The Epicenter of the Developer Community: swampUP 2021

UPDATE: JFrog’s Private Distribution Network capabilities are constantly being enhanced, and are currently undergoing major improvements. PDN is, as a result, not available for public sale at this time. If you’re interested in exploring PDN capabilities in your own company, please contact your sales representative or email service AT jfrog.com.

We’ve just concluded another fantastic swampUP conference, which saw thousands of global developers, DevOps Engineers, community leaders, CIOs and security professionals come together to explore the true epicenter of global business: DevOps. In the words of our CEO, Shlomi Ben Haim, community is more powerful than any pandemic, and we were honored and humbled to be joined by Amazon, Capital One, Salesforce, PagerDuty, Elastic, HashiCorp, Google, Red Hat and many more.

I was especially pleased to see so many community members attend swampUP, taking the scope of DevOps and DevSecOps beyond the JFrog audience. The developer community is our beacon, and having so many opinions, perspectives and practical tips enriched this year’s conference immensely.

It’s also our annual tradition at swampUP to unveil JFrog’s solution roadmap and overall direction to the community – of course based on their feedback! This year, we got an amazing reception for the following key roadmap items, revealed by our CPO and CTO:

Private Distribution Network

We were excited to finally be able to announce the world’s first Private Distribution Network (PDN). The growing number of edge applications and the sheer number of edges being served requires a new generation of distribution technologies. Based on peer-to-peer protocols that accelerate software distribution, PDN drives the secure, reliable distribution of updates across any large-scale network topology. This capability is available in beta.

Signed Pipelines

We were also proud to reveal the upcoming release of Signed Pipelines. This new, unique capability cryptographically signs your pipeline processes to ensure that only valid, uncompromised binaries have been included in your build. Not only that, the new pipeinfo metadata attests to the pipeline processes, creating a comprehensive software bill of materials (SBOM). This capability is coming in Q2.

Federated Repositories

Federated Repositories delivers a requested industry-first from JFrog to manage binaries across multi-site topologies. This capability keeps artifacts in sync between remote development sites with automatic, bi-directional mirroring. Thus, changes made by developers on one site are rapidly accessible by all other remote locations, accelerating productivity and speed. Federated Repos are available today for Enterprise+ subscribers.

Cold Artifact Storage

Currently in beta, Cold Artifact Storage saves money and improves usability and performance by archiving artifacts that are not in use anymore but need to be kept due to regulatory requirements or corporate policies. Partnering with long-term cloud storage providers, customers will be able to easily archive their repositories and rehydrate artifacts as required.

Scoped Tokens

As part of a zero-trust security framework, you know you have to secure all the services and tools that interact with your DevOps pipeline. Scoped Tokens allow users (or groups of users), build tools, integrations and more that interact with the JFrog DevOps Platform to behave only in a permissive way that assures the sanctity of your processes. This capability is slated for a Q2 release.

Dependency Scanning

JFrog also introduced the ability to identify OSS vulnerabilities in third-party dependencies directly from source code. This allows companies to shift left even further, detecting vulnerabilities early and automating actions based on security policies. This capability will be released in Q2.

All of these announcements reflect the expanding need to manage pipelines – and the security of pipelines – from end-to-end and in a universal manner. As the number of applications continues to explode, we know that choices made at the epicenter – DevOps processes – will resonate far beyond the walls of our businesses.

Finally, I’m excited to congratulate Jayne Groll, CEO of the DevOps Institute, as the global recipient of swampUP’s Carl Quinn Best Speaker Award, which is based on community votes. It’s been our pleasure to have Jayne as a friend of the Frogs for many years, and the community’s recognition of her emphasis on the human aspects of DevOps reflects perfectly that developers are the epicenter of global innovation. Congratulations Jayne!

Of course, many thanks to our innovative sponsors, without whom swampUP wouldn’t have been possible. We’re truly better together.

And importantly, many thanks for our amazing speakers and guests. To our all-star lineup of DevOps thought leaders, community trailblazers and valued customers: we couldn’t do it without you. Our team is already at work planning the next swampUP – hopefully in person! Stay tuned to swampup.jfrog.com for details on our hybrid swampUP 2022.