Appearance
Platform Details
JFrog Platform
JFrog is a suite of services focused on binary dependency management (Artifactory), CI/CD orchestration (Pipelines), artifact distribution (Distribution), and security/inspection (X-Ray).
- Infrastructure (scalability, storage, networking) is managed by JFrog.
- Authentication, authorization, organization/project/repository creation, and feature enablement are managed by Ford.
High Availability
The JFrog Cloud Platform is architected for high availability and horizontal scalability.
Backups and Disaster Recovery
Ford leverages JFrog’s cloud-native management capabilities to provide disaster recovery. A dedicated DR environment ensures business continuity and data protection.
Public Packages and Dependencies
To secure Ford’s software supply chain, we're encouraging all developers are required to download public dependencies through JFrog.
Why is this so important?
- Open-source libraries are essential, but they can introduce security risks if not properly vetted. Routing downloads through JFrog enables automated security checks (e.g., JFrog Curation).
Benefits:
- Proactive Security: JFrog acts as our first line of defense. It automatically checks packages against our security policies before they even touch your local environment or our projects. This helps us catch potential vulnerabilities and threats early, saving us a lot of headaches (and costly fixes!) down the line.
- Visibility & Control: It gives us the necessary visibility into what's being used across Ford, ensuring we maintain a healthy and secure software supply chain.
- Streamlined Process: While it might be a small change to your workflow, in the long run, it helps automate security checks, letting you focus more on building awesome features and less on worrying about potential security surprises.
Think of it as adding an extra layer of smart protection for all the amazing work you do. It's a key part of our "shift left" strategy – bringing security right to the beginning of our development process.