An email has been sent to your address with instructions for changing your password.
There is no user registered with this email.
Sign Up
To create a free account, please fill out the form below.
Thank you for signing up!
A confirmation email has been sent to your email address. Please check your email and follow the instructions in the message to complete the registration process. If you do not receive the email, please check your spam folder or contact us for assistance.
Welcome to our platform!
Oops!
Something went wrong while trying to create your new account. Please try again and if the problem persist, Email Us to receive support.
JFrog Ushers in New Era of Open-Source Software Security, Launching Project Pyrsia to Help Prevent Software Supply Chain Attacks
Rhea-AI Impact
(Neutral)
Rhea-AI Sentiment
(Neutral)
Tags
Rhea-AI Summary
JFrog Ltd has announced Project Pyrsia, a collaborative initiative with Docker, DeployHub, Futurewei, and Oracle, aimed at establishing a decentralized network utilizing blockchain technology to enhance the security of open-source software packages. This open-source project seeks to validate the provenance and integrity of software binaries, responding to the rising threats of software supply chain attacks. Available immediately for sign-ups, Pyrsia aims to provide developers with tools for securely managing software dependencies, ensuring trustworthiness without complicating existing workflows.
Positive
Project Pyrsia aims to enhance software supply chain security using blockchain technology.
Collaboration with major industry players (Docker, DeployHub, Futurewei, Oracle) strengthens credibility.
Open-source initiative encourages community involvement and increases transparency in software validation.
Negative
None.
JFrog, Docker, DeployHub, Futurewei, and Oracle Collaborate on Blockchain-based Decentralized Network for Validating Software Packages and Binary Code
SUNNYVALE, Calif. & SAN DIEGO--(BUSINESS WIRE)--
(swampUP 2022) – JFrog Ltd. (“JFrog”) (NASDAQ: FROG), the Liquid Software company and creators of the JFrog DevOps Platform, today introduced Project Pyrsia, an open-source software community initiative that utilizes blockchain technology to secure software packages (A.K.A Binaries) from vulnerabilities and malicious code. Available for sign-ups immediately, Project Pyrsia is an open-source-based, decentralized, secure build network and software package repository aimed at helping developers establish chain of provenance for their software components, creating greater confidence and trust.
JFrog, Docker, DeployHub, Futurewei, and Oracle Collaborate on Blockchain-based Decentralized Network for Validating Software Packages and Binary Code (Graphic: Business Wire)
“Open-source is everywhere, and while it has always been seen as a seed for innovation and modernization, the recent rise of software supply chain attacks has made every organization vulnerable,” said Shlomi Ben Haim, Co-Founder and CEO, JFrog. “Led by developers and for developers, JFrog is proud to work with the community on developing Project Pyrsia so everyone can continue to embrace open source with confidence, while protecting the software supply chain.”
Open-source software is a critical element of nearly every technology we use today – from our operating systems and browsers to the applications and services on which we depend to run our lives. Yet there’s no question the volume, sophistication and severity of software supply chain attacks has increased in the last year. In recent months the JFrog Security Research team tracked over 20 different open-source software supply chain attacks – two of which were zero-day threats. While open-source components are designed to make development more efficient, not knowing where your software comes from makes it hard to spot risks – seeding doubt and uncertainty about its safety.
Thus, JFrog and other open-source technology leaders, including Docker, DeployHub, Futureway, and Oracle, worked together to establish the Project Pyrsia network for validating the source and security of open-source software packages. With Pyrsia, developers can confidently use open-source software knowing their components have not been compromised, without needing to build, maintain, or operate complex processes for securely managing dependencies.
“At JFrog we believe open-source security will only be successful if we provide the community with the same tools and services that are available to enterprises,” said Stephen Chin, VP of Developer Relations, JFrog. “The combination of an open-source, customizable architecture, and a robust, active community makes Pyrsia the most transparent and trustworthy way to obtain secure software packages. We’re grateful for the help of our industry partners and the community for joining us in securing open source so it can remain a true fountain of innovation.”
Pyrsia aims to seamlessly integrate with the package management systems developers are already using today, so they can certify their software components without foregoing compatibility, security, or efficiency. Utilizing standards like Sigstore's Cosign and Notary V2 allows developers to quickly access their containers leveraging the Pyrsia network. Using digital signatures, developers receive an immutable chain of evidence for their code, providing peace of mind from knowing the exact source of their packages.
