JFrog Artifactory and Xray Verified as Secure for Use Under the DoD’s Platform One DevSecOps Software Initiative.
The release reads:
JFROG WINS U.S. DEFENSE DEPARTMENT SECURITY CERTIFICATION
JFrog Ltd. (“JFrog”) (NASDAQ: FROG), the Liquid Software company, creators of the DevOps Platform, today announced its JFrog Artifactory and JFrog Xray solutions are now accredited in Iron Bank and available via Platform One. With this achievement, JFrog reinforces its commitment to providing a scalable, secure, development to edge DevOps and DevSecOps solution for its public sector customers and those in highly regulated industries such as finance, healthcare, energy, and transportation.
Under the DoD’s Platform One initiative, developers can now access a central binary repository of secure, Iron Bank-certified resources that have been hardened to the DoD’s specifications. This container registry has Continuous Authority to Operate (cATO), allowing developers to easily push validated code into production more quickly.
“Rapid software development is an imperative for all our customers, which includes the U.S. military, but it should never come at the expense of security,” said Lou Doerr, Head of U.S. Commercial Unit, Oteemo. “Knowing JFrog’s Platform is Iron Bank-certified makes it easy to recommend them for use by public and private organizations needing software delivery solutions that bake-in security from inception.”
According to the Internet Crime Report, the FBI received nearly 2,500 ransomware complaints in 2020, up 20% from 2019, costing citizens nearly $29.1 million. Platform One aims to ensure all government entities can work with a collection of approved, hardened, cloud-native DevSecOps solutions along with collaboration tools, cybersecurity tools, open-source code, artifact repositories, and development tools. JFrog Artifactory provides a single, reliable source of truth for binary packages that follow the DevOps lifecycle from development to deployment at the edge. JFrog Xray works with JFrog Artifactory to enable multi-layer analysis of each binary or container image and flags any security vulnerabilities or compliance compromises to ensure software quality.
“We understand software needs to be hardened and trusted in order for the Federal government to rely on JFrog for their mission critical applications,” said Shlomi Ben Haim, Co-founder and CEO, JFrog. “Our vision is to enable all organizations to ‘shift left’ to bake security into every stage of development and seamlessly deploy updates across geographies, from ground to cloud, to any device throughout the software supply chain with ease and peace of mind.”
Iron Bank is the DoD Centralized Artifacts Repository (DCAR) of digitally signed, binary container images including both Free and Open-Source software (FOSS) and Commercial off-the-shelf (COTS). All artifacts are hardened according to the Container Hardening Guide, which allows software built in the system to be automatically authorized for use, a security process that usually takes months. Containers accredited in Iron Bank have DoD-wide reciprocity across classifications. Over 800 certified containers are available today including those offered by JFrog partners such as AWS, Docker, Microsoft Azure, Oracle, RedHat, and VMWare.
To learn more about JFrog Artifactory, JFrog Xray, and the entire platform of DevOps and DevSecOps solutions for public sector environments, register for “Aligning to the DoD Enterprise DevSecOps Reference Design,” on October 26, 2021 at 11:00 AM PT, read this blog or visit jfrog.com/government.
For more such updates and perspectives around Digital Innovation, IoT, Data Infrastructure, AI & Cybersecurity, go to AI-Techpark.com.