JFrog Streamlines Security Threat Detection and Response with AWS

JFrog Ltd. announced its DevSecOps tool, JFrog Xray, now supports Amazon Web Services (AWS) Security Hub, a cloud security posture management service that performs best practice checks, aggregates alerts, and allows automated remediation.

JFrog, already part of the DevSecOps category under the AWS DevOps competency, also revealed it is participating in the new AWS Marketplace Vendor Insights, which helps streamline the complex third-party software risk assessment process by enabling JFrog to make security and compliance information available to customers through AWS Marketplace. By using AWS Marketplace Vendor Insights, customers can reduce the vendor assessment cycle from months down to a few hours by allowing them to access JFrog’s validated security profile.

“Security and trust are at the core of our JFrog product development philosophy. We’re proud to have achieved the AWS DevSecOps Competency, which recognizes JFrog’s technical expertise and our DevOps platform’s ability to securely enable customers through their cloud journey,” said Kelly Hartman, SVP of Global Channels and Alliances, JFrog. “We’re also proud to be part of AWS Marketplace Vendor Insights to provide customers with additional visibility when it comes to vendor solution risk assessments, so they can have greater peace of mind.”

Having visibility of a cloud environment and being able to identify and address software supply chain security issues early in the development process reduces risk and cost and improves productivity. In many organizations, however, security processes can often slow down developers from launching new features to customers. JFrog Xray’s support of AWS Security Hub will help developers ensure security is continuously implemented across development pipelines and that they have a central location for visibility into vulnerability alerts, contextual applicability of the threat, and prioritization of remediation activities.

Keeping Vendors Accountable for Security Standards

Bendigo and Adelaide Bank is one of Australia’s biggest banks, with over two million customers. It uses JFrog Artifactory and Xray on AWS to allow hundreds of developers to safely use 15 unique package types across 600-plus cloud-native applications with enhanced developer productivity while remaining compliant with regulations.

“As a financial institution responsible for the investments of millions of customers, security obviously needs to be – and is – a top priority for us. However, we also realize the reality that uneven cybersecurity strength in our software supply chain leaves us just as much at risk,” said Caio Trevisan, DevOps Service Owner, Bendigo and Adelaide Bank. “This is why we make sure the vendors we work with also have high security standards and are proud to work with companies like JFrog and AWS that prioritize and give thoughtful attention to matters of security.”

With JFrog’s new support of AWS Security Hub customers can utilize JFrog Xray to:

• Get a consolidated view of all license compliance and security vulnerabilities across their cloud instances.
• Enhance vulnerability identification, assessment, and management tapping into the JFrog Xray database of critical vulnerabilities exposures (CVEs).
• Better contextualize and prioritize vulnerabilities and automate remediation workflows to reduce Mean Time to Recovery (MTTR).

“AWS Marketplace Vendor Insights make it easier for a customer’s governance, risk, and compliance teams to assess software through a unified web-based dashboard. We are thrilled to partner with JFrog to deliver a streamlined compliance experience and to help customers secure their software supply chain,” said Chris Grusz, Director, Independent Software Vendor Partner and AWS Marketplace Business Development at AWS.