Login

Promote Your Company       |     Contact

Independent Cyber News.

JFrog Unveils AppTrust: “DevGovOps” Solution to Redefine Software Release Governance
Platform-native, secure, release management solution delivers evidence-based insights for software supply chain security, compliance, and integrity
Application Security | Compliance & Legal | Governance & Risk | Security Operations
Posted: Wednesday, Sep 10
  • KBI.Media
  • $
  • JFrog Unveils AppTrust: “DevGovOps” Solution to Redefine Software Release Governance
JFrog Unveils AppTrust: “DevGovOps” Solution to Redefine Software Release Governance

JFrog Ltd. (“JFrog”) (NASDAQ: FROG), the Liquid Software company and creators of the JFrog Software Supply Chain Platform, today announced JFrog AppTrust. JFrog AppTrust helps companies automate and better manage audit and compliance requirements across their software supply chain, reducing risk and increasing trust in applications. 

By providing a comprehensive view of software security, quality, and performance metrics, alongside evidence-based policies and contextualised insights, JFrog AppTrust helps DevOps and Security teams seamlessly and cohesively govern enterprise applications. The solution also natively integrates with the ServiceNow AI Platform, delivering a unified experience across both logic and infrastructure layers while applications are being released. 

 

“Software is being released faster than ever, and secure updates have become the fuel powering today’s world. In the era of AI, software releases come from both humans and machines, creating a tsunami of software delivery that organisations must be prepared to manage,” said JFrog CEO and Co-founder, Shlomi Ben Haim. “Our customers tell us that after DevOps and DevSecOps, the next big challenge in this new reality is compliance – that’s why ‘DevGovOps’ must happen. With JFrog Artifactory serving as the single source of truth for all software packages, JFrog AppTrust signs and secures both internal and external evidence, automates release quality gates, and integrates as the governance infrastructure for IT operations platforms like ServiceNow. This ensures every release is trusted, verified, and ready for production at scale.”

The key capabilities and benefits of JFrog AppTrust include:

  • Governance, Risk and Compliance (GRC): Creates a single source of truth using verified, signed evidence and automated policy enforcement to integrate application integrity controls into existing workflows.
  • Complete Application Context: Automatically assigns each software asset to an application with clear ownership and context, enabling customers to visualise interdependencies and quickly identify risk sources and who should remediate them.
  • Trust Control with Promotion Gates: Control the progression of your software across well-defined stages all the way to Release, according to policies that can take security, evidence, and other platform entities into effect. Define organisation-wide and application-level policy gates for full flexibility.
  • Evidence System of Record: An open infrastructure to store and display signed evidence from multiple sources and vendors alongside release artifacts to attest for irrefutable metadata about the release.
  • Insights that Drive Software Supply Chain Efficiency: Organisations can proactively utilise DORA and other software security metrics to identify bottlenecks, then improve cross-team, cross-application velocity and risk management.

With JFrog Artifactory serving as a single source of truth for software packages, JFrog AppTrust signs and secures both internal and external evidence, automates release quality gates, and integrates with platforms like the ServiceNow AI Platform.

“Modern software governance depends on bringing together the right data – from development through operations – to make informed, auditable decisions at scale,” said Rahul Tripathi, GVP and GM of IT Service Management at ServiceNow.  “With ServiceNow’s operational and compliance insights integrated into the JFrog ecosystem, organisations can extend visibility and control even further across their software supply chain. This integration reflects our continued focus on enabling connected, end-to-end governance across the digital lifecycle.”

Capturing evidence from software development is essential for ensuring transparency, fast issue resolution, and compliance in today’s complex landscape. It enables better governance of the supply chain, answers key audit questions about security and quality, and meets industry-specific regulations necessary for doing business. 

“As the leading provider of automated, independent code review for AI and developer-written code, SonarQube plays a vital role in helping companies achieve their governance objectives,” said Tariq Shaukat, CEO of Sonar. “We are excited to partner with JFrog to integrate SonarQube’s industry-leading code review findings, covering code quality and code security issues, as an additional validated source of evidence in the JFrog Platform.”

To extend the reach and thoroughness of its evidence collection, JFrog is collaborating with an array of software technology leaders to provide a centralised, trusted audit trail with clear attestations across the entire software development lifecycle. Having this single system of record is expected to help organisations increase visibility, reduce risk, and ensure release readiness, so they can confidently deliver compliant, secure applications. 

JFrog’s AppTrust evidence partner ecosystem currently includes: Akto, Akuity, CoGuard, Dagger, GitHub, Gradle, NightVision, ServiceNow, Shipyard, Sonar, and Troj.ai. JFrog plans to add more partners to its evidence ecosystem over time. 

“By knowing what’s in their applications and where risks are introduced, organisations can achieve more comprehensive application management and improved application trust,” said Jim Mercer, IDC Program Vice President, Software Development, DevOps, and DevSecOps. “Organisations struggling to secure their software supply chains can benefit from these new capabilities, making practices like attestation and provenance more achievable.”

JFrog AppTrust helps bridge the gaps between development speed and trust. Historically, security, compliance and development teams have faced friction, with the former viewed by development teams as an obstacle to innovation. With JFrog AppTrust, teams can work more collaboratively, balancing security, compliance and speed, while maintaining software quality, performance, and safety thanks to a fully integrated trust automation that includes 

  • Application-context asset assignment 
  • Promotion gating 
  • Software dependency mapping 
  • Ensuring applications meet standards before release 
  • Cross-team dashboards 
  • Vulnerability applicability analysis 
  • Pipeline performance visibility 

For additional information on JFrog AppTrust and how it works, read this blog, visit https://jfrog.com/apptrust/, or register for the “AppTrust, AI Catalog and more” webinar on October 9 at 9 AM PT.

In Other News…

No results found.
All Press Releases

Recent Articles

No results found.
Article Archives
Share This