JFrog Runtime Introduced
September 12, 2024

JFrog announced the addition of JFrog Runtime to its suite of security capabilities, empowering enterprises to seamlessly integrate security into every step of the development process, from writing source code to deploying binaries into production.

The JFrog Platform streamlines collaboration between developers and security teams, automating DevSecOps tasks to save time and strengthen security for modern, cloud-native application development. It equips teams to monitor Kubernetes clusters in real time, enabling them to identify, prioritize, and quickly address security incidents based on actual risk. Additionally, it helps ensure image integrity and helps meet compliance requirements effectively.

“As organizations increasingly shift left to combat today’s growing threat landscape, the disconnect among siloed tools places additional strain on developers, security, and MLOps teams,” said Asaf Karas, CTO of JFrog Security. “Companies can alleviate this burden by adopting a unified platform that provides end-to-end visibility, remediation, and traceability across the development and security processes. By empowering DevOps, Data Scientists, and Platform engineers with an integrated solution that spans from secure model scanning and curation on the left to JFrog Runtime on the right, organizations can significantly enhance the delivery of trusted software at scale.”

JFrog Runtime empowers users to track and manage packages from various origins, organize repositories by environment types, and activate JFrog Xray policies, ultimately fortifying security from code to runtime. As part of the JFrog Platform, Runtime also addresses the visibility and alignment gaps among teams, optimizing version control and package development, while ensuring R&D, DevOps, and security teams can collaborate effectively and efficiently, saving developers hours of valuable time.

Key features and benefits of JFrog Runtime include:

- Real-Time Vulnerability Visibility: Gain real-time insights into vulnerabilities within your runtime environment.

- Accelerated Triage with Advanced Prioritization: Streamline the identification and prioritization of security incidents based on their business impact.

- Reduced Risk Through Exposure Management: Quickly identify the source and ownership of vulnerable packages, enabling faster risk mitigation.

- Protection for Cloud-Based Workloads: Aid in safeguarding applications with continuous monitoring for post-deployment threats such as malware attacks and privilege escalation.

- Comprehensive Analytics for Kubernetes clusters: Enable continuous runtime evaluation of workloads and containers for real-time vulnerability detection and alignment to the corresponding processes and files within JFrog Artifactory.

- Centralized Incident Awareness: Maintain a consolidated view of your runtime environment to facilitate accurate incident identification and response.

"A platform that unifies security across the software supply chain from development to production can provide critical visibility and traceability that developers and DevSecOps teams need to manage and remediate risks effectively," said Katie Norton, research manager, DevSecOps and Software Supply Chain Security at IDC. "JFrog's addition of runtime security supports a shift-left and shift-right strategy, fostering comprehensive protection and streamlined processes that lessen the strain on development and security teams.”

JFrog Runtime complements JFrog’s suite of advanced security capabilities including:

- AI/ML Model Curation: JFrog Curation helps defend your software supply chain by enabling early detection and blocking of malicious ML Models retrieved from open-source repositories like Hugging Face before they even enter your organization. JFrog’s universal, scalable security platform also natively proxies Hugging Face allowing developers to access open source AI/ML models while simultaneously detecting malicious models, block their use if needed, and enforcing license compliance to enable safer use of AI.

- Secure OSS Catalog: The JFrog open-source software (OSS) package catalog provides a “search engine for software packages” using the JFrog UI or via API. Backed by both public and JFrog data, the OSS Catalog gives users quick insight into the security and risk metadata associated with all OSS packages.

Share this

Industry News

October 07, 2024

Progress announced the winners of its 2024 OpenEdge North America Partner Awards.

October 07, 2024

RiverMeadow announced support for Red Hat OpenShift Virtualization, enabling organizations to seamlessly run and manage virtual machines alongside containerized applications in a single platform that can run in both on-premises and cloud environments.

October 07, 2024

Netlify announced three new enhancements to its product suite that will enable web application development and content publishing.

October 03, 2024

Check Point® Software Technologies Ltd. announced its position as a leader in The Forrester Wave™: Enterprise Firewalls, Q4 2024 report.

October 03, 2024

Sonar announced two new product capabilities for today’s AI-driven software development ecosystem.

October 03, 2024

Redgate announced a wide range of product updates supporting multiple database management systems (DBMS) across its entire portfolio, designed to support IT professionals grappling with today’s complex database landscape.

October 03, 2024

Elastic announced support for Google Cloud’s Vertex AI platform in the Elasticsearch Open Inference API and Playground.

October 02, 2024

Progress announced the recipients of its 2024 Women in STEM Scholarship Series.

October 02, 2024

SmartBear has integrated the load testing engine of LoadNinja into its automated testing tool, TestComplete.

October 01, 2024

Check Point® Software Technologies Ltd. announced the completion of its acquisition of Cyberint Technologies Ltd., a highly innovative provider of external risk management solutions.

October 01, 2024

Lucid Software announced a robust set of new capabilities aimed at elevating agile workflows for both team-level and program-level planning.

October 01, 2024

Perforce Software announced the Hadoop Service Bundle, a new professional services and support offering from OpenLogic by Perforce.

October 01, 2024

CyberArk announced the successful completion of its acquisition of Venafi, a provider of machine identity management, from Thoma Bravo.

October 01, 2024

Inflectra announced the launch of its AI-powered SpiraApps.

October 01, 2024

The former Synopsys Software Integrity Group has rebranded as Black Duck® Software, a newly independent application security company.