JFrog Launches First Runtime Security Solution for Comprehensive Software Integrity and Traceability from Code to Cloud

Ensuring full software lifecycle security enables enterprises to shift left and right simultaneously, helping developers save time through rapid threat detection and risk remediation

September 18, 2024 - JFrog, a streaming software company and creator of the JFrog Software Supply Chain Platform, recently announced the addition of JFrog Runtime to its suite of security features, enabling enterprises to seamlessly integrate security into every aspect of the development process - throughout source code writing, binary file deployment and production . JFrog simplifies the collaboration process between developers and security teams, automates DevSecOps tasks, saves time for modern cloud-native application development and further strengthens security. It enables teams to monitor Kubernetes clusters in real time to identify, prioritize and quickly resolve security risks based on actual risks. In addition, it helps ensure image integrity and effectively meet compliance requirements.

JFrog Security 首席技术官 Asaf Karas 表示：“ 随着企业越来越多地通过左移来应对当今日益严峻的安全威胁，孤立工具之间的脱节给开发人员、安全团队和 MLOps 团队带来了额外的压力。企业可以通过采用统一的平台，在整个开发和安全流程中提供端到端的可视性、修复和可追溯性，以此减轻工作负担。通过为 DevOps、数据科学家和平台工程师提供从左侧安全模型扫描和整理到右侧 JFrog Runtime 的集成解决方案，企业可以显著提高大规模交付可信软件的能力。”

A recent survey conducted by JFrog in partnership with IDC found that enterprises spend an average of $542 per developer per week on security-related or DevSecOps-related tasks, which equates to $1.89 million per year. Developers want to focus on coding, while security teams prioritize risk reduction. JFrog Runtime enables users to track and manage packages from different sources, organize repositories by environment type, and activate JFrog Xray policies, ultimately strengthening security from code to runtime. As part of JFrog, Runtime can also bridge the gap in visibility and coordination between teams, optimize version control and package development, while ensuring that R&D, DevOps, and security teams can collaborate efficiently, saving developers valuable time.

“Runtime security is critical to our customers because it ensures their applications are protected while they are running,” said Paul Goldman, CEO of iTMethods . “With the increasing complexity of cloud environments and the rise of containerized applications, real-time visibility into potential vulnerabilities is critical. JFrog Runtime will help our customers strengthen their security environment by quickly detecting and responding to threats, thereby protecting data and maintaining trust in cloud services.”

Industry research shows that one in five applications have runtime risks, and about 20% of all applications have high, severe, or catastrophic problems during execution. By automating security measures for fast, dynamic applications running in containers, JFrog Runtime Security meets the unique needs of cloud-native environments for visibility and insight.

Key features and benefits of JFrog Runtime include:

●Real-time vulnerability visibility: Real-time insight into vulnerabilities in the operating environment.

● Accelerate triage with advanced prioritization: Simplify the identification and prioritization of security incidents based on business impact.

● Reduce risk through exposure management: Quickly identify the source and ownership of vulnerable software packages to reduce risk faster.

●Cloud-based workload protection: Helps protect applications by continuously monitoring for post-deployment threats such as malware attacks and privilege escalation.

● Comprehensive analysis for Kubernetes clusters: Enables continuous runtime assessment of workloads and containers to detect vulnerabilities in real time and align them with the corresponding processes and files in JFrog Artifactory.

●Centralized event awareness: Maintain a comprehensive view of the runtime environment to facilitate accurate event identification and response.

“A platform that unifies software supply chain security from development to production provides developers and DevSecOps teams with critical visibility and traceability so they can effectively manage and mitigate risk,” said Katie Norton, research manager for DevSecOps and Software Supply Chain Security at IDC . “The addition of runtime security to JFrog supports both shift-left and shift-right strategies, enabling comprehensive protection and streamlining workflows, alleviating pressure on development and security teams.”

JFrog Runtime complements JFrog’s already robust suite of advanced security features, including:

●AI/ML Model Curation: JFrog Curation protects the software supply chain by detecting and blocking malicious ML models retrieved from open source repositories such as Hugging Face before they enter the enterprise. JFrog’s universal and extensible security platform also natively proxies Hugging Face, allowing developers to access open source AI/ML models while detecting malicious models, blocking their use when necessary, and ensuring license compliance, allowing for safer use of AI.

●Secure Open Source Software Catalog: The JFrog Open Source Software (OSS) Package Catalog provides a “package search engine” using the JFrog UI or API. Powered by public and JFrog data, the OSS Package Catalog allows users to quickly understand the security and risk metadata associated with all OSS packages.