JFrog Unveils AppTrust: “DevGovOps” Solution to Redefine Software Release Governance
Platform-native, secure, release management solution delivers evidence-based insights for software supply chain security, compliance, and integrity
Platform-native, secure, release management solution delivers evidence-based insights for software supply chain security, compliance, and integrity
By providing a comprehensive view of software security, quality, and performance metrics, alongside evidence-based policies and contextualized insights, JFrog AppTrust helps DevOps and Security teams seamlessly and cohesively govern enterprise applications. The solution also natively integrates with the ServiceNow AI Platform, delivering a unified experience across both logic and infrastructure layers while applications are being released.
“Software is being released faster than ever, and secure updates have become the fuel powering today’s world. In the era of AI, software releases come from both humans and machines, creating a tsunami of software delivery that organizations must be prepared to manage,” said JFrog CEO and Co-founder, Shlomi Ben Haim. “Our customers tell us that after DevOps and DevSecOps, the next big challenge in this new reality is compliance - that’s why ‘DevGovOps’ must happen. With JFrog Artifactory serving as the single source of truth for all software packages, JFrog AppTrust signs and secures both internal and external evidence, automates release quality gates, and integrates as the governance infrastructure for IT operations platforms like ServiceNow. This ensures every release is trusted, verified, and ready for production at scale.”
The key capabilities and benefits of JFrog AppTrust include:
- Governance, Risk and Compliance (GRC): Creates a single source of truth using verified, signed evidence and automated policy enforcement to integrate application integrity controls into existing workflows.
- Complete Application Context: Automatically assigns each software asset to an application with clear ownership and context, enabling customers to visualize interdependencies and quickly identify risk sources and who should remediate them.
- Trust Control with Promotion Gates: Control the progression of your software across well-defined stages all the way to Release, according to policies that can take security, evidence, and other platform entities into effect. Define organization-wide and application-level policy gates for full flexibility.
- Evidence System of Record: An open infrastructure to store and display signed evidence from multiple sources and vendors alongside release artifacts to attest for irrefutable metadata about the release.
- Insights that Drive Software Supply Chain Efficiency: Organizations can proactively utilize DORA and other software security metrics to identify bottlenecks, then improve cross-team, cross-application velocity and risk management.
With JFrog Artifactory serving as a single source of truth for software packages, JFrog AppTrust signs and secures both internal and external evidence, automates release quality gates, and integrates with platforms like the ServiceNow AI Platform.
“Modern software governance depends on bringing together the right data – from development through operations – to make informed, auditable decisions at scale,” said Rahul Tripathi, GVP and GM of IT Service Management at ServiceNow. “With ServiceNow’s operational and compliance insights integrated into the JFrog ecosystem, organizations can extend visibility and control even further across their software supply chain. This integration reflects our continued focus on enabling connected, end-to-end governance across the digital lifecycle.”
Capturing evidence from software development is essential for ensuring transparency, fast issue resolution, and compliance in today’s complex landscape. It enables better governance of the supply chain, answers key audit questions about security and quality, and meets industry-specific regulations necessary for doing business.
“As the leading provider of automated, independent code review for AI and developer-written code, SonarQube plays a vital role in helping companies achieve their governance objectives,” said Tariq Shaukat, CEO of Sonar. “We are excited to partner with JFrog to integrate SonarQube’s industry-leading code review findings, covering code quality and code security issues, as an additional validated source of evidence in the JFrog Platform.”
To extend the reach and thoroughness of its evidence collection, JFrog is collaborating with an array of software technology leaders to provide a centralized, trusted audit trail with clear attestations across the entire software development lifecycle. Having this single system of record is expected to help organizations increase visibility, reduce risk, and ensure release readiness, so they can confidently deliver compliant, secure applications.
JFrog’s AppTrust evidence partner ecosystem currently includes: Akto, Akuity, CoGuard, Dagger, GitHub, Gradle, NightVision, ServiceNow, Shipyard, Sonar, and Troj.ai. JFrog plans to add more partners to its evidence ecosystem over time.
"By knowing what's in their applications and where risks are introduced, organizations can achieve more comprehensive application management and improved application trust," said Jim Mercer, IDC Program Vice President, Software Development, DevOps, and DevSecOps. "Organizations struggling to secure their software supply chains can benefit from these new capabilities, making practices like attestation and provenance more achievable."
JFrog AppTrust helps bridge the gaps between development speed and trust. Historically, security, compliance and development teams have faced friction, with the former viewed by development teams as an obstacle to innovation. With JFrog AppTrust, teams can work more collaboratively, balancing security, compliance and speed, while maintaining software quality, performance, and safety thanks to a fully integrated trust automation that includes
- Application-context asset assignment
- Promotion gating
- Software dependency mapping
- Ensuring applications meet standards before release
- Cross-team dashboards
- Vulnerability applicability analysis
- Pipeline performance visibility
For additional information on JFrog AppTrust and how it works, read this blog, visit https://jfrog.com/apptrust/, or register for the “AppTrust, AI Catalog and more” webinar on October 9 at 9 AM PT.
Like this Story? Tweet this: .@JFrog AppTrust enables companies to achieve trusted software integrity, compliance, and control with evidence-based security and contextualized insights. Learn more: https://bit.ly/4ngySe3
About JFrog
JFrog Ltd. (Nasdaq: FROG), the creators of the unified DevOps, DevSecOps and MLOps platform, is on a mission to create a world of software delivered without friction from developer to production. Driven by a “Liquid Software” vision, the JFrog Software Supply Chain Platform is a single system of record that powers organizations to build, manage, and distribute software quickly and securely that is available, traceable, and tamper-proof. Integrated security features also help identify, protect, and remediate against threats and vulnerabilities. JFrog’s hybrid, universal, multi-cloud platform is available as both SaaS services across major cloud service providers and self-hosted. Millions of users and 7K+ customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely embrace digital transformation. Learn more at www.jfrog.com or follow us on X @JFrog.
Cautionary Note About Forward-Looking Statements
This press release contains “forward-looking” statements, as that term is defined under the
These forward-looking statements are based on our current assumptions, expectations and beliefs and are subject to substantial risks, uncertainties, assumptions and changes in circumstances that may cause JFrog’s actual results, performance or achievements to differ materially from those expressed or implied in any forward-looking statement. There are a significant number of factors that could cause actual results, performance or achievements to differ materially from statements made in this press release, including but not limited to risks detailed in our filings with the Securities and Exchange Commission, including in our annual report on Form 10-K for the year ended December 31, 2024, our quarterly reports on Form 10-Q, and other filings and reports that we may file from time to time with the Securities and Exchange Commission. Forward-looking statements represent our beliefs and assumptions only as of the date of this press release. We disclaim any obligation to update forward-looking statements except as required by law.
View source version on businesswire.com: https://www.businesswire.com/news/home/20250909565850/en/
Media Contact:
Siobhan Lyons, Director, Global Communications, JFrog, siobhanL@jfrog.com
Investor Contact:
Jeff Schreiner, VP of Investor Relations, jeffS@jfrog.com
Source: JFrog Ltd.
