-
1.
The Future of
Continuous Software Updates
Is Here
Jan2020
-
2.
Legal Disclaimer
This presentation is strictly private and confidential and is intended only for the use of persons to whom it has specifically
been given by JFrog. Without the prior written consent of JFrog, this presentation should not be disclosed to any other
person, company, partnership or other entity, or reproduced in whole or in part.
This presentation and the accompanying oral presentation regarding JFrog include forward-looking statements, including
but not limited statements regarding our business strategy, plans and objectives for future operations, market size and
growth opportunities, competitive position and technological and market trends. We have based these forward-looking
statements largely on our current expectations and projections about future events and financial trends that we believe
may affect our financial condition, results of operations, and business strategy. These forward-looking statements are
subject to a number of risks, uncertainties and assumptions. In light of these risks, uncertainties and assumptions, the
future events and trends discussed in these presentations may not occur and actual results could differ materially from
our current expectations. JFrog does not assume any obligation to update the forward-looking statements provided to
reflect events that occur or circumstances that exist after the date on which they were made, except as required by law.
This presentation is for marketing purposes only and does not constitute an offer to sell or a solicitation of an offer to buy
any securities of JFrog.
-
3.
@greenido
ido-green.appspot.com
-
4.
JFROG’S MISSION IS TO POWER ALL
THE SOFTWARE UPDATES IN THE WORLD
-
5.
Politics
Food & Water
Healthcare
Transportation Energy
Social Interaction
EVERYTHING
RUNS ON SOFTWARE
-
6.
WHY APPLICATION UPDATES MATTER
-
7.
“During the update process you will not be able
to drive the vehicle”
SOFTWARE UPDATES MATTER
-
8.
INTEGRATED ECOSYSTEM
+50 technology partners
Hosted offering on all public clouds
CONTINUOUS SECURITY
Vulnerability scanning for major artifacts and container images
with package expansion
JFROG’S UNIFIED APPROACH
HYBRID AND MULTI-CLOUD
From OSS to multi-cloud
From legacy apps to Kubernetes
RADICALLY UNIVERSAL
Any binary, any stack,
any DevOps tool
END-TO-END PLATFORM
Shared visibility, governance, and control across pipelines from Git to
K8s, and everything in between
SCALES TO INFINITY
We don’t blink at xxx/min
-
9.
Streamlining the flow and supply chain of artifacts is essential to increasing release velocity and quality.
How did we go about it?
ARTIFACTS ARE THE BUILDING BLOCKS OF SOFTWARE
-
10.
CODE
REPOSITORIES
CI/CD
SYSTEMS
Automate &
assembled
SECURITY AND
COMPLIANCE
Removing risk while
building
PACKAGE
MANAGEMENT
The ”Database of
DevOps”
DISTRIBUTION
SYSTEMS
Push software
packages fast and
secure
END USERS
& THE EDGE
Updating everything
continuously
Key Components to Deliver Software
RUNTIME &
PRODUCTION
BUILD TEST RELEASE DEPLOYCODE OPERATE
Dev Ops
EFFICIENT & INTERGRATED DEVOPS PROCESSES
-
11.
Metadata
Policies
Processes
Methods
Secrets
A Universe
of Technologies
Optimized
& Standardized
Delivered
In One Place
Seamlessly Released
to Everyone
Devices
Servers
Teams
Customers
Artifacts
Security
Storage
Automation
Distribution
Unified in
One Platform
BRINGING ORDER TO SOFTWARE CHAOS
-
12.
THE CENTER OF THE SOFTWARE RELEASE PROCESS
Integrated platform to manage any delivery environment
Cloud
Packages
CI/CD
Containers
Deployment
Tools/Testing
-
13.
THE ECOSYSTEM
STRENGTHENING UNIVERSALITY
By partnering with other companies within the DevOps pipeline ecosystem, we are improving the way
our customers can use JFrog solutions in their workflow.
-
14.
24/7 Dedicated Support + DevOps
Acceleration Service Arm
THE JFROG PLATFORM
BUILD TEST RELEASE DEPLOY
Continuously integrate
automate & deploy
Clear security and compliance
issues
Distribute to
production site
Control and monitor the
flow
On Premises
& Multicloud
Store and manage
all types of
packages
-
15.
JFROG PLATFORM UNIFIED
-
16.
UNIFIED INNOVATION
Trusted
communication
Metrics and
request tracing
Unified UI
infrastructure
Unified
Installation
Logging and
supportability
-
17.
DevOps is about making software development and delivery
FRICTIONLESS
-
18.
WHAT IS JFROG PIPELINES?
STREAMLINES THE PROCESS of software
development and delivery across teams and
tools
PROVIDING ACTIONABLE INSIGHTS that enable
continuous improvement
CI & CD platform
-
19.
