CoGuard

JFrog and CoGuard have joined forces to help organizations minimize their risk of injecting a misconfiguration at any layer of their infrastructure. Driven by the continuous adoption ofRead More >

infrastructure as code and the dependence of modern software on servers for both delivery and functionality, the integration ensures that the blind spots are minimized, and that the configuration of any possible application a customer would run is covered by automated scanning mechanisms.Read Less >

CoGuard Evidence Integration Features

Related Resources
Documentation

CoGuard CLI GitHub Documentation

Frequently Asked Questions

JFrog was already scanning my IaC files through X-Ray. How does this integration extend the current capabilities?

While the current scanning capabilities capture CVEs and IaC misconfigurations, this extension allows to also detect misconfigurations for software commonly deployed in your infrastructure (Postgres, Kafka, Hadoop, Cassandra, MongoDB, Redis, and many more).

The adoption of IaC tools is not that far in our organization. Can we still benefit from this integration?

CoGuard can extract your current configurations from your cloud environment, and the CLI can even find configurations within your running servers and containers. This allows you to already have the visibility into your infrastructure security posture, while enabling you to move towards an automated, infrastructure as code environment.

How much extra time does the scan require in my CI/CD pipeline?

The average scan is done in 30s or less. Cloud snapshot extractions and scans depend on the number of different resources running on the cloud, but average out to take 20 minutes.

The initial examples are using GitHub Actions. Is there support for other CI/CD tooling?

The evidence uploads can be performed on any other common CI/CD platform, such as Jenkins, Bitbucket pipelines, CircleCI, etc. Our team is happy to help you get set up.

About CoGuard

CoGuard is a technology company that was founded with a key realization: despite the abundance of cybersecurity products, regular breaches still occur due to simple misconfigurations. Recognizing this flaw in the process and the inadequate consideration of all configurations in a given infrastructure, CoGuard set out to create a product to fix this shortcoming. They specialize in performing comprehensive checks on Cloud and on-premise infrastructure, meticulously detecting misconfigurations across all layers.