GitHub and JFrog partner to unify code and binaries for DevSecOps
This partnership between GitHub and JFrog enables developers to manage code and binaries more efficiently on two of the most widely used developer platforms in the world.
As the volume of code continues to grow exponentially, software developers, DevOps engineers, operations teams, security specialists, and everyone else who touches code are increasingly spending their time in the weeds of securing, delivering, and scaling software. This bottles up creativity and ultimately slows software development for every organization.
Today, we’re announcing a new partnership between GitHub and JFrog that promises to give that time back by letting developers manage code and binaries more efficiently on two of the most widely used developer platforms in the world.
Fifty percent of JFrog’s customers already use GitHub as their primary code repository to get the best of both source code and binary management. Now, developers will be able to build, secure, and innovate all from one dashboard, never needing to switch context or slow down.
Together, we’ve built an integration that includes intuitive navigation and traceability between source code and binaries, CI/CD with GitHub Actions and JFrog Artifactory, and a unified view of security findings across the software supply chain. By providing full control and visibility across the entire software supply chain, we are accelerating our joint vision of making developers’ lives easier and happier.
Here’s how it works
Manage access and roles with single sign-on (SSO) across both platforms. We’ve integrated single sign-on (SSO), project role mapping and access management, and CI integration across both platforms. With centralized user identity and access management (IAM), users won’t need to worry about multiple logins, and changes made on one platform will automatically propagate to the other.
Track artifact lifecycles with integrations between GitHub Actions and JFrog Artifactory. We’ve also integrated GitHub Actions with JFrog Artifactory to provide better tracking for stored artifacts. Binary artifacts generated by Actions will include metadata and processes as part of the binary data in JFrog Artifactory, making them a first-class citizen in software bill of materials (SBOM) generation.
Simplify governance with bidirectional linking between source code and binaries. To further increase visibility, we’re linking software packages and code bidirectionally to allow for precise tracking and triage by natively linking code with built packages, which provides deeper compliance and security-oriented outputs for attesting to provenance and origin.
What’s coming next
A unified view of software supply chain security state. One of our first priorities is to integrate our respective security offerings to provide a holistic view of the software supply chain security state across both platforms into GitHub dashboards.
Ask GitHub Copilot Chat about JFrog processes, artifacts, and more. We’re also bringing JFrog into GitHub Copilot Chat so you can ask Copilot questions about artifacts in JFrog Artifactory, JFrog processes and configuration, and even advice about the best software packages and versions to use. This brings GitHub Copilot into the broader software supply chain to deliver a more complete view of the software development lifecycle.
Enterprises worldwide want solutions that work together to provide the best security, management, and operations capabilities across their software supply chains from code to production. As GitHub and JFrog commit to bringing customers the most powerful solution available together, we look forward to driving modern development forward.
Fascinated by software development since his childhood in Germany, Thomas Dohmke has built a career building tools developers love and accelerating innovations that are changing software development. Currently, Thomas is Chief Executive Officer of GitHub, where he has overseen the launch of the world's first at-scale AI developer tool, GitHub Copilot -- and now, GitHub Copilot X. Before his time at GitHub, Thomas previously co-founded HockeyApp and led the company as CEO through its acquisition by Microsoft in 2014, and holds a PhD in mechanical engineering from University of Glasgow, UK.
Shlomi is Co-Founder and CEO of JFrog, creators of the universal DevOps platform. He brings over 20 years of experience in building profitable, high-growth information technology companies. Prior to JFrog, Shlomi was the CEO of AlphaCSP (acquired in 2005 by MalamTeam) and a Major in the Israeli Air Force. Shlomi holds an MS from Clark University (Massachusetts, USA) and a BA from Ben-Gurion University (Israel).
Applications for the new GitHub Secure Open Source Fund are now open! Applications will be reviewed on a rolling basis until they close on January 7 at 11:59 pm PT. Programming and funding will begin in early 2025.
Microsoft and GitHub are committed to empowering developers around the world to innovate, collaborate, and create solutions that’ll shape the next generation of technology.
We do newsletters, too
Discover tips, technical guides, and best practices in our biweekly newsletter just for devs.