WHAT DOES FRICTIONLESS MEAN?
Code Build Push Scan Test Promote Bundle Sign Distribute Deploy
Automated
Repeatable
Traceable
Immutable
Typical Software Development Workflow
THE PROCESS THE PACKAGES
-
20.
KEY CONCEPTS
STEPS are executable units that perform a specific task, such as building an application,
pushing it to Artifactory, provisioning a machine, etc
RESOURCES contain information required to execute steps. For example, files, images, git repositories, etc
INTEGRATIONS contain credentials to third-party tools/services, such as AWS, Slack, Github, etc
PIPELINE is a collection of interconnected serial or parallel steps required to achieve an outcome
RUN is an instance of pipeline execution
-
21.
KEY CAPABILITIES
SPEED SIMPLICITY SCALABILITY SECURITY
Caching for packages,
steps and nodes
Immutable Resources to
share across teams
Built-in State to store
precious build state
Real-time interactive
dashboards
Native Steps for common
actions
Standardized syntax
across all DevOps tasks
Integrated with all JFrog
products
Step Dev Kit to extend
the platform (H2 2020)
Scales horizontally to
support 1000s of apps
Elastic builds nodes for
hybrid & multi cloud
1 CI/CD tool for all OS,
lang, arch & platforms
Universal, supports all
popular tools and tech
Centralized Secrets using
Vault
Each build on its own
node
Rich permission model
with scopes
TTL expiration for all
builds
-
22.
MIX & MATCH AUTOMATION
CONTINUOUS
INTEGRATION
CONTINUOUS
DEPLOYMENT
-
23.
DEVSECOPS
RELEASE FAST, KEEP SAFE
-
24.
THE RACE
Vulnerability
Introduced
Vulnerability
Discovered
You Find It You Fix It
HIGHEST
SECURITY
RISK
Exploits
Published
Hacker
Attack
Vulnerability
Introduced
Vulnerability
Reported You Find It You Fix It
-
25.
XRAY OVERVIEW
Global Xray DB
JXray
External
Sources
AUTOMATIC ACTIONS
VIOLATIONS
POLICIES WATCHES
METADATA COMPONENT GRAPH
Security
License Repo
Repo
Fail
Build
Web Hooks,
Slack,
Emails
Prevent
Downloa
d
Build
Build
Build
-
26.
JFROG XRAY
step-3create-docker-ima…
docker-app:235
sha256_d3938036b19cf…
ubuntu:xenial:cryptsetu…
-
27.
VULNERABILITY INTELLIGENCE
45.5% of the vulnerabilities in VulnDB not published by NVD/CVE in 2018 have a CVSSv2 score between 7-10
-
28.
PREVENTION AND REMEDIATION
Vulnerability Intelligence Component Matching
Indexing engine and repository
Vertical integration from IDE to production
Continuous scanning and Impact analysis
Remediation and fix versions
-
29.
MINIMIZING FALSE POSITIVES
AnalyzerCrawler Fetch Data Global Xray DB
-
30.
NEW
ARTIFACT
INDEXING SCANNING
SETUP
POLICY RULES
CREATE
AUTOMATIC ACTIONS
FAIL
BUILD
NOTIFICATION
CRITICAL
VIOLATION
MINOR
VIOLATION
SCANS AGAINST SECURITY & COMPLIANCE
POLICIES
-
31.
IMPACT ANALYSIS
OSS
Licenses
Known
CVE’s
Unofficial
Base
Image
-
32.
24/7 Dedicated Support + DevOps
Acceleration Service Arm
THE JFROG PLATFORM
BUILD TEST RELEASE DEPLOY
Continuously integrate
automate & deploy
Clear security and compliance
issues
Distribute to
production site
Control and monitor the
flow
On Premises
& Multicloud
Store and manage
all types of
packages
-
33.
THANK YOU!
@greenido
ido-green.appspot.com
Software should flow like water in the pipes to the right place at the right time.
Velocity + Security.
Software is eating the world
It’s your competitive advantage
The need to securely release software faster and seamlessly is an imperative that all organizations currently face
“DevOps” has emerged as a discipline that combines software development and IT operations, and aims to
Shorten the software development lifecycle and
Provide more frequent delivery of high-quality software
The DevOps workflow spans the lifecycle of software, from the planning, coding, building, and testing of software by developers, to the releasing, deploying, operating, and monitoring of that software by IT operators in a production environment
DevOps has also shifted to include the process of managing software security, known as DevSecOp
Today, many organizations utilize a combination of several, disparate tools to manage their DevOps and DevSecOps workflows
You can use this quality data from the development phase (integrated with IDEs) up to the runtime.
Do you wish to make sure that there aren’t any GPL in your software? Or any other license you wish to avoid?