JFrog & GitHub Partner to Integrate Best of Breed Platforms, Unifying Software Supply Chain Management & Security
JFrog (Nasdaq: FROG) and GitHub announced a partnership to integrate their platforms, enhancing DevOps, DevSecOps, MLOps, and AI practices.
This collaboration aims to streamline software supply chain management and security by offering bi-directional navigation between source code and binaries, continuous integration and deployment, and a unified security view. Features include GitHub Actions integration, single sign-on, and GitHub Copilot chat integration.
Key benefits highlighted include improved development efficiency, holistic security, and reduced tool complexity.
The partnership has received positive feedback from major clients like Morgan Stanley, AT&T, and Fidelity Investments. JFrog will present more details at its swampUP conference in September 2024.
- Enhanced DevOps and DevSecOps integration with GitHub improving developer efficiency.
- Unified security findings providing a holistic view of security posture.
- Bi-directional navigation between source code and binaries streamlining data management.
- Support from major clients like Morgan Stanley, AT&T, and Fidelity Investments.
- GitHub Actions integration aiding accurate SBOM generation.
- Single sign-on and project role mapping enhancing user experience.
- GitHub Copilot chat integration improving AI-driven software development.
- Potential increased complexity and dependency on both platforms for seamless operation.
- Integration challenges may arise, potentially leading to implementation delays.
- Possible increased costs for enterprises adopting the integrated solutions.
Insights
Financial implications of the partnership between JFrog and GitHub are quite interesting. Both companies are already recognized leaders in their respective fields and their collaboration is expected to drive additional market penetration and user adoption for both platforms. In the short-term, investors should watch for an increase in customer base and potential upsell opportunities as existing customers of both companies may find added value in the integrated solutions. This could lead to an
Long-term benefits are more strategic. The integration aligns with trends towards tool consolidation in the DevOps space, addressing a market need for seamless development and security workflows. If successfully executed, this partnership could position both companies to capture a larger share of the
However, investors should also be cautious about integration challenges and the actual adoption rate within broader markets. Watch for upcoming earnings calls and customer feedback to gauge the partnership's real-world impact on financial performance.
The integration between JFrog and GitHub addresses a significant pain point in the software development lifecycle—managing both source code and binaries seamlessly. By providing bi-directional integration, the partnership promises improved traceability and security across the supply chain, making it easier for developers to manage and secure their code and binaries.
GitHub Copilot's chat integration with JFrog is an innovative move that leverages AI to assist developers in decision-making, enhancing efficiency and possibly reducing human errors. This feature alone could be a game-changer for developers working in complex environments, particularly in AI-driven applications.
However, the effectiveness of this integration will depend on the quality of execution and the actual usability of these features in real-world scenarios. Developers will need time to adapt to these changes and the initial learning curve might cause some friction.
On the upside, the continuous roadmap for enhancements suggests a commitment to long-term development, which is promising for users looking for sustained improvements.
This partnership is a strategic alignment that could significantly influence the DevOps and DevSecOps markets. By integrating two best-of-breed platforms, JFrog and GitHub are positioning themselves to meet the growing demand for comprehensive, integrated solutions in software supply chain management. The adoption rate of such integrated solutions is likely to accelerate among enterprises looking for holistic management of their DevOps, security and AI workflows.
Moreover, the collaboration is timely, given the increasing importance of software supply chain security and the need for robust, scalable solutions to manage complex development ecosystems. The emphasis on security findings and a unified view of these findings could make this partnership particularly appealing to large enterprises concerned with compliance and risk management.
However, the market response will largely depend on how well these companies can market this integrated solution and prove its value through customer case studies and tangible ROI metrics. The upcoming presentations at the swampUP conference will be important in setting the tone and expectations for this partnership.
Fueled by joint customer and community demand, JFrog and GitHub develop a unified roadmap to enhance DevOps, DevSecOps, MLOps, and AI practices
JFrog and GitHub Partner to Integrate Best of Breed Platforms, Unifying Software Supply Chain Management & Security (Graphic: Business Wire)
Development teams must manage both source code and binaries, making a bi-directional integration between JFrog and GitHub a natural fit. A jointly-built roadmap developed by the two companies focuses on seamless navigation and traceability between source code and binaries, continuous integration and deployment with GitHub Actions and JFrog Artifactory, a unified view of security findings to provide one solution for software supply chain security and policies across GitHub & JFrog Advanced Security offerings, and the ability to leverage GitHub Copilot to chat and query artifact and pipeline status to keep projects moving forward.
