JFrog Curation aims to secure the software supply chain from hackers

JFrog, a leading provider of software supply chain management tools, today announced the launch of JFrog Curation, an automated DevSecOps solution that blocks malicious open-source software packages before they can enter an organization’s development environment.

According to Huzaifa Dalal, DevSecOps evangelist at JFrog, JFrog Curation gives customers “centralized control and visibility of all other third-party binaries downloaded to streamline the software development.” This integration benefits customers by allowing them to block malicious packages, improve CVE compliance and risk filters, and have a comprehensive audit trail, all while maintaining a frictionless package consumption experience for developers.

“From a security perspective, the question is always, how can I enable my developers to move faster? How can I keep my organization safe and compliant? That’s the ultimate goal of a security developer,” said Dalal. “Curation solves the problem right away. We are helping security developers move fast and keep organizations safe and compliant. Securing software should be simple. That’s the bottom line we want to get to.”

A new weapon in the fight against software supply chain attacks

JFrog Curation is expected to provide out-of-the-box template policies that are compliant with various regulatory requirements, and customers can also edit or add their own policies. The audit trail feature is particularly important in tracking the origin and flow of packages within an organization, providing centralized visibility and control.

JFrog already has around 7,200 customers, with 89% of the Fortune 100 using JFrog Artifactory. With the launch of JFrog Curation, JFrog is expanding its portfolio of enterprise solutions and further cementing its position in the market.

“Application security must be taken seriously and looked at holistically from the point of creation through runtime on edge devices,” said Asaf Karas, CTO of Security at JFrog. “JFrog Curation takes the ‘shift left’ concept to the next level by automatically blocking use of risky open source software packages before entry to an organization, drastically reducing a company’s overall attack surface without compromising on speed or the developer experience.”

The launch of JFrog Curation comes at a time when enterprises are increasingly concerned about the security of their software pipelines. According to a recent report by Gartner, “by 2025, 60% of enterprise application security budgets will be allocated to rapid detection and response approaches, up from 30% in 2020.”

JFrog’s move into the enterprise security space is a smart one, as it leverages the company’s existing market position and addresses a pressing need for businesses. As the demand for enterprise security solutions continues to grow, JFrog is well-positioned to capitalize on this trend and continue to expand its offerings.