With the introduction of JFrog Runtime, JFrog has added a component to its software supply chain security and devsecops platform to help users secure container-based applications in production.
Introduced September 10, JFrog Runtime integrates with JFrog Artifactory to allow devops and security teams to easily identify the source and owner of a vulnerable package and determine the fastest and most efficient way to mitigate risks, JFrog said. The technology monitors Kubernetes clusters, identifies and remediates vulnerabilities, and ensures the integrity of images in production. Leveraging the JFrog Platform, JFrog Runtime offers real-time visibility into runtime vulnerabilities and risks and automates integrity checks to ensure trusted images are running in production. Also featured are triage and prioritization for faster remediation of critical vulnerabilities.
JFrog stressed that keeping an application secure in runtime is a complex task. Organizations can struggle with maintaining real-time visibility into runtime vulnerabilities, managing and prioritizing risks, and ensuring deployment integrity, JFrog said. The goal is to identify and remediate vulnerabilities while minimizing business impact and tracking runtime components. Key features and benefits of JFrog Runtime include:
- Real-time vulnerability visibility within the runtime environment.
- Accelerated triage and prioritization for remediation of security incidents.
- Reduced risk through exposure management.
- Protection for cloud-based workloads, to safeguard applications from data breaches or unauthorized access.
- Analytics for Kubernetes clusters.
- Centralized incident awareness.
JFrog said that users of JFrog Runtime can identify who uploaded a package to JFrog Artifactory, its owner, its deployment status, and applicable risks. They can identify which workloads are affected across an environment and plan how to address vulnerabilities.