JFrog unveils software distribution service

JFrog has unveiled the Private Distribution Network, an addition to its JFrog Distribution software release technology that allows enterprises to set up and manage the distribution of software updates.

Now in a beta release stage and due for production release next quarter, the Private Distribution Network promises to accelerate software distribution, including deployments of application updates and concurrent downloads of binaries across thousands of environments, edges, and embedded/IoT devices.

The Private Distribution Network provides two integrated network utilization and acceleration technologies: HTTP-based secure P2P (peer-to-peer) connections and a CDN (content delivery network), which can be rolled out across network topologies and consumed as a managed service, with usage-based pricing.

Private Distribution Network is intended to provide the following:

  • Support for distribution across large-scale, mixed environments, including on-premises data centers and clouds.
  • Security, compliance, and governance with immutable, signed distribution releases, validation of distributed transactions, and support for open source security vulnerability and license policies.
  • Improved network utilization and resiliency, with optimization technology and stacked layers of caching and acceleration.
  • Binaries-focused, package-aware distribution.
  • Software distribution native to devops, integrated with the organization’s SDLC process, CI/CD pipelines, binary management, and security policies.

The JFrog devops platform can be accessed from jfrog.com. The company on May 25 also introduced dependency scanning to identify security vulnerabilities in third-party software components directly from source code in Git repositories, integrating with JFrog Xray security and artifact analysis.

JFrog also has added a Federated Repositories capability to its JFrog Artifactory repository manager, to manage binaries and keep artifacts in sync between remote development sites. In addition, the company introduced a Signed Pipelines capability, part of JFrog Pipelines CI/CD automation, with the goal of enabling developers to ensure integrity and security of builds and artifacts as they progress through the binary lifecycle.