JFrog Ltd.  (“JFrog”) (Nasdaq: FROG), the Liquid Software company and creators of the JFrog Software Supply Chain Platform, and GitHub, the world’s leading code development platform, today unveiled new integrations at JFrog’s annual user conference. The deepening collaboration provides developers with a consolidated view of project status and security posture to help quickly address potential vulnerabilities discovered by the companies’ Advanced Security offerings. In addition, to help developers quickly gain insight on third-party packages, the companies also announced a Copilot chat extension to quickly select packages that are updated, approved by the organisation, and safe for use.

“For developers to be productive, they need complete information about the quality and security of the code and binaries they integrate into their software. Our partnership with GitHub enables teams to do this quickly and with confidence using Copilot,” said Yoav Landman, CTO and Co-Founder, JFrog. “Our partnership also allows developers to navigate between code and the binary artefacts produced by the build process through a more intuitive workflow so they can build and release trusted software, faster. We’re excited about our shared roadmap, and look forward to driving a single platform experience for our customers.”

According to JFrog’s 2024 Software Supply Chain State of the Union report, only 56% of companies use both source code and binary scanning to secure their software supply chains, leaving nearly half of companies vulnerable to attacks at the binary level. This is very risky, as underscored by the JFrog Security Research team’s recent discovery of a token inadvertently left at the binary level in a Docker container that granted full access to the Python package repository. Had this token been discovered and exploited, it would have impacted tens of millions of computer systems worldwide that run most of today’s internet and cloud infrastructure, automation tasks, financial services and data analysis. 

Creating Secure Developer Workflows by Uniting Best-of-Breed Source Code and Binary Platforms

JFrog’s integration with GitHub is expected to offer an easier, more secure way to trace code from its source to the resulting binaries across both platforms with the following key capabilities: 

• Copilot Chat Integration for Software Package Insights: The new GitHub Copilot extension boosts developer productivity by providing insights on open-source packages within the JFrog binary environment alongside GitHub code data, eliminating the need to search through documentation or online forums. It also aligns recommendations with organisational curation policies, enabling informed software package choices that consider security and market adoption. Combining Copilot’s chat features with JFrog’s artefact metadata creates an invaluable AI-powered assistant for developers.
• Consolidated, Single Pane of Glass Security Dashboard: A unified view of security scan results from GitHub Advanced Security and JFrog Advanced Security (including the scanners that found the Python vulnerability mentioned above), helping developers address and remove potential software vulnerabilities earlier in the development lifecycle, saving time and reducing risk.
• Bidirectional End-to-End Release Lineage: The new job summary page on GitHub offers a quick view of the health and security status of each GitHub Actions Workflow, allowing developers to quickly see the output packages from each build, navigate to their location in JFrog Artifactory and back again. This bidirectional navigation utilises a software bill of materials (SBOM) preserved in JFrog Artifactory, enhancing software lineage traceability.
• Dynamic Project Mapping and Authentication: Improved automatic authorisation and seamless project mapping between GitHub Repositories and JFrog Projects in Artifactory utilising current OpenID Connect (OIDC) integration, eliminating the need for developers to reauthenticate per repository.

For a deeper look at the one-platform experience provided by the JFrog and GitHub integration and partnership, visit the solutions page or read this blog.

—END

About JFrog

JFrog Ltd. (Nasdaq: FROG) is on a mission to create a world of software delivered without friction  from developer to device. Driven by a “Liquid Software” vision, the JFrog Software Supply Chain  Platform is a single system of record that powers organisations to build, manage, and distribute  software quickly and securely, to aid in making it available, traceable, and tamper-proof. The  integrated security features also help identify, protect, and remediate against threats and  vulnerabilities. JFrog’s hybrid, universal, multi-cloud platform is available as both self-hosted and  SaaS services across major cloud service providers. Millions of users and 7K+ customers  worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely  embrace digital transformation. Once you leap forward, you won’t go back! Learn more at  jfrog.com and follow us on Twitter: @jfrog. 

Cautionary Note About Forward-Looking Statements

This press release contains “forward-looking” statements, as that term is defined under the U.S.  federal securities laws, including, but not limited to, statements regarding our expectations with  respect to the runtime security product to its suite of security capabilities to integrate security  into the development process.  

These forward-looking statements are based on our current assumptions, expectations and  beliefs and are subject to substantial risks, uncertainties, assumptions and changes in  circumstances that may cause JFrog’s actual results, performance or achievements to differ  materially from those expressed or implied in any forward-looking statement. There are a  significant number of factors that could cause actual results, performance or achievements to  differ materially from statements made in this press release, including but not limited to risks 

detailed in our filings with the Securities and Exchange Commission, including in our annual  report on Form 10-K for the year ended December 31, 2023, our quarterly reports on Form 10-Q,  and other filings and reports that we may file from time to time with the Securities and Exchange  Commission. Forward-looking statements represent our beliefs and assumptions only as of the  date of this press release. We disclaim any obligation to update forward-looking statements  except as required by law.