JFrog Ltd. have announced JFrog AppTrust to automate and better manage audit and compliance requirements across their software supply chain, reducing risk and increasing trust in applications.
By providing a comprehensive view of software security, quality, and performance metrics, alongside evidence-based policies and contextualised insights, JFrog AppTrust helps DevOps and Security teams seamlessly and cohesively govern enterprise applications. The solution also natively integrates with the ServiceNow AI Platform, delivering a unified experience across both logic and infrastructure layers while applications are being released.
“Software is being released faster than ever, and secure updates have become the fuel powering today’s world. In the era of AI, software releases come from both humans and machines, creating a tsunami of software delivery that organisations must be prepared to manage,” said JFrog CEO and Co-founder, Shlomi Ben Haim. “Our customers tell us that after DevOps and DevSecOps, the next big challenge in this new reality is compliance – that’s why ‘DevGovOps’ must happen. With JFrog Artifactory serving as the single source of truth for all software packages, JFrog AppTrust signs and secures both internal and external evidence, automates release quality gates, and integrates as the governance infrastructure for IT operations platforms like ServiceNow. This ensures every release is trusted, verified, and ready for production at scale.”
The key capabilities and benefits of JFrog AppTrust include:
- Governance, Risk and Compliance (GRC): Creates a single source of truth using verified, signed evidence and automated policy enforcement to integrate application integrity controls into existing workflows.
- Complete Application Context: Automatically assigns each software asset to an application with clear ownership and context, enabling customers to visualise interdependencies and quickly identify risk sources and who should remediate them.
- Trust Control with Promotion Gates: Control the progression of your software across well-defined stages all the way to Release, according to policies that can take security, evidence, and other platform entities into effect. Define organisation-wide and application-level policy gates for full flexibility.
- Evidence System of Record: An open infrastructure to store and display signed evidence from multiple sources and vendors alongside release artifacts to attest for irrefutable metadata about the release.
- Insights that Drive Software Supply Chain Efficiency: Organisations can proactively utilise DORA and other software security metrics to identify bottlenecks, then improve cross-team, cross-application velocity and risk management.
JFrog’s AppTrust evidence partner ecosystem currently includes: Akto, Akuity, CoGuard, Dagger, GitHub, Gradle, NightVision, ServiceNow, Shipyard, Sonar, and Troj.ai. JFrog plans to add more partners to its evidence ecosystem over time.