“It's time for developers and DevOps Engineers to enjoy both worlds together as one; the best source code platform alongside the best artifact platform," said Shlomi Ben Haim, CEO of JFrog. "Our customers adopt technology rapidly and require managing DevOps, Security, CI/CD, and AI initiatives while consolidating tools. We’re thrilled about this powerful partnership and integration with GitHub, as it will not only provide a seamlessly powerful experience using both platforms but also improve development efficiency and users’ happiness."
In a J.P. Morgan report from April 30, 2024, Executive Director of Enterprise Software Equity Research, Pinjalim Bora, shared: "GitHub and JFrog are being increasingly considered as the best-of-breed platforms for DevOps. In fact, in a recent DevOps survey,
“We’re already seeing that GitHub Copilot is transforming the way developers write code. At the same time, more code means more binaries, which have their own management, security and delivery requirements,” said Thomas Dohmke, CEO, GitHub. “This is why we’re excited about a partnership with JFrog. We are taking our industry-leading technologies and seamlessly integrating them with the best-in-class artifact repository manager in Artifactory. With GitHub and JFrog, enterprises will have the most holistic option to generate, manage, secure, and deliver software across the supply chain.”
Joint JFrog and GitHub customer Morgan Stanley, a leading global financial services firm providing a wide range of investment banking, securities, wealth management and investment management services, commented on the joint approach.
"We are thrilled to see some of the enhancements come to life; we believe this collaboration between GitHub and JFrog has the potential to significantly impact the DevOps landscape,” noted Amol Shukla, Distinguished Engineer, Morgan Stanley. “For instance, establishing bi-directional links between GitHub Actions Workflows, and Release Artifacts created and stored in Artifactory could enhance the development experience and traceability across the software supply chain.”
JFrog and GitHub now provide organizations with a seamless end-to-end experience in managing the Software Supply Chain:
- Bi-directional code and software package navigation – Allowing precise tracking and triage by offering native linking between code and built packages and vice versa, for more streamlined data, deeper compliance and security-oriented outputs, and software provenance.
- GitHub Actions tracking for stored artifacts - Seamless integration for resolving packages from Artifactory and storing binary artifacts generated by Actions, alongside build metadata in Artifactory, aiding more accurate SBOM generation.
- SSO, roles and project structures unification - Enabling seamless sign on, project role mapping and access management and CI integration to keep developers moving efficiently.
- Single pane of glass for JFrog & GitHub Advanced Security findings - Providing full security view of both source-focused and binary-focused security scans in a single place, providing full visibility of security posture from source to production and native linking of findings to either source or binaries (coming months).
- Copilot Chat integration - Allows developers to extend their Copilot Chat interactions to be interactively advised about the best software packages and versions to use, and to ask questions regarding security and JFrog project setup, etc., to gain a more complete view of the software development lifecycle (coming months).
As an ongoing initiative, both companies are dedicated to maintaining a roadmap for continuous enhancements, ensuring users of both platforms can efficiently manage their code and binaries. Additional integration points will be introduced and shared regularly.
“As developer responsibility has increased in areas of DevOps, ML, AI, security, and more, the push by many organizations to drive efficiency via tool consolidation is a natural move,” said Jim Mercer, Program Vice President of Software Development, DevOps and DevSecOps Research at IDC. “This announcement from GitHub and JFrog helps to enable this path, bringing together two of the most well-known platforms developers already use today in a cohesive, end-to-end vision that plays to the strengths of both solutions, simplifying how development, DevOps, and platform engineering teams work.”
AT&T, the American-based multinational telecommunications company and a joint customer of JFrog and GitHub, noted from their Technology office:
"Beyond DevOps and DevSecOps practices, the future will require advanced interactions with AI tools,” said John Nuttall, Director of Technology for AT&T. “Chatting with GitHub’s Copilot to select the right and secure software package based on the extensive metadata stored in JFrog Catalog can be a game-changer. This integration will significantly enhance the efficiency of Copilot users across the software supply chain; binary-focused and code environments. This partnership offers the best of both worlds."
As CIOs and CISOs share more responsibilities throughout the software supply chain flow, the collaboration between GitHub and JFrog has already received strong support from customers across a variety of industries and roles.
