What’s New from JFrog: Binary Lifecycle Management at Scale

Enterprise DevOps and large-scale modern application delivery require robust management of binaries, which are the building blocks of applications.

Improving binary lifecycle management at scale is a key challenge for organizations and the new capabilities enable enterprise DevOps teams to seamlessly support the exponential growth of binaries, distributed teams, and multi projects’ delivery pipelines — all in a secure, efficient, and fast way.

Key JFrog Platform Feature Announcements

These new capabilities of the JFrog Platform help organizations support binary lifecycle management at scale to improve developer productivity, efficiency and security across the end-to-end software delivery process. Note: our key announcement on the world’s first Private Distribution Network is covered separately.

Federated Repositories

Federated Repositories, a new industry-first feature of JFrog Artifactory — the core of the JFrog DevOps Platform — address the challenge of managing binaries across multi-site topologies and keeping artifacts in sync between remote development sites, as they collaborate on the delivery process.

A Federated Repository abstracts the infrastructure layer to create a datacenter-transparent repository between different remote locations or different instances of the JFrog Platform that are ‘members’ of the Federation. Automatic bi-directional sync and acceleration of the mirroring between locations, including efficient continuous replication of all configurations, metadata and binaries, ensure changes made by developers on one site are rapidly accessible by all other remote locations. Federated repositories are simple to configure and manage and improve developer productivity, delivery speed, and cross-site security.

Signed Pipelines

Signed Pipelines, a new industry-first innovation of JFrog Pipelines, enables developers to ensure the integrity and security of builds and artifacts as they progress through the binary lifecycle.

Following Zero-Trust principles — assuming that anything that didn’t come from the Pipeline is not to be trusted — Signed Pipelines create trust in the software delivery process by automatically signing every step and outcome of the CI/CD pipeline, creating an immutable and tamper-proof record. 

To do this, JFrog Pipelines keeps a cryptographically-signed ledger that cannot be written to once a pipeline finishes execution. By continuously validating that all pipeline actions are performed on the certified, unique binaries, Signed Pipelines ensures the authenticity of builds as they are promoted through development and test to production. This new metadata, called PipeInfo, contributes to a verifiable Software Bill of Materials (SBOM) for every release. 

Cold Artifact Storage

Currently in beta for existing customers, Cold Artifact Storage enables organizations to save costs and improve usability and performance by archiving artifacts that are not in use anymore but need to be kept due to regulatory requirements or corporate policies. Archiving policies are based on binaries’ metadata, with self-service search and retrieval by authorized users. 

Dependency Scanning

To improve trust in software application from the earliest stages of development, at scale, JFrog is introducing the ability to identify OSS vulnerabilities in third-party dependencies directly from source code in Git repositories. Integrating with JFrog Xray, dependency scanning allows vulnerabilities to be detected early in the development lifecycle (“shift left”), with customizable, automated actions triggered based on the organization’s security or compliance policies (such as blocking the use of certain compromised components). This capability will be released in Q2.

Platform Integrations

Connecting to your universe of tools is a keystone principle of the JFrog Platform and successful DevOps. New platform integrations enable traceability and collaboration, by directing unified data and correlated events throughout the DevOps lifecycle to the many tools you rely on.

Collaboration Throughout the Pipeline

To accelerate releases, bringing event notifications and security alerts to the attention of team members is critical. Several new integrations help complete the collaboration loop between developers, ops teams, and builds.

Our latest Jira Cloud integration enables a two-way link between your builds and the Jira issues they address, connecting both your Jira and JFrog panes of glass.

New integrations with PagerDuty for security vulnerabilities caught by Xray, as well as for CI/CD notifications to PagerDuty enable improved incident and change management.

New bi-directional integrations for Slack and MS Teams (currently in beta) enable greater team collaboration between Dev and Ops; 

Observability End-to-End

Keeping your SDLC pipelines operating at top performance requires being able to answer some vital questions. Like what is the most requested artifact? What is the most popular repo? Who are your heaviest users? For security, which users are doing bad things, and from which IPs?

To help you learn those answers, several integrations now available from JFrog provide log data to dashboards in your preferred analytics tools, including from Datadog, Dynatrace, and Splunk. These integrations reveal JFrog Platform’s activity, delivering important feedback that can help improve your development strategies.

When are they Available?

To learn more about the JFrog Platform and take advantage of the new capabilities for binary lifecycle management at scale, visit https://jfrog.com/platform/