Revolutionizing DevOps and AI Practices: The JFrog-GitHub Partnership

CXOToday has engaged in an exclusive interview with Kavita Viswanath, General Manager, JFrog India,  JFrog and GitHub Partnership

1. What motivated the collaboration between JFrog and GitHub?

With the market rapidly consolidating around platforms, our joint customers have flagged that it is mission-critical to them that JFrog and GitHub work on a tight, deep integration between the platforms that provides the best quality, security, and management across their software supply chains from code to production.

2. How will this partnership benefit the existing users of both platforms?

JFrog and GitHub will now provide developers with a seamless user experience while they build, secure, and deliver the next generation of AI-powered applications in the following ways:

• Bi-directional code and software package navigation – Allowing precise tracking and triage by offering native linking between code and built packages and vice versa, for more streamlined data, deeper compliance-oriented outputs, and software provenance.
• GitHub Actions tracking for stored artifacts – Seamless integration for resolving packages from Artifactory and storing binary artifacts generated by Actions, alongside build metadata in Artifactory, aiding more accurate SBOM generation.
• SSO, roles and project structures unification – Enabling seamless sign on, project role mapping and access management and CI integration to keep developers moving efficiently.

3. How will the integration enhance DevOps, DevSecOps, MLOps, and AI practices?

The integration will merge DevOps, DevSecOps, and MLOps business initiatives into a single, comprehensive transformation of your digital business, utilizing platforms you trust and that technologists love.  A jointly-built roadmap developed by the two companies focuses on seamless navigation and traceability between source code and binaries, continuous integration, and deployment with GitHub Actions and JFrog Artifactory. This will provide developers with a unified view of security findings to provide one solution for software supply chain security and policies across GitHub and JFrog Advanced Security offerings, providing the ability to leverage GitHub Copilot to chat and query artifact and pipeline status to keep projects moving forward.

4. How will the integration improve continuous integration and deployment processes?

The integration will help ensure software quality, control and reliability across the entire  software supply chain from code to deployment, which will help improve the quality and reliability of software, ensuring that any issues can be quickly traced back to their source and resolved.

5. Can you explain how the integration will handle compliance and software provenance? How does the partnership aim to provide a unified view of security findings?

Companies need to gain a holistic view of their entire digital pipeline in order to remediate quickly, trace everything, meet compliance and make responsible business decisions. JFrog’s partnership and integration with GitHub will drive comprehensive security and compliance with full visibility of provenance across platforms; leverage real-time dashboards to aggregate security findings and proactively manage risk, remediation, and sustain the highest levels of compliance. The dashboards will also help companies ensure software quality, control & reliability from code to deployment by ensuring any security issues can be quickly traced back to their source and resolved in a timely manner.

6. What improvements can developers expect in terms of efficiency and usability?

The JFrog integration with GitHub unites two of the most widely used developer tools in the market. In doing so we jointly make developers’ lives easier, more streamlined, more secure and more efficient by:

• Offering single sign-on and universal, role-based projects for developers, helping drive correct permissions and team collaboration.
• Incorporating proven secure software supply chain management practices, policies and ML model development capabilities to GitHub Copilot, revolutionizing how developers design and deploy their AI-developed applications with greater security and compliance.
• Coupling JFrog’s Catalog and Curation capabilities with GitHub Copilot to add valuable metadata to help developers make smarter, faster decisions.

7. Can you share specific examples of how the integration has impacted your customers’ development workflows?

JFrog and GitHub customer Morgan Stanley, a leading global financial services firm, said they believe this collaboration between GitHub and JFrog has the potential to significantly impact the DevOps landscape by establishing bi-directional links between GitHub Actions Workflows, and Release Artifacts created and stored in JFrog Artifactory, which enhances the development experience and traceability across the software supply chain. Additionally, AT&T, an American-based multinational telecommunications company and a joint customer of JFrog and GitHub, noted: “Chatting with GitHub’s Copilot to select the right and secure software package based on the extensive metadata stored in JFrog Catalog can be a game-changer. This integration will significantly enhance the efficiency of Copilot users across the software supply chain; binary-focused and code environments. This partnership offers the best of both worlds.”

These testimonies are evidence that the collaboration between GitHub and JFrog has already received strong support from customers across a variety of industries and roles.

8. How will JFrog and GitHub ensure continuous improvement and innovation in their integrated solutions?

As an ongoing initiative, both companies are dedicated to maintaining a roadmap for continuous enhancements, ensuring users of both platforms can efficiently manage their code and binaries. Additional integration points will be introduced and shared regularly.

9. How do you see this partnership influencing the broader DevOps and DevSecOps landscape?

Organizations are consolidating around major best-of-breed platforms, and the partnership between GitHub and JFrog has the potential to transform the DevOps and DevSecOps market and supercharge developers’ efficiency. GitHub and JFrog are two of the leading developer platforms for source code and binaries. Working together they can help streamline and secure the modern software supply chain by unifying DevOps, DevSecOps, MLOps and GenAI.  Joint customers will be able to utilize cutting-edge, pre-integrated, best-of-breed technologies to enable faster, more secure, and more efficient release cycles at scale, leading to faster time-to-market and increased customer satisfaction.