DevOps and “Liquid Software” release practices are rapidly becoming the standard. But, as software shapes digital transformation, DevOps teams are feeling challenged to manage their growing influence on corporations’ success or failure. In this talk, Ido Green looks into the growing pains that most enterprises (many of them JFrog customers) face when adopting and consolidating DevOps at scale, and how these challenges are being mitigated with end-to-end platform solutions. We’ll wrap up with some DevOps best practices - from the trenches - that will help you address emerging trends that your bosses’ bosses really care about.

1. The Future of
Continuous Software Updates
Is Here
Jan2020

2. Legal Disclaimer
This presentation is strictly private and confidential and is intended only for the use of persons to whom it has specifically
been given by JFrog. Without the prior written consent of JFrog, this presentation should not be disclosed to any other
person, company, partnership or other entity, or reproduced in whole or in part.
This presentation and the accompanying oral presentation regarding JFrog include forward-looking statements, including
but not limited statements regarding our business strategy, plans and objectives for future operations, market size and
growth opportunities, competitive position and technological and market trends. We have based these forward-looking
statements largely on our current expectations and projections about future events and financial trends that we believe
may affect our financial condition, results of operations, and business strategy. These forward-looking statements are
subject to a number of risks, uncertainties and assumptions. In light of these risks, uncertainties and assumptions, the
future events and trends discussed in these presentations may not occur and actual results could differ materially from
our current expectations. JFrog does not assume any obligation to update the forward-looking statements provided to
reflect events that occur or circumstances that exist after the date on which they were made, except as required by law.
This presentation is for marketing purposes only and does not constitute an offer to sell or a solicitation of an offer to buy
any securities of JFrog.

3. @greenido
ido-green.appspot.com

4. JFROG’S MISSION IS TO POWER ALL
THE SOFTWARE UPDATES IN THE WORLD

5. Politics
Food & Water
Healthcare
Transportation Energy
Social Interaction
EVERYTHING
RUNS ON SOFTWARE

6. WHY APPLICATION UPDATES MATTER

7. “During the update process you will not be able
to drive the vehicle”
SOFTWARE UPDATES MATTER

8. INTEGRATED ECOSYSTEM
+50 technology partners
Hosted offering on all public clouds
CONTINUOUS SECURITY
Vulnerability scanning for major artifacts and container images
with package expansion
JFROG’S UNIFIED APPROACH
HYBRID AND MULTI-CLOUD
From OSS to multi-cloud
From legacy apps to Kubernetes
RADICALLY UNIVERSAL
Any binary, any stack,
any DevOps tool
END-TO-END PLATFORM
Shared visibility, governance, and control across pipelines from Git to
K8s, and everything in between
SCALES TO INFINITY
We don’t blink at xxx/min

9. Streamlining the flow and supply chain of artifacts is essential to increasing release velocity and quality.
How did we go about it?
ARTIFACTS ARE THE BUILDING BLOCKS OF SOFTWARE

10. CODE
REPOSITORIES
CI/CD
SYSTEMS
Automate &
assembled
SECURITY AND
COMPLIANCE
Removing risk while
building
PACKAGE
MANAGEMENT
The ”Database of
DevOps”
DISTRIBUTION
SYSTEMS
Push software
packages fast and
secure
END USERS
& THE EDGE
Updating everything
continuously
Key Components to Deliver Software
RUNTIME &
PRODUCTION
BUILD TEST RELEASE DEPLOYCODE OPERATE
Dev Ops
EFFICIENT & INTERGRATED DEVOPS PROCESSES

11. Metadata
Policies
Processes
Methods
Secrets
A Universe
of Technologies
Optimized
& Standardized
Delivered
In One Place
Seamlessly Released
to Everyone
Devices
Servers
Teams
Customers
Artifacts
Security
Storage
Automation
Distribution
Unified in
One Platform
BRINGING ORDER TO SOFTWARE CHAOS

12. THE CENTER OF THE SOFTWARE RELEASE PROCESS
Integrated platform to manage any delivery environment
Cloud
Packages
CI/CD
Containers
Deployment
Tools/Testing

13. THE ECOSYSTEM
STRENGTHENING UNIVERSALITY
By partnering with other companies within the DevOps pipeline ecosystem, we are improving the way
our customers can use JFrog solutions in their workflow.

