Shulou(Shulou.com)12/24 Report--

JFrog, a streaming software company and enterprise software supply chain platform provider, has released new features that set standards for the quality, security, MLOps and integrity of software releases. From creation to production, the JFrog platform injects binary-level security at every stage of the software development lifecycle to ensure traceability, reliability, compliance, and security of applications.

Shlomi Ben Haim, co-founder and CEO of JFrog, said, "JFrog has been strategically investing heavily in developing comprehensive, DevOps-centric security solutions designed to address future threats. At the binary level, JFrog uniquely automates DevSecOps processes, which our customers have proven to be the most effective way to protect their software supply chain. The industry has been struggling to defend itself against attackers, and JFrog continues to introduce new features that surpass other global suppliers. Currently, JFrog provides customers with protection ranging from open source and first-party code, confidential detection, IaC security and OSS software package creation, and now introduces AI and MLOps security, caching and protecting customers'ML model. Thanks to Artifactory's leading position, JFrog stands out with its unique ability to control binary products. "

The new features of the JFrog software supply chain platform will continue to meet customer needs for comprehensive, DevOps-centric security and automation, driving a true left-moving strategy. These features include:

● AI and ML model security: JFrog's new ML model management feature quickly scans and detects malicious machine learning models, prevents them from being used when needed, and ensures that licenses comply with company policies for safer use of AI. A beta version of the JFrog ML model management feature is now available to JFrog Cloud customers.

● static Application Security testing (SAST): seamless integration with a variety of development environments to help customers quickly and accurately scan source code for zero-day security vulnerabilities. JFrog SAST can also use context analysis to reduce false positives, help prioritize problems, and take corrective actions.

● Open Source Software (OSS) directory: as part of JFrog Curation, this directory provides a "package search engine" in JFrog UI or through API, which is supported by public data and JFrog data to help users immediately understand the security and risk metadata related to all OSS packages.

With the astonishing growth of software supply chain attacks, it becomes critical to use immutable software distribution packages at the binary level to ensure security, because this is the only way to prove that the software you publish is safe to use, "said Asaf Karas, chief technology officer of JFrog Security. By providing a comprehensive platform that is both developer-friendly and enterprise-friendly, with security issues in mind at every stage and supported by a team of security research experts who are always focused on emerging threats, we can better provide security for companies, help innovate faster, and let them know that their software can be safely used today and in the future. "

Each component of the JFrog platform is supported by a team of professional security engineers and researchers who actively investigate, analyze, and expose new vulnerabilities and attack methods. All new DevSecOps features are built on JFrog's already powerful security products and are designed to provide a comprehensive and continuous way to automatically secure binary products at all stages of software development and delivery, including:

● JFrog Curation helps businesses prevent malicious software packages or vulnerabilities from entering their development environment through the new OSS directory feature.

● JFrog Xray, which is used to proactively detect risky packages before deployment.

● 's JFrog Advanced Security with context analysis helps to quickly assess key vulnerabilities and key exposures after the software is put into production so that repairs can be performed in a timely manner.

While detailing the new security features of the JFrog platform, the company also released new DevOps features, including

● Hugging Face local repository-the native connection to the common AI repository Hugging Face allows Python developers and data scientists to easily proxy and cache the open source AI models they rely on to prevent deletions or modifications.

● ML model management: aligns AI model development with the enterprise's existing software processes to accelerate and manage the continuous delivery of ML components.

● release Lifecycle Management (RLM) capabilities: create immutable "release packages" early in the software development lifecycle, define packages and their components, and provide a single real source for each application. JFrog RLM also uses tamper-proof systems, compliance checks, and evidence capture to gather data and insights about each release bundle at each stage of development to improve transparency in the quality of each build and easily share with multi-stakeholders in the DevOps, IT, and security areas.

Jim Mercer, vice president of research at IDC DevOps and DevSecOps, said: "IDC's latest research on DevOps, 'DevOps practice, tools, and Cognition Survey,' shows that platforms are being used more widely to improve productivity, security, and collaboration. In addition, as the enterprise continues to move to the left, more work will be left to developers and DevOps teams, who can accelerate this shift by providing an integrated platform for DevOps and platform engineers to simplify development and security processes, thereby helping enterprises deliver trusted software. "

To learn more about the new DevOps and security features of the JFrog software supply chain platform, visit the following resource pages:

● JFrog static Application Security Test (SAST) product pages and blogs

● JFrog ML model manages product pages and blogs

● JFrog Curation product pages and blogs

● JFrog publishes lifecycle management product pages and blogs

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.