Software supply chain company JFrog Ltd. today announced a new partnership with Microsoft Corp.-owned GitHub to deliver an integrated platform that allows joint customers to manage “EveryOps” for developers, including DevOps, DevSecOps, MLOps and generative artificial intelligence-powered apps.

The partnership seeks to assist development teams that manage both source code and binaries, with integration between JFrog and GitHub said to be a natural fit. A joint roadmap developed by the two companies focuses on seamless navigation and traceability between source code and binaries, as well as continuous integration and deployment, or CI/CD with GitHub Actions and JFrog Artifactory.

The JFrog GitHub partnership delivers a unified view of security findings to provide one solution for software supply chain security and policies across GitHub and JFrog Advanced Security offerings. Joint users will also have the ability to leverage GitHub Copilot to query artifact and pipeline status to keep projects moving forward.

Through the partnership, the two companies can now provide developers with a seamless user experience while they build, secure and deliver the next generation of AI-powered applications.

Key features of the joint solution include bidirectional code and software package navigation that enhances the management and triage of software development by providing native links between source code and built packages and vice versa. The integration streamlines data flow and facilitates deeper compliance and software provenance checks.

GitHub Actions are seamlessly integrated to handle the resolution of packages from Artifactory and the storage of binary artifacts generated by Actions. The process includes the incorporation of build metadata within Artifactory, to provide a more accurate software bill of materials.

The joint solution also offers the unification of single sign-on, roles and project structures to simplify the sign-on process, map project roles, manage access and integrate continuous integration to boost developer efficiency. A unified security dashboard for JFrog and GitHub Advanced Security findings also offers joint users a comprehensive security perspective by merging results from source-focused and binary-focused security scans.

“It’s time for developers and DevOps engineers to enjoy both worlds together as one: the best source code platform alongside the best artifact platform,” said JFrog Chief Executive Shlomi Ben Haim. “Our customers adopt technology rapidly and require managing DevOps, security, CI/CD and AI initiatives while consolidating tools.”

Photo: JFrog