JFrog, Docker Partner to Streamline Software Supply Chains

JFrog and Docker, Inc. announced today they are working toward tightening integration between their respective offerings to reduce DevOps friction and make software development more efficient.

Under the terms of the alliance, application components residing in Docker Hub, including Docker Official Images and content from Docker Verified Publishers, can be automatically mirrored within the JFrog Artifact software package management platform. The agreement also provides dedicated support mechanisms for mutual customers.

Shlomi Ben Haim, CEO, JFrog,  says both companies are committed to making software development more efficient across the entire software supply chain, and to do so, the companies will further automate processes. The partnership will continue to expand as part of an overall effort to streamline DevOps processes and provide a better developer experience, Ben Haim says.

Scott Johnston, CEO, Docker, Inc., says it’s now feasible for IT organizations to manage application and software development as a true supply chain, now that containers, based on the format defined by the Open Container Initiative (OCI), have become a de facto standard.

That shift will also result in more secure applications, because organizations will no longer need to make a tradeoff between the speed at which applications are built and their confidence in how secure they might be, Johnston says.

As organizations become more dependent on software, organizations increasingly rely on well-defined DevOps best practices and processes to manage application development and deployment. Those processes are becoming more complex, however, as organizations embrace microservices-based applications, and the containers in which to build those applications. Containers make it easier to build, deploy and update microservices; the tradeoff, though, is the complexity that introduces into the software supply chain.

In the longer term, both Johnston and Ben Haim agree that machine learning algorithms and other forms of artificial intelligence (AI) will make it easier to manage more complex software supply chains. However, Ben Haim says since AI generally is an enabling technology, it doesn’t make sense to specifically identify when it is being applied, because DevOps, by definition, already assumes a ruthless commitment to automation.

Automation aside, thanks to the rise of microservices, expect to see an increase in the number of application development and deployment projects organizations launch, though those projects may be smaller in size and scope. However, as enterprise IT organizations find themselves deploying – and then regularly replacing – thousands of microservices, a more industrial approach to building, deploying and securing software will be required.

Achieving that goal will require organizations to consistently employ a set of DevSecOps best processes. Right now, however, adoption of DevOps processes within most organizations is occurring haphazardly, and most organizations haven’t begun to address application security. Consequently, the number of organizations that are managing software development within the context of a larger software supply chain is truly limited.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1411 posts and counting. See all posts by Mike Vizard