NVIDIA 
Cursor 
GitHub 
Docker 
Maven 
Financial Services 
Public Sector 
Technology 
Healthcare 
Gaming 
Automotive 
Enterprise 
SAS Enhances Security and Compliance with the JFrog Platform
| End-to-end security in development pipelines | Automation for improved efficiency and security | Streamlined compliance and governance |
SAS, a leader in data and AI, leveraged the JFrog Platform to enhance security and compliance within their software supply chain pipelines to improve efficiency.
| “Adding JFrog Curation and Advanced Security to our pipelines allowed us to enhance our security throughout the lifecycle of our products.”
– Brett Smith, Distinguished Software Developer, SAS |
OVERVIEW
SAS, based in Cary, North Carolina, specializes in analytics, data and AI. SAS® Viya ® is a powerful cloud-native data and AI platform designed to facilitate easier development and boost productivity for data scientists and analysts. By providing advanced analytical capabilities, SAS empowers organizations to make data-driven decisions more effectively.
The company operates on a global scale, serving various industries, including government and finance, and is committed to maintaining stringent security and compliance standards. As regulatory requirements evolve, SAS continually seeks innovative solutions to protect and document the security of their applications, while ensuring the integrity of the software development lifecycle.
CHALLENGE
SAS adopted aspects of the JFrog Platform to:
- Enhance security
- Address regulatory compliance globally
- Integrate efficiently
- Automate workflows to reduce risk
SOLUTION
To enhance governance and security in their software delivery pipelines, SAS implemented the JFrog Platform, including the following products:
| PRODUCT | BENEFIT |
|---|---|
| JFrog Artifactory | SAS has utilized JFrog Artifactory for several years to manage their Java, Maven, Ivy, npm and Pypi artifacts. This centralized repository not only streamlines the storage of necessary components but also plays a critical role in their overall software delivery process. |
| JFrog Xray | In response to increasing security demands, SAS integrated JFrog Xray to conduct thorough scans of their artifacts for vulnerabilities. Xray enables SAS to assess and ensure the integrity of their software components, helping them comply with various regulatory standards across the globe. |
| JFrog Advanced Security | SAS implemented JFrog Advanced Security to upgrade their security framework. Advanced Security also offers developers contextual insights that facilitate faster and more effective remediation. |
| JFrog Curation | Curation helps safeguard SAS’s operations against malicious third-party packages, allowing them to leverage all the advantages of open source while adding a protective layer that allows only vetted binaries into development pipelines. It’s also a great example of how the SAS team is now able to shift-left by performing security checks early in the development process. |
RESULTS
After partnering with JFrog, the SAS DevOps and Security teams experienced several improvements that enhanced their software development and security processes, including:
- Enhanced Security Posture: SAS was able to improve their security throughout the lifecycle of their products. The integration of JFrog’s tools, such as Xray, Advanced Security, and Curation, allowed for better monitoring and management of vulnerabilities in their software components.
- Streamlined Compliance Processes: JFrog helped SAS self-attest compliance requirements set by regulations in the US, EU, and Australia to meet critical cybersecurity standards without committing additional resources or requiring excessive manual intervention.
- Increased Developer Efficiency: The developer solutions provided by JFrog, particularly the IDE plugins from Advanced Security, helped SAS’ development teams perform security checks at an even earlier stage in the development process. Shifting left has allowed developers to identify and address potential vulnerabilities proactively, increasing the overall efficiency of detecting and preventing potential threats.
- Automated Workflows: By utilizing JFrog’s APIs and CLI, SAS was able to automate critical workflows in their pipelines. This automation helped streamline operations, reduced the risk for error, and efficiently integrated into their software delivery process.
- Protection Against Malicious Components: JFrog Curation acted as an additional protective layer that ensured only vetted binaries entered SAS’ pipelines. This feature enhanced their security by preventing potential vulnerabilities from compromising their software.
- Mission-Critical Functionality: Artifactory and associated tools helped SAS deliver software consistently and securely.
- Improved Observability and Monitoring: The integration with JFrog provided SAS with enhanced end-to-end visibility over their entire software supply chain, enabling comprehensive tracking and assessment of all the artifacts used in their software applications.
| “The developer tools provided by JFrog, like IDE plugins, empower our teams to perform necessary security checks early, improving our development speed.”
– Brett Smith, Distinguished Software Developer, SAS |
Take Aways
By utilizing JFrog’s comprehensive solutions, SAS continues to deliver high-quality, secure and reliable products to their customers while navigating the complex landscape of global regulations.
We invite DevOps and Security professionals in technology companies to schedule a personalized demo or take an online guided tour and see how the JFrog Platform can transform your operations with enhanced compliance, security and efficiency.
Products
The JFrog Platform
Additional Resources
Strategic Briefing: The Immutable Ledger: Powering the Next Era of Global Finance
Solution Sheet: JFrog for Financial Services
Case Study: How Iress Optimized Global DevSecOps with JFrog: Scaling Compliance, Security & Efficiency
