Strong DevSecOps Practices With the JFrog Platform
Implement DevSecOps practices and enforce them automatically across your entire workforce using Strong Network’s secure Cloud Development

Strong DevSecOps Practices With the JFrog Platform

Cloud Development provides the ability to manage development environments in a centralized manner, allowing organizations to ensure uniform security policies and regulatory compliance across all projects. One way to implement code security policies with Strong Network is by using JFrog’s platform. In this article, we detail the process and benefits of using JFrog’s solutions to achieve this goal.

Why Strong Network’s Platform Integrates with JFrog

Strong Network’s platform is pivotal to implement secure Cloud-based development with the ability to manage development environments in a centralized manner, ensuring uniform security policies, compliance and regulatory adherence across all projects. By integrating with platforms such as JFrog’s, this also includes DevSecOps, code security best-practices that can be automatically deployed with secure Cloud Development Environments.

In this article, we explain how the joint use of Strong Network and JFrog’s platforms streamlines code security practices and provides transparent integration in every developer’s environments, in addition to systematic application and auditing of these practices.

DevSecOps’ Integration Optimizes the Developer’s Experience

Here I’ll explain that, through this integration developers gain the benefit of automation across several processes, such the access to Jfrog’s platform, the inclusion of JFrog’s CLI in every environment, the automatic scanning for vulnerabilities and the transparent management of a secure SBOM.

These features not only bolster security but also enhance efficiency, allowing developers to focus more on coding and less on setup and security concerns, thus improving the experience. The next figure represents the various integration touchpoints.

Integration touchpoints: automated authentication to JFrog services and installation in VSCode, direct CLI access and deployment of best-practices such as container scanning and secure SBOM management.

In addition, I’ll explain that JFrog’s platform is automatically integrated to Strong Network’s platform without exposing sensitive credentials. This frees the developer from other security-related tasks, while at the same time making the organization more secure.

Let’s explore in detail the features delivered when associating the two strongest platforms in secure code development available today.

Prerequisites and JFrog Platform Sign-In From Strong Network

To successfully integrate the Strong Network platform with JFrog's platform, there are a few prerequisites that must be met in order to leverage their combined strengths.

First, your organization must have deployed the self-hosted Strong Network platform and have access to the JFrog platform, either in a SaaS or a self-hosted solution. Administrative access is needed to both platforms to perform necessary initial set-up configurations.

From the Strong Network platform perspective, the Jfrog platform is integrated as a third party application as shown in the next figure. The goal is this integration is to leverage the services in a transparent manner within the developer’s environment.

This whole of the integration is only done through administrative settings of Strong Network’s platform, so that the availability of JFrog’s platform becomes visible in the Integration tab in the user’s profile (figure below). This allows users to sign into the JFrog platform from Strong Network’s.

Users log in to the JFrog platform once from their profile and access all services from their environment without the need to provide any further authentication information.

Once signed in, JFrog CLI becomes automatically available in the user’s environment. In turn, the integration brings transparent access to every user to Jfrog services. This also allows for the management of user permissions to the services and the establishment of security protocols.

In cases where the JFrog platform is being used in a SaaS model, a specific custom OAuth template provided by JFrog is necessary. The custom OAuth template must be set up and configured in accordance with JFrog's guidelines to ensure compatibility and security.

Let’s explore the available features once a user is signed-in in the following paragraphs.

DevSecOps Practices’ Integration in Cloud-Based Development

One of the standout features of integrating the Strong Network platform with JFrog is the automated integration of JFrog’s CLI into any newly created environment during the development process, when building an application in the environment. This means that whenever a new environment is created, the JFrog CLI and services are automatically installed and authenticated within the environment. This seamless integration streamlines the development workflow, as developers can immediately start using JFrog's services without the need for manual setup or authentication. It enhances efficiency and ensures a consistent environment across all environments.

Whenever a new environment is created, the user can verify that the JFrog CLI and services are automatically installed and authenticated.

Automated Scanning of Container Images with JFrog Xray

The integration also brings the advantage of automated scanning of container images during the environment set-up using JFrog XRay. This feature is particularly crucial for maintaining high standards of security and compliance regarding the development infrastructure. As soon as an environment is created, the container image is automatically scanned, and a summary of any vulnerabilities found is displayed (see the next figure). This immediate feedback allows developers to identify and address security concerns attached to the infrastructure and tools used for development. This integration is possible because Strong Network’s platform embeds the management of environment’s containers as platform resources. Hence, the integration with JFrog allows the automated enforcement of infrastructure security best-practices in the development process.

Because Strong Network’s platform embeds the management of containers, the integration allows the automated enforcement of infrastructure security best-practices in the development process

Secure SBOM Management With JFrog Artifactory

Another significant feature is the management of a secure Software Bill-Of-Material (SBOM) via the integrated access to JFrog Artifactory from the user’s environment. This is achieved without storing JFrog credentials in the environment or exposing them to the developer.

This approach not only simplifies the process of accessing JFrog Artifactory but also upholds stringent security protocols by ensuring that sensitive credentials are never compromised. Developers can seamlessly interact with Artifactory, retrieving and deploying whitelisted, compliant dependencies to ensure code security as needed, while the platform manages the underlying security and authentication mechanisms.

The transparent and automated integration of JFrog Artifactory in the build process allows the production of secure and compliant code through the use of pre-approved, sanitized software libraries downloaded from JFrog’s Artifactory.

JFrog VSCode Extension Pre-installed and Authenticated

Lastly, the integration ensures that the JFrog Visual Studio Code (VSCode) extension is already installed and authenticated in each IDE’s environment from its inception. This eliminates the need for developers to manually set up the extension, allowing them to immediately leverage its functionalities for enhanced productivity. The pre-authentication aspect of the extension ensures that developers can start using JFrog’s services within VSCode right away, further enhancing the overall user experience.

JFrog Visual Studio Code (VSCode) extension is installed and authenticated in each IDE.

Secure Cloud-Based Development Also Delivers Secure Code

The integration of Strong Network's platform with JFrog's platform services represents a significant business value for security-minded organizations. This collaboration is a demonstration of how combining leading technologies integrates DevSecOps best-practices across the development process with the use of secure cloud-based development environments.

In other words, best-practices are smoothly assimilated, avoiding interferences with the developer experience. In all, the integration brings together productivity and security, both from the infrastructure and software aspect from a unified perspective,

Contact me or our engineering team for any questions regarding this platform capability at [email protected]


Derek H.

Business Development Manager | Strategic Account Development and Technology Partnerships

8 个月

????????????

Bertrand Thomas

Solutions Architect | DevOps Coach | Engineering Manager

8 个月

You're such an inspiration Laurent. Thank you for sharing high value content. Really happy about the collaboration between two great solutions. Looking frogward to experiment it!

要查看或添加评论,请登录

社区洞察

其他会员也浏览了