Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/jfrog/jfrog-security-docs


https://github.com/jfrog/jfrog-security-docs

Last synced: 7 months ago
JSON representation

Awesome Lists containing this project

README 

          
# What is JFrog Security?



### Securing the End-to-End Software Supply Chain



JFrog Security provides a comprehensive solution to protect your software development lifecycle (SDLC) from emerging threats, vulnerabilities, and compliance risks. As part of JFrog’s end-to-end DevSecOps platform, JFrog Security integrates seamlessly into your development workflow, ensuring secure code, dependencies, and infrastructure from development to production.






### Why JFrog Security?



* **End-to-End Protection:** Security is embedded throughout the SDLC, from OSS Firewall, source code analysis, and binary analysis to runtime monitoring.

* **Seamless Integration:** Works natively with CI/CD pipelines, package registries, and DevOps tools.

* **Automated Security & Compliance:** Continuous scanning, risk assessment, and policy enforcement.



### Key Capabilities



* **JFrog Xray (SCA):** Source code and Binary analysis to detect open-source package risks (vulnerabilities, Licenses, Operational risks, and Malicious packages), with an extensive Policy engine and Reporting capabilities.

* **JFrog Advanced Security (SAST, Secrets, CVEs contextual analysis, and IaC Security):** Source code and Binary advanced scans that go beyond SCA to expose 1st party code issues, and misconfiguration while reducing noise using CVEs contextual analysis.

* **JFrog Curation:** Prevent risky dependencies by blocking them before they enter your Artifactory.

* **JFrog Runtime Security:** Monitors running Kubernetes clusters for threats and integrity checks.