LY Corporation Utilizes JFrog Platform to Provide a Stable Environment for Thousands of Developers from Development to Release

OVERVIEW

LY Corporation, one of Japan’s largest tech companies, was established in October 2023 following the reorganization of group companies, including LINE Corporation and Yahoo Corporation. The company operates in a variety of sectors including internet advertising, e-commerce, and membership services, offering numerous services such as the communication app and comprehensive internet service platform.

LY aims to create a “WOW” life platform and deliver excitement to everyday life, developing businesses across diverse areas such as search and portals, e-commerce, messaging, and advertising. With over 10,000 employees from around 40 countries and regions, the company continues to provide services that inspire users. By harnessing the power of the internet, it contributes to a richer and more convenient lifestyle.

CHALLENGES

The products offered by the company, including the Yahoo app, have a total user base exceeding 320 million, creating a critical need to minimize downtime for business-critical systems and improve internal development efficiency, security, and compliance. Before the implementation, LY used a proprietary on-premises package manager. However, managing different package managers for different operating systems and programming languages was burdensome, and uploading source code and packages was done through batch processes. Additionally, there were issues with slow cache retrieval speeds and delays in re-fetching on each build.

Moreover, without an SLA (Service Level Agreement) and manual handling of HA (High Availability) configurations, there was a need to shorten deployment times and address package management challenges.

SOLUTION

To address these challenges, the company introduced the JFrog Platform Enterprise+ Self-hosted version. Initially, it implemented JFrog Artifactory, the core product of the JFrog Platform, as an internal artifact management foundation. Local repository functionality allows for the centralized management of all kinds of binaries with metadata, enabling storage, tracking, and management of packages built during development.

Additionally, by utilizing the remote repository feature, a mechanism was established to cache and proxy external package repositories (such as Maven Central, npm registry, Docker Hub, etc.) locally, significantly enhancing efficiency, stability, and security in the development and build environment. As a result, by providing a common library mechanism for various internal projects, the company can efficiently deploy the necessary packages for client libraries and other internal services.

To provide safe and secure products to customers, the company leveraged JFrog Xray‘s Docker image scanning and OSS vulnerability scanning capabilities, greatly enhancing its ability to detect product vulnerabilities. By integrating with JFrog Artifactory, Xray analyzes potential risks in real-time and provides detailed insights, including pre-release vulnerability information that is not available from typical vulnerability databases, establishing a mechanism to resolve issues before product release.

Key Features Implemented:

JFrog Artifactory: An enterprise-grade repository manager designed to manage the lifecycle of artifacts (binaries) in software development. It supports a variety of package types and integrates closely with CI/ CD pipelines, significantly enhancing the quality, speed, and security of software. Artifactory offers three types of repositories for flexible and efficient artifact management:

• Local Repository: Stores artifacts generated internally.
• Remote Repository: Proxies and caches external repositories (e.g., Maven Central, npm registry, etc.).
• Virtual Repository: Integrates multiple repositories and simplifies CI/CD integration through a single endpoint.

JFrog Xray: A security and license scanning tool for software components that operates in conjunction with the JFrog Platform. It detects vulnerabilities and license risks within artifacts in real-time and provides core functionalities for implementing DevSecOps.

• Vulnerability Scanning
• License Compliance Checks
• Policy setting and notifications for vulnerabilities and license violations, including blocking features
• CI/CD integration and automation

As LY Corporation expands its business, the number of users utilizing the artifact management environment built on the JFrog Platform has increased to several thousand. This surge in users has led to a multiple increase in access volume compared to the initial implementation. The number of projects, programming languages, and the amount of artifact data have also rapidly escalated, making it crucial to ensure scalability and stability of the environment, as well as to support load balancing.

To provide stable product releases to customers, LY utilizes the high availability (HA) feature of JFrog Artifactory. The clustered configuration with multiple nodes allows other nodes to continue processing even if one node fails. Additionally, distributing requests across multiple nodes improves response times and ensures system stability during heavy access periods.

Moreover, considering the risk of large-scale disasters in Japan, the necessity for a geographically distributed data center configuration has emerged. To address this, LY has built multiple clusters in data centers in Eastern and Western Japan. By leveraging the Federation feature of JFrog Artifactory, artifacts between the two data centers are automatically synchronized at all times. As a result, the team has achieved:

• Enhanced daily development speed
• Ensured system stability during surges in access
• Robust backup systems in preparation for disaster occurrences

This has led to the establishment of a “non-stop” and “more stable” development infrastructure. Going forward, LY Corporation will continue to support further large-scale development and provide stable and reliable services.

RESULTS

The partnership between LY Corporation and JFrog has significantly contributed to the transformation of our development and operational processes. With the introduction of the JFrog Platform, not only have security and compliance improved, but efficiency has also increased, leading to reduced costs. As a result, LY Corporation has strengthened its framework to continually provide the services desired by users and has achieved high availability.

Through the implementation of the JFrog Platform, LY Corporation has realized the following key benefits:

• Integrated Security at Every Stage of Development: With JFrog Xray’s comprehensive scanning capabilities, vulnerabilities can be detected and addressed early in the development cycle, reducing the risks of security breaches and the need for costly rollbacks.
• Centralized Management System for Safe and Automated Software Releases: By integrating JFrog tools, the team has adopted a shift-left approach for vulnerability checks early in the development process, reducing labor costs and improving the overall release cycle. This has streamlined LY Corporation’s DevSecOps processes.
• End-to-End Audit and Traceability: Utilizing JFrog Artifactory has optimized binary management, reducing the time and effort needed to track and deploy software components across different environments.
• Enterprise-Level Scalability and Governance: For LY Corporation, which continues to innovate in the tech field, the JFrog Platform provides the scalability necessary to support increasing demand, ensuring continuous service delivery to customers.
  • Centralized Governance: By setting policies across all repositories and continuously monitoring compliance, we maintain strict security standards while reducing the burden of manual oversight.
  • Secure Distribution Across Environments: By overcoming network constraints and securely deploying artifacts across various environments, we maintain consistency and security throughout the development lifecycle.

The JFrog Software Supply Chain Platform

With the implementation of JFrog, LY’s team has not only resolved the challenges they faced but has also established a framework for driving safe, scalable, and efficient innovation across their global operations.

We invite DevOps and Security professionals to schedule a one-on-one demo to see how the JFrog Platform transforms DevSecOps across their organizations.

Products

The JFrog Platform, JFrog Artifactory, JFrog Xray

Additional Resources
White Paper:  The Definitive Guide to Securing the Software Supply Chain
Solution Sheet:  JFrog Artifactory
Case Study:  Telecomm Giant Achieves Scalable, Resilient & Secure Software Development