JFrog introduces new integrations for JFrog Xray with ServiceNow’s Lightstep Incident Response and Spoke products for IT service management. IT executives will use them to gain real-time visibility into security vulnerabilities and compliance issues.
Given the high velocity of today’s business operations, successfully securing the software supply chain requires efficient cross-team collaboration to address security incidents in a timely manner, says Shlomi Ben Haim, co-founder, and CEO of JFrog. “Our integration with ServiceNow aims to transform the relationship between developers and the rest of the organization to maintain the speed and frequency of releases while avoiding downtime and loss of trust with end users.”
He said the new integration allows IT teams to proactively address security issues before they have a serious impact. The combination of JFrog Xray and ServiceNow, he said, provides a robust software composition analysis (SCA) tool that can quickly scan binaries for vulnerabilities and violations of internal licensing requirements. These findings would then be communicated to the appropriate parties within the company.
The solution, JFrog said, is unique in that it helps DevOps engineers, site reliability engineers (SREs), IT system administrators and others effortlessly and securely build, deploy, run and monitor applications in a single view. It also enables real-time security alerts and insights with assigned actions across all tools, people, and processes required for timely problem resolution, he said.
Integration with Lightstep Incident Response, he said, brings the following benefits to developers, SREs, and security administrators:
- Monitor, collect, and respond to license compliance and security vulnerabilities affecting the software supply chain at all stages of the software development and lifecycle,
- Streamline vulnerability response by bringing in the right team members within the organization for faster remediation.
In addition, JFrog Xray Spoke enables IT operations personnel to:
- Generate reports for policy violations and create “ignore rules”; builds could be rescanned and custom item properties added,
- Automate workflows that meet audit requirements and avoid legal consequences for improper use of code segments from the open source community,
- Earlier detection of issues in the application development pipeline and integration of change management solutions.
