JFrog announced Monday that its JFrog Artifactory and JFrog Xray solutions are now accredited in the Department of Defense’s (DoD) Iron Bank and are available via Platform One, the Air Force’s software development platform.
The goal of Platform One is to help government entities work with approved, hardened, cloud-native DevSecOps solutions along with connecting government entities to needed collaboration tools, cybersecurity tools, development tools, open-source code, and artifact repositories. As part of the Platform One initiative, Iron Bank is the DoD’s repository of digitally signed, binary container images including both free and open-source software and commercial off-the-shelf. The Iron Bank container registry has Continuous Authority to Operate, which enables developers to easily push validated code into production more quickly.
“We understand software needs to be hardened and trusted in order for the Federal government to rely on JFrog for their mission-critical applications,” said Shlomi Ben Haim, co-founder and CEO of JFrog. “Our vision is to enable all organizations to ‘shift left’ to bake security into every stage of development and seamlessly deploy updates across geographies, from ground to cloud, to any device throughout the software supply chain with ease and peace of mind.”
In a press release, JFrog said the JFrog Artifactory provides a “single, reliable source of truth for binary packages that follow the DevOps lifecycle from development to deployment at the edge.” The press release also explained that JFrog Xray works with JFrog Artifactory to “enable multi-layer analysis of each binary or container image and flags any security vulnerabilities or compliance compromises to ensure software quality.”
“Rapid software development is an imperative for all our customers, which includes the U.S. military, but it should never come at the expense of security,” said Lou Doerr, head of U.S. Commercial Unit for technology consulting firm, Oteemo. “Knowing JFrog’s Platform is Iron Bank-certified makes it easy to recommend them for use by public and private organizations needing software delivery solutions that bake-in security from inception.”