboration between GitHub and JFrog aims to alleviate the burden on software developers, DevOps engineers, and security specialists. By integrating their platforms, the two companies hope to streamline processes and reduce the complexity of managing code and binaries.

Currently, 50% of JFrog’s customers already use GitHub as their primary code repository. The new integration promises to offer seamless navigation and traceability between source code and binaries, leveraging CI/CD capabilities through GitHub Actions and JFrog Artifactory. This unified platform aims to provide developers with a single dashboard for managing their code, security findings, and innovations, effectively eliminating the need for context switching.

Key Features of the Partnership

The partnership introduces several key features designed to enhance the developer experience:

  • Single Sign-On (SSO): Manage access and roles with SSO across both platforms, centralizing user identity and access management.
  • Artifact Lifecycle Tracking: GitHub Actions integrated with JFrog Artifactory for better tracking and metadata inclusion in stored artifacts.
  • Bidirectional Linking: Link software packages and code bidirectionally to enhance compliance, security, and traceability.

Gerard McMahon, Head of ALM Tools and Platforms at Fidelity Investments, emphasized the importance of this integration, stating, “The integration between JFrog's Software Supply Chain Platform and GitHub's Developer Platform provides a 'secure by default' developer experience, offering a single source of truth for code and binaries.”

Future Developments

Looking ahead, GitHub and JFrog plan to further integrate their security offerings to provide a comprehensive view of software supply chain security. Additionally, they aim to incorporate JFrog functionalities into GitHub Copilot Chat, allowing developers to query about JFrog processes and artifacts directly within Copilot.

John Nuttall, Director of Technology at AT&T, highlighted the potential impact of this collaboration, noting, “Chatting with GitHub Copilot to select the right and secure software package based on extensive metadata stored in JFrog Catalog can be a game-changer.”

Getting Started

For those interested in exploring the new integrations, GitHub and JFrog are offering a joint webinar. This event will showcase the capabilities of the unified platform and demonstrate how it can enhance the software development lifecycle.

Enterprises around the world are seeking solutions that provide robust security, management, and operational capabilities. The partnership between GitHub and JFrog represents a significant step towards meeting these needs, promising to drive modern development forward.



Read More