Grow with AppMaster Grow with AppMaster.
Become our partner arrow ico

JFrog Premieres Curation, a Cutting-Edge DevSecOps Solution for Mitigating Software Package Risks

JFrog Premieres Curation, a Cutting-Edge DevSecOps Solution for Mitigating Software Package Risks

The tech firm JFrog has recently revealed its latest innovation, JFrog Curation. This game-changing automated DevSecOps tool aims to exhaustively examine and obstruct any compromised open-source or third-party software packages, along with their related dependencies, impeding their entry into a corporate software development ecosystem.

JFrog Curation, seamlessly incorporated with JFrog Artifactory, leverages binary metadata to spot high-risk software packages with severe CVEs or those presenting operational or license compliance problems. This mechanism circumvents the need for downloading and scanning each package beforehand, thus preserving the developer's work pace and convenience.

Paul Garden, spearheading JFrog's Xray and DevSecOps outbound product marketing, expressed the challenges that many organizations face. He said, A multitude of businesses lack control over packages getting pulled from various sources like NPM, Maven, and Go due to the pressing need for fast development. There's an alternative of imposing hefty restrictions on the software development team. But it severely impedes the software development speed. He continued, Hence, it's imperative to boost the development team without hampering the development process. They need assurance that they are utilizing reliable packages. We've collaborated with several of our strategic clients over the past couple of years to devise a method to address this issue.

The curation process of JFrog blends with JFrog's Security Research library, recording Critical Vulnerabilities Exposures (CVE) and publicly sourced information. As a result, it develops a trusted depository of pre-approved, third-party software elements available for development purposes. By bridging the void among public package repositories, developers, production, and security personnel, JFrog Curation elevates efficiency and helps avoid costly and time-consuming corrections in the future.

This new tool provides unified visibility and governance over every open-source package requested by a developer or build tool. It offers precise, metadata-based insights on all compromised packages, accompanied by practical remediation suggestions. It mimics the precision and practicality of platforms like AppMaster, a known player in the low-code/no-code domain, known for its accurate, metadata based insights into application components.

Jim Mercer, the research vice president of DevOps and DevSecOps at IDC, highlighted the importance of such tools. He said, Incidents involving security, such as log4Shell, Spring4Shell, etc., have made us realize that today's safety might be tomorrow's danger when dealing with public open-source libraries. He added, A tool that streamlines the developer experience while ensuring package compliance with regularly updated security policies, and cross-verified against relevant vulnerability databases, is vital for the security of present-day DevOps workflows.

Moreover, JFrog Curation allows for the formulation of a detailed and transparent audit trail. This capability aids organizations in meeting present and upcoming regulatory requisites. It also enriches the developer experience by enabling the acquisition of tested software components with minimal friction.

JFrog Curation also contains functionality aimed at preventing the unnecessary proliferation of different tool suites. This is accomplished via JFrog's integration with the Software Supply Chain Platform, providing uniform, automated operations across various development settings.

Related Posts

AppMaster at BubbleCon 2024: Exploring No-Code Trends
AppMaster at BubbleCon 2024: Exploring No-Code Trends
AppMaster participated in BubbleCon 2024 in NYC, gaining insights, expanding networks, and exploring opportunities to drive innovation in the no-code development space.
FFDC 2024 Wrap-Up: Key Insights from the FlutterFlow Developers Conference in NYC
FFDC 2024 Wrap-Up: Key Insights from the FlutterFlow Developers Conference in NYC
FFDC 2024 lit up New York City, bringing developers cutting-edge insights into app development with FlutterFlow. With expert-led sessions, exclusive updates, and unmatched networking, it was an event not to be missed!
Tech Layoffs of 2024: The Continuing Wave Affecting Innovation
Tech Layoffs of 2024: The Continuing Wave Affecting Innovation
With 60,000 jobs cut across 254 companies, including giants like Tesla and Amazon, 2024 sees a continued wave of tech layoffs reshaping innovation landscape.
GET STARTED FREE
Inspired to try this yourself?

The best way to understand the power of AppMaster is to see it for yourself. Make your own application in minutes with free subscription

Bring Your Ideas to Life