On Wednesday, GitHub and JFrog announced a collaboration to integrate their platforms, making it simpler for developers and their support teams to handle source code and binaries across both services.
This features single sign-on, role mapping, code tracing from source to binary packages across platforms, and a unified project architecture. Later, a unified dashboard will display GitHub and JFrog’s source- and binary-focused security scan findings.
Since both firms are DevOps, this may appear unusual. GitHub focuses on source code and JFrog on binaries; therefore, their overlap is minor. About half of JFrog’s clients are also GitHub users, and CEO and co-founder Shlomi Ben Haim and GitHub CEO Thomas Dohmke told me the goal is to make their lives simpler.
“We use Artifactory internally within GitHub,” Dohmke said. JFrog also uses GitHub for source code management. So it was logical for us to do more together as we think about how to safeguard the software ecosystem and aid business clients like AT&T, Fidelity, and Vimeo. What can we do to complete their life cycle? In our initial chat before I became CEO, we envisioned GitHub as part of a vast ecosystem. Copilot Extensions follows the same principle: we must engage with other ecosystem firms to provide our customers—our developers—with the best experience.
Ben Haim of JFrog said his business focuses on binary and security technologies. He remarked, “JFrog is the only comprehensive software supply chain platform in the world.” “GitLab and GitHub are source-code platforms. Atlassian and BitBucket are the same. […] Artifactory is your binary repository and its organisation’s single source of record.”
GitLab’s extensive DevSecOps platform may dispute that definition. Nobody disputes that corporations are consolidating their expenditures around best-of-breed solutions. Ben Haim said today’s organisations must expand securely, move quicker, and choose the finest services.
Developers reside on GitHub and JFrog. […] He stated that our clients don’t require communication about this partnership or marriage because they are either here for the source code or the binaries, and this united story simplifies their lives.
In 2024, GitHub will be synonymous with Copilot, their AI tool. Wednesday’s announcement included a thorough JFrog/Copilot connection that expands Copilot Chat to allow developers to ask questions about software packages (or versions of them), security, and JFrog project setup.
“Chatting with GitHub’s Copilot to select the right and secure software package based on the extensive metadata stored in the JFrog Catalogue can be a game-changer,” said AT&T Director of Technology John Nuttall, a JFrog-GitHub client. This connection will boost Copilot users’ productivity in binary-focused and code settings throughout the software supply chain. This cooperation is the best of both worlds.”
Dohmke also said that GitHub plans to add additional agent-like functionalities to Copilot that operate across a security product like Sentry (one of the first firms to provide a Copilot extension), GitHub, and JFrog’s Artifactory to autonomously accomplish a task.
Ben Haim informed me that customers like AT&T want to use the same credentials to switch between GitHub and JFrog. They also want code traceability from source to binary and back. Although the code and binary have always been distinct, this integration enables a team deploying the binary in production to promptly identify the most recent source code changes and collaborate with the responsible developer to resolve any issues.
Security matters too. These clients usually use both GitHub and JFrog security solutions, but they don’t want to check two dashboards. As GitHub’s Dohmke remarked, developers may want to view their dashboard on GitHub, while security teams may prefer Artifactory or elsewhere.
“This integration can simplify software supply chain security by displaying source-based security findings from GitHub alongside binary-based security findings from JFrog under GitHub’s Security tab, allowing developers to gain a holistic security view and shorten remediation times to improve security posture,” said Vimeo CIO and CISO Mark Carter. “Software supply chain security is top of mind for every CISO, and this JFrog-GitHub solution provides critical, AI-infused cybersecurity control.”
Future plans call for more cooperation between the two firms. Ben Haim said the present approach addresses immediate consumer problem areas. The firms will discuss future plans at JFrog’s swampUP conference in September.
