JFrog introduces product to help DevOps and security teams govern enterprise applications

JFrog has rolled out the JFrog AppTrust, aiming to help companies automate and better manage audit and compliance requirements across their software supply chain.

By providing a comprehensive view of software security, quality, and performance metrics, alongside evidence-based policies and contextualised insights, JFrog AppTrust intends to help DevOps and Security teams govern enterprise applications.

The solution also natively integrates with the ServiceNow AI Platform, delivering a unified experience across both logic and infrastructure layers while applications are being released. 

The key capabilities of JFrog AppTrust include creating a single source of truth using verified, signed evidence and automated policy enforcement to integrate application integrity controls into existing workflows, as well as assigning each software asset to an application with clear ownership and context, enabling customers to visualise interdependencies and quickly identify risk sources and who should remediate them.

JFrog AppTrust also controls the progression of software across well-defined stages all the way to Release, according to policies that can take security, evidence, and other platform entities into effect. It can also define organisation-wide and application-level policy gates for full flexibility.

To extend the reach and thoroughness of its evidence collection, JFrog is collaborating with an array of software technology companies to provide a centralised audit trail with clear attestations across the entire software development lifecycle.

JFrog’s AppTrust evidence partner ecosystem currently includes: Akto, Akuity, CoGuard, Dagger, GitHub, Gradle, NightVision, ServiceNow, Shipyard, Sonar, and Troj.ai. 

JFrog plans to add more partners to its evidence ecosystem over time. 

JFrog CEO and co-founder, Shlomi Ben Haim, said in the era of AI, software releases come from both humans and machines, creating a tsunami of software delivery that organisations must be prepared to manage.

“Our customers tell us that after DevOps and DevSecOps, the next big challenge in this new reality is compliance - that’s why ‘DevGovOps’ must happen," he said.

"With JFrog Artifactory serving as the single source of truth for all software packages, JFrog AppTrust signs and secures both internal and external evidence, automates release quality gates, and integrates as the governance infrastructure for IT operations platforms like ServiceNow.

"This ensures every release is trusted, verified, and ready for production at scale.”