Serving our customers in the public sector, including government agencies and contractors, is both a great honor and a major responsibility for JFrog. The applications and digital services that they release have a direct impact on the well-being of our communities, across critical areas including national defense, healthcare, public safety, education and more.
Today, I’m proud to share that JFrog is further strengthening its position in the government sector with the U.S. Department of Defense’s Iron Bank certification for JFrog Artifactory and JFrog Xray. This is a significant milestone that will benefit our current and prospective customers in the U.S. federal government, as well those as in other public- and private-sector areas.
What’s Iron Bank and why is it important?
Iron Bank is part of the DoD’s Platform One, a provider of DevSecOps managed services. Also known as the DoD Centralized Artifacts Repository (DCAR), Iron Bank is the central repository of digitally-signed and hardened binary container images, including open-source and commercial off-the-shelf software. Approved containers in Iron Bank have DoD-wide reciprocity across classifications, fast-tracking a security process that can take months. To gain inclusion into Iron Bank, container images must meet rigorous DoD software security standards.
When teams at the DoD and in other government agencies use Iron Bank containers and Platform One tools, they enjoy a number of benefits, including shortened development cycles, and faster and more secure software releases.
The impact of this certification ripples well beyond the government sector, as private-sector organizations are also able to access Iron Bank. Inclusion in Iron Bank offers assurance that the Artifactory and Xray container images have undergone a rigorous and thorough hardening process. Specifically, this will help streamline and accelerate DevOps processes, as well as offer peace of mind to businesses in highly-regulated industries like healthcare and finance.
The benefits that Artifactory and Xray offer organizations in the public sector and in other highly-regulated industries are unique and extremely valuable, including:
- Technology agnosticism and broad support for third-party tools and software packages
- Hybrid, centralized artifact management and tracing of binaries throughout the SDLC
- Air gap support for use cases where you need to operate offline
- Software Bill of Materials (SBOM) creation for granular visibility into binary components
- Deep recursive scanning for detection of vulnerabilities, and prioritization of remediation
- Detection of license compliance issues with “policy as code” support
Of course, we’re not stopping here! JFrog will continue to deepen its commitment to our government customers, enhancing our offerings for them, as we assist them in their ongoing DevOps journeys in pursuit of progressively faster and more secure software releases.
You can visit the JFrog for Government page, as well as schedule a 1-1 meeting to learn more about the JFrog DevOps Platform and why it’s ideal for government agencies and contractors looking to accelerate and secure their software delivery pipelines.