Devsecops platform vendor JFrog has unveiled JFrog Runtime for boosting secure devops processes.
Asaf Karas, chief technology officer of JFrog Security, said the idea was to help unify visibility, remediation and traceability across development and security processes.
“Organisations increasingly ‘shift left’ to combat today’s growing threat landscape. The disconnect among siloed tools places additional strain on developers, security, and MLops teams,” Karas said in the announcement.
Devops teams, data scientists and platform engineers can benefit from integrating secure model scanning, curation and runtime offerings. The aim is to “enhance the delivery of trusted software at scale”, Karas said.
‘Shift left’ typically refers to performing software or system testing earlier in the development cycle. On the other hand, ‘shift right’ denotes the practice of software testing including quality and performance evaluations post-production, under “real world” conditions.
Accordingly, JFrog Runtime targeted both requirements. Security can be integrated across the development process, whether writing source code or deploying binaries into production. It delivers integrity and lineage “from code to cloud”, the vendor said.
“Complete software lifecycle security enables organisations to simultaneously shift left and right, helping developers save time with quick threat detection and risk remediation,” the JFrog announcement said.
Enhance management of devsecops
JFrog also offers solutions through the channel such as Artifactory – for centralising devops, including the housing and managing of artifacts, binaries, packages, files, containers and components.
It also recently announced a new GitHub integration.
The vendor said its own research has suggested that organisations can spend $542 (£407) per week for each developer working on security-related or devsecops tasks.
Users benefit from being able to track and manage packages with different origins, organise repositories by environment type and activate JFrog Xray policies, fortifying security “from code to runtime”, the vendor added.
Cloud environment complexity and the rise of containerised applications make it more important to discover issues in new software, according to JFrog.
( Image by Canva on Pixabay )