Use Case: DevOps with a Universal Security Framework at Scale

How JFrog helped a semiconductor company consolidate global DevSecOps in the cloud

COMPANY

The DevOps Platform Team at this Fortune 500 semiconductor company supports 23 global business units that develop semiconductors, hardware, and software. This encompasses hundreds of DevOps teams, and over 6,000 product engineers.

CHALLENGES

The company achieved this scale through a multi-year succession of acquisitions. Business units and development teams are spread globally, across regions in the Americas, Europe, and Asia. These diverse organizations must deliver production releases to manufacturing facilities, private vendors, and public consumers. “Everything flows through the DevOps pipeline: legal, compliance, vendors, etc.”

The DevOps Platform Team were supporting many siloed SDLC pipelines, each unit self-solving problems in their own custom environments. Of top concern, the DevOps Platform Team could not fully know or mitigate the risks to the company’s entire software supply chain. Limits of capacity, disaster recovery, and backup were unknown.

“We are partnering with JFrog; we know that we can’t do this by ourselves.”

RESULTS

The company consolidated its DevOps in the cloud, migrating 72 TB of data to JFrog Platform deployments that interoperate across multiple cloud regions to provide highly available global access to all business units. The company employs Artifactory for over 25 distinct package types plus generic artifacts, in over 100,000 local repositories, through pipelines that support around 6,000 deployments each day.

Through Artifactory, Xray, and Pipelines, the DevOps Platform Team was able to enforce best DevOps practices, including a security framework that is consistent with SLSA principles and protects the software supply chain for the entire corporation. “When log4j happened, Artifactory and Xray helped us to understand where the impact was.”

The company is now able to meet 99.9% (“three-nines”) SLA through multi-cloud JFrog Cloud (SaaS) deployments, with inherent disaster recovery. “We now have the ability to focus on pipeline and DevOps enhancements.”

 

 

“With JFrog, we can support our scale and growth with business continuity.”
Head of DevOps Platform, Software Business Operations


INDUSTRY

Semiconductors and Computer Software

PROBLEM

  • No ability to guarantee SLA
  • Development teams self-solved with point solutions and custom pipelines
  • Supply chain risks not known or mitigated
  • DevOps Platform Team on 24 hour watch
  • Unknown capacity for disaster recovery

RESULTS

  • End-to-End DevOps in the cloud for all acquired business units
  • Reduced maintenance overhead with SaaS
  • Broad range of package types supported across diverse teams
  • Consistent CI/CD workflows, security posture, and lifecycle across all business units
  • Supply chain security through a trusted catalog of open source components
  • Reliability to 99.9% (“three-nines”) SLA, with disaster recovery
  • Automated archiving compliant with retention policies
  • Support global scale and growth with business continuity

SOLUTIONS

JFrog Artifactory
JFrog Xray
Jfrog Distribution
JFrog Mission Control
JFrog Artifactory Edge
Google Cloud Platform
Amazon Web Services

Release Fast Or Die