Financial Services Company Unifies Software Security with JFrog and GitHub Integration

CHALLENGE

The main challenge for the small but competent DevOps team was implementing a security-focused, GitHub-integrated solution that met their stringent quality and security standards without slowing down delivery.

Previously, they faced fragmented visibility between source code, binaries, and artifacts, while relying on manual workflows for security approvals with limited traceability. While the parent brokerage house’s broader environment required more time-intensive compliance processes, the financial services subsidiary needed a nimble solution they could control with limited resources and roll out fast, without compromising on security.

WHY JFROG & GITHUB

They saw the opportunity to build a single source of truth across two powerful platforms: GitHub for source control and JFrog for artifact and software supply chain management.

Led by  their Executive Director and Global Head of Developer Productivity, the team moved quickly to implement the full JFrog Platform including:  JFrog Artifactory, Xray, Advanced Security, and Curation – all integrating seamlessly with GitHub. They also adopted OIDC (OpenID Connect) on a per-build basis, enabling secure, auditable traceability from source code to binaries.

SOLUTION

With the JFrog and GitHub integration in place, the team created a fully automated and secure pipeline for managing Python and Java packages. JFrog Curation allowed them to pre-approve and govern open source usage by the software development team, and OIDC ensured clear, bidirectional traceability and build identity – all core requirements for conversations at the CISO level. Security vulnerabilities were quickly identified and remediated with JFrog’s scanning capabilities, strengthening trust across the organization.

RESULTS

Within a short time after deployment, the DevOps team was pleased with the initial results:

• 600+ developers – Onboarded quickly, without major security hurdles
• Full traceability – From GitHub source repositories to JFrog Artifactory builds
• Unified platform –  Created an end-to-end, single source of truth for binaries and source code
• JFrog Advanced Security and Curation – Provided integrated security capabilities and enabled proactive governance and risk mitigation
• Buy-in from the CISO’s office – Accelerated visibility and influence from the top down and, as a result, across the organization

The financial services company’s rapid adoption of the JFrog and GitHub integration is a standout example of how a small, nimble, security-conscious development team can modernize software delivery without sacrificing speed and compliance.

With a single source of truth, automated governance, and traceability, they’ve set a benchmark for what’s possible – even in highly regulated environments. The company’s success demonstrates how JFrog’s unified approach to security and DevOps can empower any organization to move fast and stay secure.

The JFrog Management & Security Software Supply Chain Platform

We invite software development professionals from the Financial Services industry to learn more about how JFrog’s software supply chain management and security solutions can benefit their organizations, by taking a guided tour, scheduling a one-on-one demo, or starting a free trial at your convenience.

Products
The JFrog Platform, JFrog Artifactory, JFrog Xray, JFrog Advanced Security, JFrog Curation

Partner
GitHub

Additional Resources
White Paper:  The Definitive Guide to Securing the Software Supply Chain
Solution Sheet: JFrog and GitHub Integration
Web Page:  Trusted Software Delivery for Financial Services Software Supply Chains