UPDATED 12:15 EST / OCTOBER 29 2024

SECURITY

JFrog and GitHub advance DevSecOps with SAST and Runtime Security integration

Software supply chain company JFrog Ltd. today announced strengthened integrations with GitHub that aim to enhance secure software development by embedding automated security fixes and real-time production monitoring directly into GitHub’s developer workflows.

The updates include the integration of JFrog’s static application security testing with GitHub Copilot Autofix, allowing developers to remediate vulnerabilities automatically and the addition of JFrog Runtime Security into GitHub Actions for comprehensive runtime monitoring and application integrity checks.

JFrog’s SAST integration with GitHub Copilot Autofix brings automated vulnerability fixes directly into developers’ workflows, enhancing security without interrupting productivity. By linking JFrog’s static application security testing with Copilot Autofix, developers can detect and resolve vulnerabilities across multiple languages in real time, reducing potential security risks from the outset.

With each pull request, JFrog identifies problematic code and flags it for Copilot Autofix, which then generates specific fix suggestions. The automated suggestions that are delivered allow developers to review and apply security changes quickly while maintaining control and reducing context-switching between development and security tools.

Additionally, Copilot Autofix can create new pull requests with recommended fixes for existing code vulnerabilities. Each suggestion includes detailed explanations, increasing developers’ security awareness and enabling them to maintain a consistent, secure coding approach within GitHub’s interface.

In addition to SAST integration, JFrog’s Runtime Security now offers real-time monitoring within GitHub Actions that focuses on the security of applications in production environments. After each build, developers can now access JFrog’s Runtime Live assessment dashboard directly from the GitHub Job Summary page to obtain insights into potential vulnerabilities and application integrity at runtime.

The integration allows teams to quickly identify and prioritize critical runtime issues while also automatically alerting them to unauthorized modifications or drifts in deployed images. By centralizing runtime visibility, JFrog and GitHub help teams ensure consistent deployment security without leaving their development workflows.

The announcements are part of a push by JFrog to streamline DevSecOps across the entire software supply chain, from code commit to production. Through the combination of JFrog’s security capabilities with GitHub’s development tools, teams can now detect and address vulnerabilities earlier and, in doing so, reduce the attack surface before applications reach production.

JFrog said this unified approach also helps prioritize critical risks through advanced contextual analysis, maintaining continuous security posture throughout the development lifecycle. By centralizing security insights and integrity checks, JFrog said, it offers a more efficient and transparent development process that meets the demands of modern enterprise teams.

Image: SiliconANGLE/Ideogram

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU