Foundations and JFrog – Meeting Developers at the Source
TL;DR JFrog is a proud supporter of non-profit, technology foundations and consortiums that focus on helping developers advance the tech ecosystem.
If there is one thing I know about JFrog it’s that we are committed to developers and making software that enhances productivity, ingenuity and gives software creators the freedom to ‘set it and forget it’ so they can continue to make improvements and enhancements to their code and products. It would be great if we all worked in a vacuum, but we don’t. We have so many tools, meetups, organizations, and events to go to that a direct line to developers can be difficult. As an organization we know how well our tools work and the problems they solve but if we don’t share our knowledge and toolset with the broader community, we won’t be able to help developers enact small changes to the way they work and yield big results (improved productivity, shorter release times, secure delivery, etc.). To that end, JFrog sponsors several community-focused foundations – such as the ones outlined below – to share our voice and give credibility to others (developers) who may not have a platform within their own organizations to be heard.
The following are just a few of the organizations/foundations that JFrog supports and we encourage you to get involved with these organizations from an individual contributor and corporate sponsorship level.
JFrog and The Linux Foundation
The Linux Foundation – or what I like to refer to as the big open source project umbrella – boasts of over 1,500 member organizations – JFrog being one of them – in a variety of tech verticals. It has been reported that over 90% of companies use open source software – that leaves 10% of companies that are either ill informed as to what their products are built with or 10% of companies that will soon enough join the 90% and use an open source project in their product code. Why is this important – the Linux Foundation aims to “provide a neutral, trusted hub for developers to code, manage, and scale open technology projects.” JFrog started as an open source project and quickly grew into the company we are today. We support the Linux Foundation because we know that 90+% of companies need to use trusted projects and the Linux Foundation helps set that benchmark.
The Linux Foundation hosts three other organizations under its very large umbrella that JFrog also supports: the Open Source Security Foundation, Cloud Native Computing Foundation, and Continuous Delivery Foundation. Let’s take a look at each of these foundations individually to show how they impact the JFrog and developer ecosystem starting with the newest addition – OpenSSF.
JFrog and OpenSSF
The Open Source Security Foundation, OpenSSF, got its start in 2020 and includes the previously established CII and OSSC. The mission of OpenSSF is to improve the security of open source software (OSS) by building a broader community with targeted initiatives and best practices across private and public corporations/governments and academia. JFrog’s Security Research team is working within OpenSSF to help illuminate potential Zero Day attacks, we are on the Governing Board and involved in several SIGs and working groups.
JFrog & Industry Leaders Join White House Summit on Open Source Software Security |
JFrog and CNCF
Next up is the Cloud Native Computing Foundation (CNCF). CNCF is focused on empowering organizations to use cloud native technologies to build and run scalable apps as a core part of their infrastructure. “The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an ecosystem of open source, vendor-neutral projects. We democratize state-of-the-art patterns to make these innovations accessible for everyone.” So what does this mean? It means the CNCF is making it easier for developers and corporations to mainstream cloud native projects into their infrastructure allowing for companies to work in the cloud or have hybrid models of doing business. The projects they support and the way in which they identify projects gives the tech community an unobscured view of peer reviewed applications that are proven and may help you increase the scalability and productivity of your cloud applications.
Meet us at CloudNativeCon North America 2022, for our talk Lessons Learned from Securing 40,000 C++ Packages – Diego Rodriguez-Losada Gonzalez > |
JFrog and CDF
Last, but by no means least, we have the Continuous Delivery Foundation (CDF). You may remember JFrog’s ‘release fast or die’ messaging and we still hold this belief true to our company’s mission. We support the CDF because their role in the open source foundation ecosystem is to improve the world’s ability to deliver software with security and speed – do you see the synergy! JFrog’s VP of Developer Relations, Stephen Chin, is the Governing Board Chair and I just started my term as Outreach Committee Chair.
Thanks so much! #cdcon was an awesome start to what surely will be a great year helping educate the open source community and the tech community at large that the @CDeliveryFdn is working to improve the world’s ability to deliver software with security & speed. Let’s do this!!!! https://t.co/LPcaMkaMNe
— Lori Lorusso 😈👩🏽💻💃🏽 (@LoriLorusso) June 9, 2022
DevOps, securing the software supply chain, blockchain, SBOM… we are bombarded each day with tech buzzword bingo – but what is missing… the pipeline that is integral to all of these trending terms. The CDF, with the help of member organizations like JFrog, is working to reorient the field of CI/CD pipelines.
It has been a whirlwind of amazing since being announced as Outreach Marketing Chair this past June. We are hosting a CDF Mini Summit at Open Source Summit Europe and I am pleased to be able to moderate the CD and Software Supply Security Chain Panel with CDF members from IBM, Ericsson, Fidelity and Google. I am even giving a talk “You Can’t Secure Your Software Supply Chain Without a Pipeline.” Stay tuned for more info.
In Summary
Foundations are a great resource for developers to contribute to open source projects and for companies to support the open source ecosystem. The organizations mentioned in this post are just a few of the Linux Foundation organizations that JFrog supports. We are supporting open source with our funding and with our tooling like Frogbot and our newest project Pyrsia (which you’ll be hearing more about). Inquire within your company to see what Foundations it supports and take advantage of the community resources that are provided. Looking forward to chatting with you in one of the many Slack channels or in person at some of our upcoming conferences. You can also connect with me and share your ideas using Twitter or LinkedIn. Cheers!