Strong DevSecOps Practices With the JFrog Platform
Laurent Balmelli, PhD
Co-founder, CEO and Head of Product at Strong Network Inc. We are hiring in engineering and sales, please contact me directly.
Cloud Development provides the ability to manage development environments in a centralized manner, allowing organizations to ensure uniform security policies and regulatory compliance across all projects. One way to implement code security policies with Strong Network is by using JFrog’s platform. In this article, we detail the process and benefits of using JFrog’s solutions to achieve this goal.
Why Strong Network’s Platform Integrates with JFrog
Strong Network’s platform is pivotal to implement secure Cloud-based development with the ability to manage development environments in a centralized manner, ensuring uniform security policies, compliance and regulatory adherence across all projects. By integrating with platforms such as JFrog’s, this also includes DevSecOps, code security best-practices that can be automatically deployed with secure Cloud Development Environments.
In this article, we explain how the joint use of Strong Network and JFrog’s platforms streamlines code security practices and provides transparent integration in every developer’s environments, in addition to systematic application and auditing of these practices.
DevSecOps’ Integration Optimizes the Developer’s Experience
Here I’ll explain that, through this integration developers gain the benefit of automation across several processes, such the access to Jfrog’s platform, the inclusion of JFrog’s CLI in every environment, the automatic scanning for vulnerabilities and the transparent management of a secure SBOM.
These features not only bolster security but also enhance efficiency, allowing developers to focus more on coding and less on setup and security concerns, thus improving the experience. The next figure represents the various integration touchpoints.
In addition, I’ll explain that JFrog’s platform is automatically integrated to Strong Network’s platform without exposing sensitive credentials. This frees the developer from other security-related tasks, while at the same time making the organization more secure.
Let’s explore in detail the features delivered when associating the two strongest platforms in secure code development available today.
Prerequisites and JFrog Platform Sign-In From Strong Network
To successfully integrate the Strong Network platform with JFrog's platform, there are a few prerequisites that must be met in order to leverage their combined strengths.
First, your organization must have deployed the self-hosted Strong Network platform and have access to the JFrog platform, either in a SaaS or a self-hosted solution. Administrative access is needed to both platforms to perform necessary initial set-up configurations.
From the Strong Network platform perspective, the Jfrog platform is integrated as a third party application as shown in the next figure. The goal is this integration is to leverage the services in a transparent manner within the developer’s environment.
This whole of the integration is only done through administrative settings of Strong Network’s platform, so that the availability of JFrog’s platform becomes visible in the Integration tab in the user’s profile (figure below). This allows users to sign into the JFrog platform from Strong Network’s.
Once signed in, JFrog CLI becomes automatically available in the user’s environment. In turn, the integration brings transparent access to every user to Jfrog services. This also allows for the management of user permissions to the services and the establishment of security protocols.
In cases where the JFrog platform is being used in a SaaS model, a specific custom OAuth template provided by JFrog is necessary. The custom OAuth template must be set up and configured in accordance with JFrog's guidelines to ensure compatibility and security.
Let’s explore the available features once a user is signed-in in the following paragraphs.
领英推荐
DevSecOps Practices’ Integration in Cloud-Based Development
One of the standout features of integrating the Strong Network platform with JFrog is the automated integration of JFrog’s CLI into any newly created environment during the development process, when building an application in the environment. This means that whenever a new environment is created, the JFrog CLI and services are automatically installed and authenticated within the environment. This seamless integration streamlines the development workflow, as developers can immediately start using JFrog's services without the need for manual setup or authentication. It enhances efficiency and ensures a consistent environment across all environments.
Automated Scanning of Container Images with JFrog Xray
The integration also brings the advantage of automated scanning of container images during the environment set-up using JFrog XRay. This feature is particularly crucial for maintaining high standards of security and compliance regarding the development infrastructure. As soon as an environment is created, the container image is automatically scanned, and a summary of any vulnerabilities found is displayed (see the next figure). This immediate feedback allows developers to identify and address security concerns attached to the infrastructure and tools used for development. This integration is possible because Strong Network’s platform embeds the management of environment’s containers as platform resources. Hence, the integration with JFrog allows the automated enforcement of infrastructure security best-practices in the development process.
Secure SBOM Management With JFrog Artifactory
Another significant feature is the management of a secure Software Bill-Of-Material (SBOM) via the integrated access to JFrog Artifactory from the user’s environment. This is achieved without storing JFrog credentials in the environment or exposing them to the developer.
This approach not only simplifies the process of accessing JFrog Artifactory but also upholds stringent security protocols by ensuring that sensitive credentials are never compromised. Developers can seamlessly interact with Artifactory, retrieving and deploying whitelisted, compliant dependencies to ensure code security as needed, while the platform manages the underlying security and authentication mechanisms.
JFrog VSCode Extension Pre-installed and Authenticated
Lastly, the integration ensures that the JFrog Visual Studio Code (VSCode) extension is already installed and authenticated in each IDE’s environment from its inception. This eliminates the need for developers to manually set up the extension, allowing them to immediately leverage its functionalities for enhanced productivity. The pre-authentication aspect of the extension ensures that developers can start using JFrog’s services within VSCode right away, further enhancing the overall user experience.
Secure Cloud-Based Development Also Delivers Secure Code
The integration of Strong Network's platform with JFrog's platform services represents a significant business value for security-minded organizations. This collaboration is a demonstration of how combining leading technologies integrates DevSecOps best-practices across the development process with the use of secure cloud-based development environments.
In other words, best-practices are smoothly assimilated, avoiding interferences with the developer experience. In all, the integration brings together productivity and security, both from the infrastructure and software aspect from a unified perspective,
Contact me or our engineering team for any questions regarding this platform capability at [email protected]
Business Development Manager | Strategic Account Development and Technology Partnerships
8 个月????????????
YES you rockstar ????
Solutions Architect | DevOps Coach | Engineering Manager
8 个月You're such an inspiration Laurent. Thank you for sharing high value content. Really happy about the collaboration between two great solutions. Looking frogward to experiment it!