Platform Details

• JFrog Platform
• High Availability
• Backups and Disaster Recovery

JFrog Platform

JFrog is set of services that revolve around binary dependency management (Artifactory), pipelines (Pipelines), distribution (Distribution) and artifact inspection and reporting (X-Ray).

Ford's implementation is Enterprise level and completely in the GCP Cloud

The underlying platform specifics that rely on space, horizontal scaling and network availability are handled by JFrog. Authentication/authorization, organization, project and repository creation and the enabling of features are handled by Ford.

High Availability

JFrog Cloud Platform is highly available and scalable.

Backups and Disaster Recovery

Ford provides a Disaster Recovery environment in the cloud via JFrog's Platform management capabilities.

Important: Your Go-To for Public Packages and Dependencies!

To make sure our software development lifecycle (SDLC) is as secure as possible, we're really encouraging all developers to use JFrog when downloading public dependencies.

• Why is this so important?

  • Open-source packages and libraries are super valuable, but they can sometimes bring hidden risks if not properly vetted. By routing all your public dependency downloads through JFrog, you're not just following a new process – you're actively engaging with the new security measures we're implementing, like JFrog Curation.

• This means:

  1. Proactive Security: JFrog acts as our first line of defense. It automatically checks packages against our security policies before they even touch your local environment or our projects. This helps us catch potential vulnerabilities and threats early, saving us a lot of headaches (and costly fixes!) down the line.
  2. Visibility & Control: It gives us the necessary visibility into what's being used across Ford, ensuring we maintain a healthy and secure software supply chain.
  3. Streamlined Process: While it might be a small change to your workflow, in the long run, it helps automate security checks, letting you focus more on building awesome features and less on worrying about potential security surprises.

Think of it as adding an extra layer of smart protection for all the amazing work you do. It's a key part of our "shift left" strategy – bringing security right to the beginning of our development process.