14. 24/7 Dedicated Support + DevOps
Acceleration Service Arm
THE JFROG PLATFORM
BUILD TEST RELEASE DEPLOY
Continuously integrate
automate & deploy
Clear security and compliance
issues
Distribute to
production site
Control and monitor the
flow
On Premises
& Multicloud
Store and manage
all types of
packages

15. JFROG PLATFORM UNIFIED

16. UNIFIED INNOVATION
Trusted
communication
Metrics and
request tracing
Unified UI
infrastructure
Unified
Installation
Logging and
supportability

18. DevOps is about making software development and delivery
FRICTIONLESS

19. WHAT IS JFROG PIPELINES?
 STREAMLINES THE PROCESS of software
development and delivery across teams and
tools
 PROVIDING ACTIONABLE INSIGHTS that enable
continuous improvement
CI & CD platform

20. WHAT DOES FRICTIONLESS MEAN?
Code Build Push Scan Test Promote Bundle Sign Distribute Deploy
Automated
Repeatable
Traceable
Immutable
Typical Software Development Workflow
THE PROCESS THE PACKAGES

21. KEY CONCEPTS
 STEPS are executable units that perform a specific task, such as building an application,
pushing it to Artifactory, provisioning a machine, etc
 RESOURCES contain information required to execute steps. For example, files, images, git repositories, etc
 INTEGRATIONS contain credentials to third-party tools/services, such as AWS, Slack, Github, etc
 PIPELINE is a collection of interconnected serial or parallel steps required to achieve an outcome
 RUN is an instance of pipeline execution

22. KEY CAPABILITIES
SPEED SIMPLICITY SCALABILITY SECURITY
 Caching for packages,
steps and nodes
 Immutable Resources to
share across teams
 Built-in State to store
precious build state
 Real-time interactive
dashboards
 Native Steps for common
actions
 Standardized syntax
across all DevOps tasks
 Integrated with all JFrog
products
 Step Dev Kit to extend
the platform (H2 2020)
 Scales horizontally to
support 1000s of apps
 Elastic builds nodes for
hybrid & multi cloud
 1 CI/CD tool for all OS,
lang, arch & platforms
 Universal, supports all
popular tools and tech
 Centralized Secrets using
Vault
 Each build on its own
node
 Rich permission model
with scopes
 TTL expiration for all
builds

27. MIX & MATCH AUTOMATION
CONTINUOUS
INTEGRATION
CONTINUOUS
DEPLOYMENT

28. DEVSECOPS
RELEASE FAST, KEEP SAFE

29. THE RACE
Vulnerability
Introduced
Vulnerability
Discovered
You Find It You Fix It
HIGHEST
SECURITY
RISK
Exploits
Published
Hacker
Attack
Vulnerability
Introduced
Vulnerability
Reported You Find It You Fix It

30. XRAY OVERVIEW
Global Xray DB
JXray
External
Sources
AUTOMATIC ACTIONS
VIOLATIONS
POLICIES WATCHES
METADATA COMPONENT GRAPH
Security
License Repo
Repo
Fail
Build
Web Hooks,
Slack,
Emails
Prevent
Downloa
d
Build
Build
Build

31. JFROG XRAY
step-3create-docker-ima…
docker-app:235
sha256_d3938036b19cf…
ubuntu:xenial:cryptsetu…

32. VULNERABILITY INTELLIGENCE
45.5% of the vulnerabilities in VulnDB not published by NVD/CVE in 2018 have a CVSSv2 score between 7-10

33. PREVENTION AND REMEDIATION
Vulnerability Intelligence Component Matching
Indexing engine and repository
Vertical integration from IDE to production
Continuous scanning and Impact analysis
Remediation and fix versions

34. MINIMIZING FALSE POSITIVES
AnalyzerCrawler Fetch Data Global Xray DB

35. NEW
ARTIFACT
INDEXING SCANNING
SETUP
POLICY RULES
CREATE
AUTOMATIC ACTIONS
FAIL
BUILD
NOTIFICATION
CRITICAL
VIOLATION
MINOR
VIOLATION
SCANS AGAINST SECURITY & COMPLIANCE
POLICIES

36. IMPACT ANALYSIS
OSS
Licenses
Known
CVE’s
Unofficial
Base
Image

37. 24/7 Dedicated Support + DevOps
Acceleration Service Arm
THE JFROG PLATFORM
BUILD TEST RELEASE DEPLOY
Continuously integrate
automate & deploy
Clear security and compliance
issues
Distribute to
production site
Control and monitor the
flow
On Premises
& Multicloud
Store and manage
all types of
packages

38. THANK YOU!
@greenido
ido-green.appspot.com