News

JFrog Launches Runtime Security Solution to Boost Software Integrity from Code to Cloud

• By John K. Waters
• September 18, 2024

JFrog has introduced a new runtime security solution aimed at enhancing software integrity and streamlining collaboration between developers and security teams. The addition of JFrog Runtime to the company’s existing security tools is meant to empower enterprises to embed security at every stage of the software development process, the company said, from writing source code to deploying applications in production.

JFrog Runtime offers real-time vulnerability detection and advanced prioritization that allows teams to identify and mitigate risks based on their potential business impact. The solution provides continuous monitoring of post-deployment threats, such as malware and privilege escalation attacks.

"As organizations shift left to mitigate growing cybersecurity threats, siloed tools create additional challenges for developers and security teams," said Asaf Karas, CTO of JFrog Security, in a statement. "By adopting a unified platform that provides end-to-end visibility and traceability, companies can streamline processes and enhance the security of their software supply chain."

A recent IDC survey sponsored by JFrog found that companies spend an average of $1.89 million annually on security-related tasks per development team, highlighting the need for integrated solutions like JFrog Runtime. The platform’s ability to align security and development efforts is intended to save developers time while improving overall security posture.

JFrog Runtime also offers enhanced analytics for monitoring workloads and containers in Kubernetes clusters, ensuring that vulnerabilities are quickly identified and addressed. This feature helps to reduce the risk of runtime exposures, the company said, which industry research shows affects one in five applications.

The new solution complements JFrog’s broader suite of security tools, including capabilities for curating and securing AI/ML models from open-source repositories, such as Hugging Face. This integration ensures that enterprises can detect and block potentially malicious models before they enter their systems.

According to Katie Norton, research manager at IDC, JFrog’s comprehensive security platform supports a strategy that spans both "shift-left" and "shift-right" approaches, providing critical visibility from development to production. The new addition is designed to reduce the strain on development and security teams while ensuring seamless protection throughout the software lifecycle.