No menu items!

    JFrog deepens its partnership with GitHub, launches runtime safety service

    Date:

    Share post:

    Earlier this yr, software program provide chain platform (and binary specialist) JFrog introduced a partnership with GitHub that, amongst different issues, allowed builders and the groups that assist them to hint code from supply to binary bundle throughout the 2 platforms. On Tuesday, at JFrog’s SwampUp convention in Austin, the 2 firms are extending this early work on their integrations with a deal with safety.

    As well as, JFrog can also be launching a runtime safety answer, in addition to an integration with Nvidia’s NIM microservices, which expands its ambition as an MLOps platform after it acquired Qwak earlier this yr.

    Deeper GitHub integration

    JFrog CEO and co-founder Shlomi Ben Haim advised me that the concept behind the GitHub partnership was at all times meant to go deeper than the unique integration the 2 firms introduced in Might. JFrog’s and GitHub’s prospects, he mentioned, wished the 2 firms to interrupt down the partitions between their merchandise so they might select the best-of-breed platforms for managing their supply code and their binaries. What prospects are telling him, Ben Haim mentioned, is that they need a single pane of glass.

    “What we hear from our users is: ‘Listen, this is very important. Source code security — very important. Software supply chain security — very important,” he mentioned. “But we cannot just keep running between tools and scanners. We want to have one pane of glass to see all findings to be able to remediate faster, to be able to react faster, to be able to have full traceability for all sources. And JFrog for comes with the binaries findings, while GitHub come with the source code findings, so that everything will be on the developer platform, displayed on the GitHub security tab.”

    Picture Credit: JFrog

    Basically, which means JFrog Superior Safety and JFrog Curation, its service for monitoring which open supply packages are being utilized by builders, is now built-in straight with GitHub’s Superior Safety service.

    “Developers often don’t realize there’s an issue until something breaks; it’s only then that they can start piecing together the puzzle to find out what went wrong. Our partnership with GitHub empowers teams to seamlessly navigate between code development and binary storage, enabling a more intuitive workflow,” mentioned JFrog CTO and co-founder Yoav Landman. “This integration is expected to enhance the developer experience and traceability, ensuring they can easily connect their source code with the corresponding binaries while maintaining a consolidated view of security so they can focus on delivering high-quality software without the worry of unseen vulnerabilities.”

    Jfrog is now additionally collaborating in GitHub’s Copilot Extensions program, permitting builders to make use of Copilot Chat to ask coding questions on JFrog’s platform proper of their IDE.

    Nvidia NIM integration

    Since JFrog focuses on binaries, it’s no shock that the corporate additionally needs to handle machine studying fashions. There, too, enterprises are shortly realizing that they want a DevSecOps answer to handle their software program/mannequin provide chain workflow. With NIM, Nvidia goals to create a de facto commonplace for managing and deploying inference microservices.

    JFrog NVIDIA NIM
    Picture Credit: JFrog

    “As enterprises scale their generative AI deployments, a central repository can help them rapidly select and deploy models that are approved for development,” mentioned Nvidia’s Pat Lee, who’s the vp of Enterprise Strategic Partnerships. “The integration of Nvidia NIM microservices into the JFrog platform can help developers quickly get fully compliant, performance-optimized models quickly running in production.”

    JFrog’s safety instruments will now scan and monitor the safety of those fashions, and Artifactory, JFrog’s service for storing and managing binaries, can grow to be an organization’s native mannequin registry.

    Ben Haim referred to as the corporate’s total technique right here “too integrated to fail.” “I give you what you already chose, just with a better experience. You already chose these tools. I just want you to have a better experience,” he mentioned.

    JFrog Runtime Safety

    JFrog Runtime
    Picture Credit: JFrog

    JFrog can also be launching a runtime safety answer that now watches over the binary whereas in manufacturing. Since JFrog is aware of precisely what’s operating in manufacturing — and might hint how that binary got here to be from supply code to deployment — the service can now inform its customers when a binary is susceptible.

    “JFrog Runtime Security will provide full visibility and traceability for our customers, whether they shift right or left when it comes to binary scanning,” Ben Haim mentioned.

    He additionally famous that whereas JFrog clearly already secured the binaries that go into manufacturing, that is the primary time the corporate is deploying sensors within the runtime setting.

    “A platform that unifies security across the software supply chain from development to production can provide critical visibility and traceability that developers and DevSecOps teams need to manage and remediate risks effectively,” mentioned Katie Norton, analysis supervisor, DevSecOps and Software program Provide Chain Safety at IDC. “JFrog’s addition of runtime security supports a shift-left and shift-right strategy, fostering comprehensive protection and streamlined processes that lessen the strain on development and security teams.”

    Related articles

    Alibaba releases an ‘open’ challenger to OpenAI’s o1 reasoning mannequin

    A brand new so-called “reasoning” AI mannequin, QwQ-32B-Preview, has arrived on the scene. It’s one of many few...

    Tips on how to watch the 2024 Black Friday NFL recreation

    Possibly you are an enormous soccer fan, possibly you are somebody who desires to kick up your ft...

    This Week in AI: AI will get inventive within the kitchen

    Hiya, of us, welcome to TechCrunch’s common AI e-newsletter. If you need this in your inbox each Wednesday,...

    Starter Packs are the most recent Bluesky characteristic that Threads goes to shamelessly undertake

    Threads is readying a characteristic impressed by Bluesky’s Starter Packs, in line with reporting by TechCrunch and others....