Delivering a Unified
Software Supply Chain

Create secure workflows with best-of-breed code & binary-centric platforms

Read the Latest Blog Post
We are thrilled to see some of the enhancements we recommended come to life; we believe this collaboration between GitHub and JFrog has the potential to significantly impact the DevOps landscape. For instance, establishing bi-directional links between GitHub Actions Workflows, Release Artifacts it created, and stored in Artifactory will enhance the development experience and traceability across the software supply chain."

Amol Shukla, Distinguished Engineer

Unified, Secure Single Sign-on (SSO)

Establish trust, automate token management, and enhance identity security by leveraging OpenID Connect (OIDC), with one experience for SSO, role, and permission mapping. Easily switch between environments confidently.

The community and market have been anticipating this natural ‘better together’ solution. Organizations are consolidating around major best-of-breed platforms, and the partnership between GitHub and JFrog has the potential to transform the DevOps and DevSecOps market and supercharge developers’ efficiency. This integration can simplify software supply chain security by displaying source-based security findings from GitHub alongside binary-based security findings from JFrog under GitHub’s Security tab, allowing developers to gain a holistic security view and shorten remediation times to improve the overall security posture. Software supply chain security is top of mind for every CISO, and this joint solution from JFrog and GitHub provides a critical, AI-infused cybersecurity control."

Mark Carter, CISO and CIO

Bidirectional Mapping & End-to-End Traceability

Trace releases and published artifacts to their build, the GitHub job, and even the source code. Seamless integration for resolving packages from Artifactory and storing binary artifacts generated by GitHub Actions, alongside build metadata.

Among the strong integration capabilities between JFrog and GitHub, allowing fully-transparent and frictionless data flow between GitHub Actions/Workflows and Artifactory assets will simplify the lives of software developers, and will reduce the configuration and support load dramatically.

Uzi Yona, Director, IT DevOps & Engineering

Single Pane of Glass for Advanced Security

Centralize the management of code and binary security with a consolidated dashboard for JFrog and GitHub Advanced Security. With scan results in one place you can improve security posture visibility from code to production.

The world of software supply chain management introduces many challenges and points of friction for developers. The integration between JFrog's Software Supply Chain Platform and GitHub's Developer Platform was designed to provide a 'secure by default' developer experience. This collaboration gives developers a single source of truth for code and binaries, and security teams gain full traceability and a unified view to monitor and remediate threats, reducing risk.”

Gerard McMahon, Head of ALM Tools and Platforms

Copilot-Driven Insights of Artifacts and Packages

Copilot chat interactions (beta) can now be extended across the software supply chain. Make informed decisions with JFrog-relevant insights on the safe use of open-source packages and artifacts in-line with your organization’s policies.

Beyond DevOps and DevSecOps practices, the future will require advanced interactions with AI tools. Chatting with GitHub’s Copilot to select the right and secure software package based on the extensive metadata stored in JFrog Catalog can be a game-changer. This integration will significantly enhance the efficiency of Copilot users across the software supply chain; binary-focused and code environments. This partnership offers the best of both worlds."

John Nuttall, Director of Technology

Check out all the JFrog & GitHub Integration Features

Experience the Integration for Yourself

Play

See GitHub & JFrog in action

As developer responsibility has increased in areas of DevOps, ML, AI, security, and more, the push by many organizations to drive efficiency via tool consolidation is a natural move,” said Jim Mercer, Program Vice President of Software Development, DevOps and DevSecOps Research at IDC. “This announcement from GitHub and JFrog helps to enable this path, bringing together two of the most well-known platforms developers already use today in a cohesive, end-to-end vision that plays to the strengths of both solutions, simplifying how development, DevOps, and platform engineering teams work."

Jim Mercer, Program VP of Software Development, DevOps and DevSecOps Research

Stay up to date

Join the mailing list to be the first to know about JFrog and GitHub partnership news