New integration brings enhanced security and real-time monitoring to developers’ workflows

 JFrog, the Liquid Software company and creators of the JFrog Software Supply Chain Platform, and GitHub, the world’s leading AI-powered developer platform, have announced new advancements to help enterprises accelerate the release of trusted software at scale. By integrating GitHub Copilot Autofix with JFrog’s Static Application Security Testing (SAST) and feeding JFrog Runtime Security findings directly to the JFrog Job Summary page in GitHub Actions, the two companies can deliver a unified, secure developer experience, eliminating the need for context switching, reducing risk while increasing developer productivity. 

Enhanced security with GitHub Copilot Autofix and JFrog SAST integration

IDC reports that 69% of developers indicate they frequently switch contexts due to security responsibilities, often leading to reduced productivity and potential security oversights. 

The new integration between GitHub Copilot Autofix and JFrog SAST allows developers to address vulnerabilities across multiple programming languages – including Python, Java, JavaScript, and Go – while swiftly moving back and forth between various developer environments. When vulnerabilities are detected in pull requests, GitHub Copilot Autofix, powered by JFrog’s insights, offers targeted fix suggestions, accompanied by an explanation, helping developers understand the issue and reinforcing best security practices.

Real-time production insights with JFrog Runtime Security 

The JFrog Runtime Security integration brings real-time production monitoring data directly into the  JFrog Job Summary page on GitHub, creating a new “Runtime Monitoring” section, filtered for each component built into that action. With a single click, developers and security teams can move from their GitHub workflow to a detailed view confirming the integrity and lineage of their build and deploymen

Delivering trusted software with speed

The collaboration between JFrog and GitHub represents a significant leap forward in DevSecOps, combining JFrog’s industry-leading security intelligence with GitHub’s powerful development platform. Together, these enhancements enable development teams to:

• Detect and fix security issues earlier in the development process
• Reduce the attack surface of applications before they reach production
• Prioritise critical risks efficiently through advanced contextual analysis
• Verify application integrity in production
• Maintain a continuous security posture from code commit to production deployment

By simplifying security management, JFrog and GitHub empower organisations to deliver trusted software with the speed and scale required in modern development environments.

To explore these new features visit our solutions page or sign up for a product tour and see how JFrog and GitHub are reshaping the future of secure software development.