JFrog combines ML development with DevSecOps

With businesses increasingly relying on a host of AI implementations within their services, JFrog is trying to respond to the need for a central management system to bring AI deliveries in line with an organization's existing DevOps practices.

Dubbed "ML model management," JFrog's new capabilities are introduced within the JFrog software supply chain platform to manage an organization's local and open source ML models and ensure the security of those models through the software development lifecycle (SDLC).

"As the creator of Artifactory -- the industry's leading technology for easily storing, managing, and securing binaries -- it's only natural we're proud to bring another advanced type of binary -- ML models -- into a unified software supply chain platform to help customers rapidly deliver trusted software at scale," said Yoav Landman, chief technology officer and co-founder of JFrog.

JFrog has announced adding another DevOps functionality, Release Lifecycle Management (RLM), along with a suite of new security capabilities in the JFrog platform.

JFrog platform receives DevOps boost

JFrog has added two new DevOps functionalities -- Release Lifecycle Management (RLM) and ML model management.

RLM allows organizations to create an immutable "Release bundle" that defines a potential release and its components early in the software development lifecycle. The capability uses anti-tampering systems, compliance checks, and evidence capture to collect data and insights on each release bundle at every stage of the SDLC, according to Landman.

JFrog's ML model management, a fresh offering in the segment, complements Artifactory -- the universal binary repository developed by JFrog wherein the platform caches open source ML models from Hugging Face to protect them from deletion or modification -- stores locally developed or improved models with access controls and versioning.

The new ML model management will scan licenses of all the models incorporated in a workflow to ensure compliance.

"Artifactory is so popular because it's a one-stop shop for large development teams with varying application types; it is known as having the best and broadest integrations across the board," said Jimmy Mesta, founder and chief technology officer of KSOC. "The addition of ML model management is a natural extension of that core value proposition, especially given the recent explosion of AI and ML development in applications."

ML model management is available as an open beta immediately to all SaaS customers, with full hybrid support coming soon, according to Landman.

Security upgrades also added

JFrog software supply chain platform also included a few security-centric capabilities including Static Application Security Testing (SAST), Open Source Software (OSS) Catalog, and ML Model Security.

While SAST integrates with various software developer environments to help customers scan source code for zero-day security vulnerabilities, the OSS catalog provides a "search engine for open source software packages" in the JFrog UI or via API.

"Our SAST engine is fast and accurate to help minimize false positives and prioritize remediation efforts to ensure speedy and secure builds," Landman said. "OSS Catalog is backed by both public and JFrog data, giving users immediate insight into the security and risk associated with using OSS packages."

Included with the new ML model management capabilities is security support for scanning and detecting malicious machine learning models, blocking their use if needed, and ensuring license compliance with company policies. All the features, except ML model management, which is available under beta, are available as part of the JFrog platform subscription.