JFrog DevOps Platform Updated
May 26, 2021

JFrog announced several new enhancements across its JFrog DevOps Platform.

The new capabilities help organizations support binary lifecycle management at scale to improve developer productivity, efficiency and security across the end-to-end software delivery process. Enterprise DevOps and large-scale modern application delivery require robust management of binaries, which are the building blocks of applications.

“Building your DevOps automation around binaries’ flows ensures you have trust in every component in your supply chain and fidelity between the binaries that you run in production and those that started in your pipelines,” said Yoav Landman, Co-Founder and CTO, JFrog. “Improving binary lifecycle management – BinOps – at scale is a key challenge for organizations and the new capabilities enable enterprise DevOps teams to seamlessly support the exponential growth of binaries, distributed teams, and multi projects’ delivery pipelines – all in a secure, efficient, and fast way.”

New capabilities include:

- Federated Repositories: Federated Repositories, a new feature of JFrog Artifactory, part of the JFrog DevOps Platform address the challenge of managing binaries across multi-site topologies and keeping artifacts in sync between remote development sites, as they collaborate on the delivery process.

A Federated Repository abstracts the infrastructure layer to create a datacenter-transparent repository between different remote locations or different instances of the JFrog Platform that are ‘members’ of the Federation. Automatic bi-directional sync and acceleration of the mirroring between locations, including efficient continuous replication of all configurations, metadata and binaries, ensure changes made by developers on one site are rapidly accessible by all other remote locations. Federated repositories are simple to configure and manage and improve developer productivity, delivery speed, and cross-site security.

- Signed Pipelines: Signed Pipelines, a new innovation of JFrog Pipelines, enables developers to ensure the integrity and security of builds and artifacts as they progress through the binary lifecycle.

To accomplish zero-trust pipelines — meaning that anything that didn’t come from the Pipeline is not to be trusted — Signed Pipelines automatically signs every step and outcome of the CI/CD pipeline to create trust in the software delivery process. This includes signing all of the pipelines’ inputs and outputs, making them immutable and tamper-proof. To do this, JFrog Pipelines keeps a cryptographically-signed ledger that cannot be written to once a pipeline finishes execution. By continuously validating that all pipeline actions are performed on the certified, unique binaries, Signed Pipelines ensures the authenticity of the builds as they get promoted to Production. Additionally, each binary artifact is automatically linked to the pipeline step that created it with full visibility and audit for each step/run, and the ability to block promotion or deployments if authenticity cannot be verified.

- Cold Artifact Storage: Currently in beta, Cold Artifact Storage enables organizations to save costs and improve usability and performance by archiving artifacts that are not in use anymore but need to be kept due to regulatory requirements or corporate policies. Archiving policies are based on binaries’ metadata, with self-service search and retrieval by authorized users.

- Dependency Scanning: To improve trust in software applications from the earliest stages of development, at scale, JFrog is introducing the ability to identify OSS vulnerabilities in third-party dependencies directly from source code in Git repositories. Integrating with JFrog Xray, dependency scanning allows vulnerabilities to be detected early in the development lifecycle (“shift left”), with customizable, automated actions triggered based on the organization’s security or compliance policies (such as blocking the use of certain compromised components). This capability will be released in Q2.

- End-to-end visibility and traceability with Platform integrations: New platform integrations enable traceability and collaborations in a single pane of glass, with unified data and correlated events throughout the DevOps lifecycle. Some of the new bi-directional integrations announced are Slack and MS Teams (currently in beta) for collaboration between Dev and Ops; Datadog, Dynatrace, and Splunk for observability, and PagerDuty for incident and change management.

Share this

Industry News

February 26, 2024

Intel announced its new Edge Platform, a modular, open software platform enabling enterprises to develop, deploy, run, secure, and manage edge and AI applications at scale with cloud-like simplicity.

February 26, 2024

Tray.io announced AI-augmented API Management, a new Tray Universal Automation Cloud capability that turns any new or existing workflow into a reusable API, significantly decreasing the technical debt associated with the operational effort and costs of traditional API management (APIM).

February 26, 2024

Bitwarden Secrets Manager is now integrated with Ansible Playbook.

February 22, 2024

Check Point® Software Technologies Ltd. introduces Check Point Quantum Force series: an innovative lineup of ten high-performance firewalls designed to meet and exceed the stringent security demands of enterprise data centers, network perimeters, campuses, and businesses of all dimensions.

February 22, 2024

Tabnine announced that Tabnine Chat — the enterprise-grade, code-centric chat application that allows developers to interact with Tabnine AI models using natural language — is now available to all users.

February 22, 2024

Avaamo released Avaamo LLaMB™, a new low-code framework for building generative AI applications in the enterprise safely, securely, and fast.

February 21, 2024

CAST announced the winter release of CAST Imaging, an imaging system for software applications, with significant user experience (UX) enhancements and new features designed to simplify and accelerate processes for engineers who develop, maintain, modernize, complex software applications.

February 21, 2024

Pulumi now offers native ways to manage Pinecone indexes, including its latest serverless indexes.

February 21, 2024

Orkes, whose platform offers the fastest way to scale distributed systems, has raised $20 million in new funding.

February 20, 2024

JFrog and Carahsoft Technology announced a partnership that empowers U.S. Government organizations to safeguard their software supply chains with automated DevSecOps workflows to secure software services consumed by citizens.

February 20, 2024

Multiplayer, a collaborative tool for teams that work on system design and distributed software, announced its public beta.

February 20, 2024

DataStax announced its out-of-the-box retrieval augmented generation (RAG) solution, RAGStack, is now generally available powered by LlamaIndex as an open source framework, in addition to LangChain.

February 20, 2024

UiPath announced new features in its platform designed to enable developers to build, test, and accelerate implementation of automations.

February 15, 2024

Kong announced a suite of open-source AI plugins for Kong Gateway 3.6 that can turn any Kong Gateway deployment into an AI Gateway, offering unprecedented support for multi-Language Learning Models (LLMs) integration.

February 15, 2024

ngrok unveiled early access to its API gateway-as-a-service.