GitHub and JFrog introduced a partnership on Wednesday that can see a deeper integration between the 2 firms’ platforms, giving builders and their assist groups a better method to handle each their supply code and the ensuing binaries throughout each providers.
Amongst different issues, this consists of the flexibility to hint code from supply to binary packages throughout each platforms, single sign-on assist and unified undertaking buildings, together with position mapping. Later, there can even be a unified dashboard that can present a single pane of glass for seeing the outcomes of source- and binary-focused safety scans from GitHub’s and JFrog’s respective safety instruments.
At first, this may occasionally look like an odd match, since each firms play within the DevOps house. However since GitHub focuses on supply code and JFrog on binaries, the overlap between them is definitely comparatively small. Because it seems, about half of JFrog’s prospects are additionally GitHub customers; as JFrog CEO and co-founder Shlomi Ben Haim and GitHub CEO Thomas Dohmke each instructed me, the primary mission right here is to make their lives simpler.
“We are using Artifactory ourselves within GitHub,” Dohmke instructed me (simply as JFrog makes use of GitHub for managing its supply code). “And so it felt natural for us to do more together as we’re thinking about how we can secure the software ecosystem, how we can help our enterprise customers like AT&T and Fidelity or Vimeo? How can we help them to have an end-to end lifecycle. And if you remember our very first conversation, before I became the CEO, our vision for GitHub is that we are part of a large ecosystem. Copilot Extensions is all along those same lines: that we have to partner with other companies in our ecosystem to provide our customers — our developers — the best experience.”
Equally, Jfrog’s Ben Haim harassed that his firm is all about binaries — and creating safety merchandise round that. “JFrog is the only comprehensive software supply chain platform in the world,” he mentioned. “GitLab is a source-code platform, GitHub is a source-code platform. Atlassian with BitBucket — same thing. […] Artifactory is your binary repository and serves the organization as the single source of record.”
GitLab might argue with that description, although, on condition that the corporate provides a reasonably complete DevSecOps platform. However the place there is no such thing as a argument is that enterprises as we speak want to consolidate their spending round best-of-breed options. As we speak’s enterprises, Ben Haim mentioned, want to have the ability to scale, however in a safe approach, all whereas shifting more and more sooner and choosing the most effective providers available in the market.
“When you think about where developers live, they live on GitHub and they live on JFrog. […] Basically, this collaboration, this marriage, doesn’t have to be explained to our customers because this is where they are: they are either here for the source code, or here for the binaries — and this together story makes their lives easier,” he mentioned.
You possibly can’t say “GitHub” in 2024 and never speak about Copilot, the corporate’s AI instrument. Wednesday’s announcement isn’t any exception, with a deep JFrog/Copilot integration that now extends Copilot Chat to let builders ask questions on which software program packages (or which model of these packages) to make use of, tips on how to greatest safe them, and tips on how to arrange JFrog tasks, for instance.
“Chatting with GitHub’s Copilot to select the right and secure software package based on the extensive metadata stored in JFrog Catalog can be a game-changer,” defined John Nuttall, Director of Expertise at AT&T, one among JFrog’s and GitHub’s joint prospects. “This integration will significantly enhance the efficiency of Copilot users across the software supply chain: binary-focused and code environments. This partnership offers the best of both worlds.”
GitHub’s Dohmke additionally famous that wanting forward, the plan for GitHub is to deliver extra agent-like features to Copilot that work throughout a safety instrument like Sentry (which was among the many first firms to supply a Copilot extension), GitHub and JFrog’s Artifactory to carry out a given motion autonomously.
Prospects like AT&T, Ben Haim instructed me, need a better method to transfer backwards and forwards between GitHub and JFrog, utilizing the identical credentials. Additionally they need traceability that tracks a bit of code’s lifecycle from supply code to binary and again. Historically, the code and binary have at all times been reasonably disconnected, however with this integration, a workforce placing the binary in manufacturing can now rapidly see which modifications had been final made to the supply code, for instance, and work with the particular developer liable for these modifications to repair a difficulty.
The safety points listed below are additionally essential. Usually, these prospects are additionally utilizing each GitHub’s and JFrog’s safety options, however they don’t need to need to examine two totally different dashboards. As GitHub’s Dohmke famous, totally different customers might even see totally different dashboards — with the builders doubtless eager to see theirs proper in GitHub whereas a safety workforce might want to see theirs in Artifactory or elsewhere.
“This integration can simplify software supply chain security by displaying source-based security findings from GitHub alongside binary-based security findings from JFrog under GitHub’s Security tab, allowing developers to gain a holistic security view and shorten remediation times to improve the overall security posture,” mentioned Mark Carter, CIO and CISO for Vimeo. “Software supply chain security is top of mind for every CISO, and this joint solution from JFrog and GitHub provides a critical, AI-infused cybersecurity control.”
Trying forward, the 2 firms plan to deepen this integration much more. The present resolution is supposed to handle speedy ache factors for his or her prospects, Ben Haim mentioned. Later this 12 months, the businesses will share a bit extra about what’s subsequent at JFrog’s swampUP convention in September.