To help guide developers on the process of using Pyrsia for validating software components, a select few entities will build and publish images that will be available for everyone’s use – otherwise known as ‘bootstrapping’ the project. Organizations interested in supporting Pyrsia can volunteer their resources to help establish the project’s first distributed network. From there, Project Pyrsia’s decentralized framework will help provide:
An independent, secure build network for open-source software
Trustworthiness of software packages
Completeness of known open-source software dependencies
For more information on Project Pyrsia or to sign-up to be a contributor visit https://pyrsia.io/. You can also learn more about the project in this blog or chat directly with JFrog Community leaders and Project Pyrsia experts during swampUP 2022 taking place in San Diego, May 25 - 26. For more information and to register visit https://swampup.jfrog.com/.
Supporting Quotes from Industry Partners
"The DeployHub team's focus is firmly rooted in securing the supply chain, and there is no better place to start than fully auditing the build and package step. To that end, Pyrsia is the first open-source project to introduce improvements in this area via a 'consensus build network.' Disruption in this area is long overdue. DeployHub is proud to be part of this innovative team." – Steve Taylor, CTO DeployHub, Inc.
“At Docker we feel this is an exciting time for the community to work together on innovation around the supply chain and its core, critical components for build and packaging. We are excited to join and work together with the community on Project Pyrsia. There is a huge opportunity to build new kinds of infrastructure over the core container primitives that will foster innovation and better developer experiences.” – Justin Cormack, CTO, Docker
“Open-source project Pyrsia is developing a third-party attested, decentralized, distributed software package network that delivers secure, transparency and integrity for the open-source software package supply chain. Futurewei is committed to collaborating with open-source communities to accelerate the innovations for digital transformation via open-source, open standard, and open ecosystems. As open-source software becomes more pervasive, securing the open-source software supply chain becomes a critical issue. We are thrilled to be a founding member of Project Pyrsia and delighted to have the opportunity to collaborate with other members to accelerate Pyrsia for a secure and trusted open-source software supply chain ecosystem – bringing value to the open-source community.” – David Lai, Director, Cloud Infrastructure and Platform Architecture Open-Source Ecosystem Partnerships, Futurewei Technologies, Inc.
Like this story? Tweet this: .@jfrog unveils new blockchain-based security validation system for open-source software components decentralization monitoring, compliance violations, & response for #developers. Learn more https://bit.ly/3Gm1JJY
About JFrog
JFrog Ltd. (NASDAQ: FROG), is on a mission to power all the world’s software updates, driven by a “Liquid Software” vision to allow the seamless, secure flow of binaries from developers to the edge. The JFrog Platform enables software creators to power their entire software supply chain throughout the full binary lifecycle, so they can build, secure, distribute, and connect any source with any production environment. JFrog’s hybrid, universal, multi-cloud DevOps platform is available as both self-managed and SaaS services across major cloud service providers. Millions of users and thousands of customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely manage their mission-critical software supply chain. Once you leap forward, you won’t go back. Learn more at jfrog.com and follow us on Twitter: @jfrog.
Cautionary Note About Forward-Looking Statements
This press release contains “forward-looking” statements, as that term is defined under the U.S. federal securities laws, including but not limited to statements regarding the Project Pyrsia and capabilities to analyze software packages for vulnerabilities and malicious code, our ability to meet customer needs, and our ability to drive market standards. These forward-looking statements are based on our current assumptions, expectations and beliefs and are subject to substantial risks, uncertainties, assumptions and changes in circumstances that may cause JFrog’s actual results, performance or achievements to differ materially from those expressed or implied in any forward-looking statement.
There are a significant number of factors that could cause actual results, performance or achievements, to differ materially from statements made in this press release, including but not limited to risks detailed in our filings with the Securities and Exchange Commission, including in our annual report on Form 10-K for the year ended December 31, 2021, our quarterly reports on Form 10-Q, and other filings and reports that we may file from time to time with the Securities and Exchange Commission. Forward-looking statements represent our beliefs and assumptions only as of the date of this press release. We disclaim any obligation to update forward-looking statements.
Media Contact:
Siobhan Lyons, Sr. MarComm Manager, JFrog, siobhanL@jfrog.com
Investor Contact:
Jeff Schreiner, VP of Investor Relations, jeffS@jfrog.com
Source: JFrog Ltd.
FAQ
What is Project Pyrsia by JFrog?
Project Pyrsia is an open-source initiative launched by JFrog in collaboration with several tech companies to create a decentralized network that secures and validates open-source software packages using blockchain technology.
How does Project Pyrsia enhance software security?
Project Pyrsia enhances software security by providing a network that validates the provenance and integrity of software binaries, helping to protect against supply chain attacks.
Who are the key partners involved in Project Pyrsia?
The key partners involved in Project Pyrsia include JFrog, Docker, DeployHub, Futurewei, and Oracle.
When was Project Pyrsia announced?
Project Pyrsia was announced on May 25, 2022, during the swampUP 2022 event.
How can developers participate in Project Pyrsia?
Developers can participate in Project Pyrsia by signing up on the official website to contribute to the open-source initiative.