JFrog: Rooted in Open Source, Committed to the Community—A Reflection on Our Open Source Initiatives and Software Foundation Support

Today, I want to take you on a journey through the heart of JFrog, exploring our deep-seated connection with the open-source community. It’s more than just a part of our strategy; it’s in our DNA. From our very beginnings to our vision for the future, the open-source ethos has been a guiding principle, shaping who we are and what we do.

Why JFrog Champions Open Source

At JFrog, we don’t just pay lip service to open source – we actively champion it. Why? Because, quite simply, you can’t overstate the influence and the importance of the open source community on JFrog — from its beginnings all the way up to today and beyond. We recognize that the innovations and collaborative spirit within the open-source world are fundamental to the progress of the entire DevOps ecosystem. We believe in giving back to the community that has given us so much, and we see open source as the engine driving the future of software development. Our proactive support involves providing resources, sharing knowledge, and collaborating on initiatives that benefit the broader DevOps landscape.

Born from Open Source, Built by Open Source Developers

The JFrog story is intrinsically linked with open source. In fact, JFrog was born out of an open source project. Our journey began with an open-source solution designed to manage software packages. This tool immediately resonated with the DevOps community. The power of open collaboration was evident early on, as open source developers helped enhance that open source tool, leading to its enthusiastic adoption by thousands of companies, including some of the largest globally.

Realizing the critical need this tool fulfilled, its creators took the next step and formed a company — JFrog — in 2008 and built it around that tool, which they called Artifactory. JFrog revolutionized how the software binaries are managed, and has since grown its offering into a full Platform of features and services that touch every part of the software delivery life cycle.

Our roots in the open-source community run deep. JFrog was created by open source developers. This heritage means our product and engineering teams are fundamentally dedicated to OSS technologies. We understand the needs and challenges of open-source projects because we’ve been there ourselves.

Treasuring Feedback and Embracing Technology Agnosticism

Our constant engagement with open source communities provides us with invaluable quick, high-quality and constant feedback that helps us make our products better. Staying true to open-source principles,  Artifactory and the full JFrog DevOps Platform that was built around it are designed to be technology agnostic and fully extensible. This ensures that our solutions seamlessly integrate with the diverse range of tools and technologies that developers rely on in the open-source ecosystem.

Our Involvement with Key Software Foundations

JFrog’s commitment extends to active participation and contribution within leading software foundations. We believe that by working together with these organizations, we can collectively shape the future of technology and foster a more robust and secure open-source environment. JFrog regularly reviews its involvement and contributions to the community.

JFrog is proud to be active members of:

The Linux Foundation: This is the heart and soul of the open-source movement, driving collaboration and innovation around the Linux operating system and a wealth of other open-source projects. It’s a hub where developers, companies, and community members unite to advance shared tools and knowledge. The Linux Foundation also provides crucial resources like training and certifications. As a member, JFrog actively contributes to advancing the state of open-source technology by sharing its expertise, resources, and workforce. This not only fosters innovation but also ensures our products remain at the cutting edge.

Cloud Native Computing Foundation (CNCF): The CNCF is the playground for cloud-native technologies! For those focused on building scalable, resilient, and flexible cloud applications, the CNCF is the central point. They host pivotal open-source projects like Kubernetes and Prometheus, nurturing an ecosystem of collaboration and innovation. The CNCF aims to simplify cloud-native development, empowering developers to fully leverage the cloud’s capabilities. JFrog’s active participation in the CNCF allows us to influence the direction of critical open-source projects and industry standards, ensuring that principles like security, performance, and scalability are integrated into emerging cloud-native technologies.

Open Source Security Foundation (OpenSSF): In today’s landscape, security is paramount, and the OpenSSF is your ally in making open-source software safer and more secure. Recognizing the critical importance of security, the OpenSSF is dedicated to enhancing the security of open-source projects through community collaboration. They provide essential tools, resources, and best practices to aid in writing secure code and mitigating vulnerabilities. Particularly within the OpenSSF, JFrog’s contributions to improving open-source security practices are essential. We share our knowledge on software supply chain security and advocate for security audits and tools, directly impacting the safety and reliability of open-source software.

Our membership in these foundations offers significant value, providing access to innovation and collaboration, allowing us to influence standards and best practices, enhancing our security posture, aiding in talent attraction and retention, boosting our brand credibility and community trust, providing valuable networking opportunities, and offering access to training and resources. We don’t just leverage these resources; we actively shape the future of open-source technologies and foster a collaborative environment.

