/dqc/media/agency_attachments/3bO5lX4bneNNijz3HbB7.jpg)
Follow Us/dqc/media/media_files/lQTslKVygfMqKmgzBopF.png)
JFrog Introduces JFrog Runtime to Enhance Security in Softwares
JFrog Unveils First Runtime Security Solution to Deliver Complete Software Integrity and Lineage from Code to Cloud Complete software lifecycle security enables organizations to simultaneously shift left & right, helping developers save time with quick threat detection and risk remediation.
JFrog Introduces JFrog Runtime to Enhance Security in Software Development
JFrog known for its Liquid Software and JFrog Software Supply Chain Platform, has announced the launch of JFrog Runtime. This new addition enhances security by integrating protection measures across every stage of the software development lifecycle, from writing source code to deploying production binaries.
Streamlining DevSecOps with Real-Time Monitoring
The JFrog Platform facilitates collaboration between development and security teams by automating DevSecOps tasks. It enables real-time monitoring of Kubernetes clusters, allowing teams to detect and address security incidents based on actual risk. The platform also helps maintain image integrity and ensures compliance with industry standards.
“As organizations increasingly shift left to combat today’s growing threat landscape, the
disconnect among siloed tools places additional strain on developers, security, and
MLOps teams,” said Asaf Karas, CTO of JFrog Security. “Companies can alleviate this burden by adopting a unified platform that provides end-to-end visibility, remediation, and traceability across the development and security processes. By empowering DevOps, Data Scientists, and Platform engineers with an integrated solution that spans from secure model scanning and curation on the left to JFrog Runtime on the right, organizations can significantly enhance the delivery of trusted software at scale.”
IDC Survey Highlights DevSecOps Costs for Organizations
A recent IDC survey sponsored by JFrog revealed that organizations spend an average of $542 per week per developer on security and DevSecOps tasks, amounting to $1.89 million annually. This reflects the growing focus on security within the development process, where developers prioritize coding and security teams concentrate on risk mitigation.
JFrog Runtime Enhances Security and Collaboration
JFrog Runtime helps address these challenges by allowing users to manage and track software packages, organize repositories by environment, and apply JFrog Xray security policies. Integrated within the JFrog Platform, it ensures stronger security from code creation to runtime. By improving visibility and collaboration among R&D, DevOps, and security teams, the platform enhances version control and package management, reducing time spent on security tasks and enabling more efficient workflows.
“Runtime security is critical for our customers as it ensures that their applications remain protected while in operation. With the increasing complexity of cloud environments and the rise of containerized applications, real-time visibility into potential vulnerabilities is essential,” said Paul Goldman, CEO, of iTMethods. “JFrog Runtime will help enhance our customers' security posture by allowing them to rapidly detect and respond to threats, thus safeguarding their data and maintaining trust in their cloud services.”
JFrog Runtime Security Addresses Cloud-Native Application Risks
Industry research indicates that 20% of applications contain runtime exposure, with high, critical, or severe issues emerging during execution. To address these risks, JFrog Runtime security automates the protection of dynamic applications, such as those running in containers, offering essential visibility and insights for cloud-native environments.
Key Features and Benefits of JFrog Runtime
- Real-Time Vulnerability Visibility: Provides real-time insights into vulnerabilities in the runtime environment.
- Accelerated Triage with Advanced Prioritization: Helps prioritize security incidents based on business impact, speeding up the response process.
- Reduced Risk Through Exposure Management: Identifies the source and ownership of vulnerable packages for faster risk mitigation.
- Protection for Cloud-Based Workloads: Continuously monitors for threats such as malware and privilege escalation in cloud-based applications.
- Comprehensive Analytics for Kubernetes Clusters: Enables continuous evaluation of workloads and containers to detect vulnerabilities in real-time.
- Centralized Incident Awareness: Offers a consolidated view of the runtime environment to support accurate incident detection and response.
These features help organizations mitigate security risks, providing continuous protection for cloud-native workloads.
"A platform that unifies security across the software supply chain from development to production can provide critical visibility and traceability that developers and DevSecOps teams need to manage and remediate risks effectively," said Katie Norton, research manager, DevSecOps and Software Supply Chain Security at IDC. "JFrog's addition of runtime security supports a shift-left and shift-right strategy, fostering comprehensive protection and streamlined processes that lessen the strain on development and security teams.”
JFrog Runtime Enhances Existing Security Capabilities
JFrog Runtime strengthens JFrog's suite of advanced security solutions, adding to key features that address software supply chain risks.
AI/ML Model Curation
JFrog Curation focuses on protecting the software supply chain by detecting and blocking potentially malicious machine learning (ML) models from open-source repositories like Hugging Face before they reach an organization. JFrog’s security platform also proxies Hugging Face, allowing developers to access open-source AI/ML models while detecting malicious ones, blocking their use, and enforcing license compliance to ensure safer AI usage.
Secure Open-Source Software (OSS) Catalog
The JFrog OSS package catalogue functions as a "search engine for software packages," allowing users to search for packages through the JFrog UI or API. Supported by public and JFrog-specific data, the catalogue provides quick insights into the security and risk metadata associated with open-source software packages, helping developers manage risks more effectively.
These features ensure a more secure environment for developers, providing tools for identifying threats and managing open-source risks.
Read More: