The JFrog Platform is a comprehensive software supply chain management solution that integrates multiple security and development components: 1. Repository Management: - Provides universal artifact and ML model repository management through Artifactory - Enables centralized storage and distribution of software packages, containers, and ML models 2. Security Features: - Implements Software Composition Analysis (SCA) for detecting vulnerabilities - Offers source code scanning capabilities (SAST) - Includes secrets detection mechanisms - Provides runtime security monitoring - Features Infrastructure as Code (IaC) security scanning 3. DevSecOps Integration: - Enables package curation and validation - Implements automated security controls throughout the development pipeline - Offers supply chain exposure scanning and impact analysis 4. AI/ML Capabilities: - Supports ML model lifecycle management - Provides security controls specific to AI/ML workflows - Enables model building, training, deployment, and monitoring 5. Distribution and Management: - Facilitates secure software distribution across multiple endpoints - Includes IoT device management capabilities - Supports multi-site deployments and high availability configurations The platform integrates with common development tools and cloud providers, supporting both cloud-native and hybrid deployments while maintaining compliance and security standards.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A security-focused general purpose memory allocator providing the malloc API with hardening against heap corruption vulnerabilities.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A plugin for viewing, detecting weak configurations, and generating Content Security Policy headers.
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
Integrates static APK analysis with Yara and requires re-compilation of Yara with the androguard module.
Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.