JFrog teams with Nvidia, GitHub to boost AI software security
Software security company, JFrog has announced new partnerships and integrations with Nvidia and GitHub to enhance security for software developers, data scientists, and security professionals in the era of artificial intelligence (AI) and generative AI. The announcements follow JFrog's 2024 Software Supply Chain State of the Union report, which highlighted that only 56% of companies use source code and binary scanning to secure their software supply chains. This leaves many businesses vulnerable to attacks at the binary level.
Yoav Landman, CTO and Co-Founder of JFrog, said, "For developers to be productive, they need complete information about the quality and security of the code and binaries they integrate into their software. Our partnership with GitHub enables teams to do this quickly and with confidence using Copilot. Our partnership also allows developers to navigate between code and the binary artefacts produced by the build process through a more intuitive workflow so they can build and release trusted software faster."
The expanded integration with GitHub will offer developers a consolidated view of project status and security posture. Key features include Copilot chat integration for software package insights, a unified security dashboard, bidirectional end-to-end release lineage, and improved project mapping and authentication. The Copilot chat extension aims to help developers quickly select secure and up-to-date software packages aligned with an organisation's policies.
As businesses increasingly adopt AI technology, integrating the Nvidia NIM microservices platform with JFrog aims to meet the demand for enterprise-ready generative AI. This integration is intended to combine GPU-optimised, pre-approved AI models with centralised DevSecOps processes.
Gal Marder, EVP Strategy, JFrog, said, "By integrating DevOps, security, and MLOps processes into an end-to-end software supply chain workflow with Nvidia NIM microservices, customers will be able to efficiently bring secure models to production while maintaining high levels of visibility, traceability, and control throughout the pipeline."
Pat Lee, Vice President of Enterprise Strategic Partnerships at Nvidia, emphasised the importance of a central repository for facilitating the rapid deployment of approved AI models. Lee stated, "The integration of Nvidia NIM microservices into the JFrog Platform can help developers quickly get fully compliant, performance-optimised models running in production."
Adding to its suite of security functionalities, JFrog has also introduced JFrog Runtime, a solution that integrates security processes into every step of software development. This feature aims to streamline collaboration between developers and security teams, automate DevSecOps tasks, and strengthen security for modern cloud-native applications. The runtime security system allows for real-time monitoring of Kubernetes clusters to identify, prioritise, and address security incidents quickly.
Asaf Karas, CTO of JFrog Security, said, "As organisations increasingly shift left to combat today's growing threat landscape, the disconnect among siloed tools places additional strain on developers, security, and MLOps teams. Companies can alleviate this burden by adopting a unified platform that provides end-to-end visibility, remediation, and traceability across the development and security processes."
JFrog's initiatives respond to the growing complexity and security concerns surrounding AI and software development. Recent findings from JFrog's Security Research team have underscored these risks, including discovering a token left in a Docker container that could have granted full access to a critical Python package repository.
Paul Goldman, CEO of iTMethods, highlighted the significance of runtime security for maintaining application integrity in cloud environments. "JFrog Runtime will help enhance our customers' security posture by allowing them to rapidly detect and respond to threats, thus safeguarding their data and maintaining trust in their cloud services," said Goldman.
JFrog Runtime includes features like real-time vulnerability visibility, advanced prioritisation of security incidents, exposure management, and comprehensive analytics for Kubernetes clusters. These capabilities are designed to provide a robust security foundation for cloud-based workloads and dynamic applications running in containers.
Katie Norton, research manager at IDC, remarked, "A platform that unifies security across the software supply chain from development to production can provide critical visibility and traceability that developers and DevSecOps teams need to manage and remediate risks effectively."