“The community and market have been anticipating this natural ‘better together’ solution. Organizations are consolidating around major best-of-breed platforms, and the partnership between GitHub and JFrog has the potential to transform the DevOps and DevSecOps market and supercharge developers’ efficiency,” said Mark Carter, CIO and CISO for Vimeo. “This integration can simplify software supply chain security by displaying source-based security findings from GitHub alongside binary-based security findings from JFrog under GitHub’s Security tab, allowing developers to gain a holistic security view and shorten remediation times to improve the overall security posture. Software supply chain security is top of mind for every CISO, and this joint solution from JFrog and GitHub provides a critical, AI-infused cybersecurity control."
The partnership roadmap was also endorsed by Fidelity Investments, which has standardized on GitHub and JFrog, supporting over 50 million individual investors and managing trillions of US dollars in assets.
“The world of software supply chain management introduces many challenges and points of friction for developers. The integration between JFrog's Software Supply Chain Platform and GitHub's Developer Platform was designed to provide a 'secure by default' developer experience,” said Gerard McMahon, Head of ALM Tools and Platforms for Fidelity Investments. “This collaboration gives developers a single source of truth for code and binaries, and security teams gain full traceability and a unified view to monitor and remediate threats, reducing risk.”
In support of the GitHub and JFrog partnership vision, Uzi Yona, Director of IT, DevOps & Engineering for Phillips also stated: “Among the strong integration capabilities between JFrog and GitHub, allowing fully-transparent and frictionless data flow between GitHub Actions/Workflows and Artifactory assets will simplify the lives of software developers, and will reduce the configuration and support load dramatically.”
JFrog has announced its upcoming annual user conference, swampUP, which is set to occur in
For a deeper look at the integration between JFrog and GitHub, visit this solutions page, read this blog and join us for a webinar with JFrog and GitHub tech leadership on June 13, 2024 at 9:00 am PT.
Like this story? Post this on X (formerly Twitter): .@jfrog and @gitHub partner to drive unified platform experience for AI-driven software pipelines and #softwaresupplychain #security. Learn more: https://jfrog.co/3RqTAL5 #DevSecOps #SDLC
About JFrog
JFrog Ltd. (Nasdaq: FROG) is on a mission to create a world of software delivered without friction from developer to device. Driven by a “Liquid Software” vision, the JFrog Software Supply Chain Platform is a single system of record that powers organizations to build, manage, and distribute software quickly and securely, to aid in making it available, traceable, and tamper-proof. The integrated security features also help identify, protect, and remediate against threats and vulnerabilities. JFrog’s hybrid, universal, multi-cloud platform is available as both self-hosted and SaaS services across major cloud service providers. Millions of users and 7K+ customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely embrace digital transformation. Once you leap forward, you won’t go back! Learn more at jfrog.com and follow us on Twitter: @jfrog.
Cautionary Note About Forward-Looking Statements
This press release contains “forward-looking” statements, as that term is defined under the
These forward-looking statements are based on our current assumptions, expectations and beliefs and are subject to substantial risks, uncertainties, assumptions and changes in circumstances that may cause JFrog’s actual results, performance or achievements to differ materially from those expressed or implied in any forward-looking statement. There are a significant number of factors that could cause actual results, performance or achievements, to differ materially from statements made in this press release, including but not limited to risks detailed in our filings with the Securities and Exchange Commission, including in our annual report on Form 10-K for the year ended December 31, 2023, our quarterly reports on Form 10-Q, and other filings and reports that we may file from time to time with the Securities and Exchange Commission. Forward-looking statements represent our beliefs and assumptions only as of the date of this press release. We disclaim any obligation to update forward-looking statements except as required by law.
View source version on businesswire.com: https://www.businesswire.com/news/home/20240529643730/en/
Media Contact:
Siobhan Lyons, Sr. MarComm Manager, JFrog, siobhanL@jfrog.com
Investor Contact:
Jeff Schreiner, VP of Investor Relations, jeffS@jfrog.com
Source: JFrog Ltd
FAQ
What is the recent partnership between JFrog (FROG) and GitHub about?
How will the JFrog and GitHub partnership benefit developers?
When will JFrog and GitHub present more details about their partnership?
Which companies have shown support for the JFrog and GitHub partnership?
What are the key features of the JFrog and GitHub integration?