JFrog’s Supported Open Source Projects

We believe in supporting projects that are vital to the developer community. JFrog actively supports the development of the following open-source projects by powering their binary management:

• sbt (Simple Build Tool): Primarily used for Scala projects, sbt is an open-source build tool that simplifies project builds, dependency management, and multi-project configurations. Its interactive shell and incremental compilation features streamline the development workflow for building and testing Scala applications quickly.
• Jenkins: A widely-used open-source automation server enabling continuous integration and continuous delivery (CI/CD) for software projects. Jenkins supports building, testing, and deploying applications, automating various stages of the software development lifecycle. Its rich plugin ecosystem extends its functionality.
• Boost: A collection of high-quality, peer-reviewed C++ libraries offering robust solutions for common programming tasks. These libraries cover data structures, algorithms, multi-threading, and networking, making it easier to write portable and efficient C++ code. Boost often inspires features for the C++ Standard Library.
• Adoptium: This project aims to deliver high-quality, TCK-certified OpenJDK binaries to the global Java community. It provides runtime binaries and associated infrastructure for building and running Java applications across various platforms, ensuring reliable and up-to-date Java distributions.
• gRPC: An open-source remote procedure call (RPC) framework facilitating efficient communication between distributed systems. gRPC allows developers to define services and message formats using Protocol Buffers, enabling seamless interaction across different programming languages. It supports bi-directional streaming and offers features like load balancing and authentication, making it ideal for microservices architectures.

We also support the Apache Server Foundation and it’s projects, including the following:

• Apache HTTP Server: Also known as httpd, it’s one of the most popular open-source web server software. It provides a secure, efficient, and extensible platform for serving HTTP requests, with support for various modules and configurations.
• Groovy: A dynamic programming language for the Java platform that simplifies Java’s complexity with a more expressive syntax. Groovy supports both static and dynamic typing and integrates seamlessly with existing Java code and frameworks, providing powerful tools for DSLs, testing, and automation.

Open Source Projects Launched by JFrog

We are also proud to have launched and contributed several impactful open-source projects ourselves:

• Conan: Conan is an open-source, decentralized, and multi-platform package manager specifically designed for C and C++ developers. It simplifies the management of binary dependencies, enabling developers to create, share, and integrate packages across different platforms. Conan allows projects to handle various build configurations and automate the process of downloading and using libraries, enhancing productivity and consistency.
• JFrog CLI: This is a command-line interface that simplifies the interaction with JFrog’s Artifactory and other JFrog services. It provides developers with the tools to automate and streamline operations such as uploading, downloading, and managing artifacts. With support for multiple package formats and seamless integration with CI/CD pipelines, JFrog CLI enhances productivity and efficiency.
• Frogbot: An automated Git bot created by JFrog that scans Git repositories for security vulnerabilities using JFrog Xray. It analyzes pull requests to ensure new code doesn’t introduce security risks before merging. Frogbot adds comments with its findings directly in Git, helping developers address potential issues early and contributing to a more secure codebase.
• BuildInfo: This open-source tool focuses on collecting and managing build information for software projects. It helps maintain transparency about the build process, enabling developers to track the origin of software artifacts and the configuration details used during the build, aiding in reproducibility and understanding complex systems.

These projects play crucial roles in package management, build transparency, security automation, and operational efficiency within the open-source ecosystem.

Free Offerings: Giving Back to the Community

Our commitment to the open-source community is further demonstrated through our free offerings. We believe in providing accessible tools that empower developers and teams. JFrog offers free downloads of Community Edition versions of Artifactory. These include:

• Artifactory OSS for Java Package Management: A free version of Artifactory specifically for managing Java binary artifacts.
• JFrog Artifactory Community Edition for C and C++: This edition is specifically tailored for C/C++ development teams, allowing them to seamlessly manage their Conan packages and generic binaries. It integrates with the Conan package manager, providing a robust solution for managing dependencies in C/C++ projects.
• JFrog Container Registry: A registy for Docker images. It enables developers to store, share, and manage container images easily, offering features like fine-grained access control, metadata management, and CI/CD integration.

You can find more details about JFrog’s open source projects and free community edition software here.

Conclusion: Our Enduring Commitment

JFrog remains deeply indebted and committed to the open-source community. Our journey began with an open-source project, was fueled by open-source contributions, and continues with our active participation and support. We see the open-source community as the main driver of innovation today, and we are proud to contribute to its growth and success by offering DevOps teams end-to-end, effective binary management with free downloads and free offerings.

Our involvement in the Linux Foundation, CNCF, and OpenSSF, along with our support and creation of various open-source projects, reflects our ongoing dedication. We believe in fostering a collaborative environment where shared progress and responsibility thrive. By actively contributing, we not only enhance our own offerings but also uplift the entire tech community, reinforcing the very principles upon which JFrog was founded.

Thank you for being a part of this vibrant community. We look forward to continuing our journey alongside you, building a better future for software development, together.