JFrog Ltd. and Carahsoft Technology Corp. announced a partnership that empowers U.S. Government organizations to safeguard their software supply chains with automated DevSecOps workflows to secure software services consumed by citizens. Under the agreement, Carahsoft will serve as a JFrog Public Sector Distributor, making its platform solution available to the Public Sector through Carahsoft?s reseller partners and NASA Solutions for Enterprise-Wide Procurement (SEWP) V and Information Technology Enterprise Solutions ?

Software 2 (ITES-SW2) contracts. Government agencies, like all organizations, want to release trusted software fast and on schedule to enable public servants to provide citizens with modern applications and digital services. The Secure Software Development Framework (SSDF) integrates secure development practices into the software development lifecycle, reducing vulnerabilities, mitigating potential impacts of known and unknown vulnerabilities and preventing future recurrences by addressing root causes.

Gartner predicts that 45 percent of organizations worldwide will experience a software supply chain attack by 2025 (a three-fold increase from 2021). Plus, a report by the SANS Institute showed there is a 70 percent chance a cybersecurity incident will be caused by an organization?s suppliers. Compliance with NIST SP 800-218 and the SSDF is mandatory for government organizations.

The JFrog Software Supply Chain Platform is designed to assure customers that their environment complies with NIST 800-218 guidelines in accordance with the Office of Management and Budget (OMB) M-22-16 memorandum. All JFrog solutions are created using the SSDF, which is consistent with both the White House Executive Order (EO) 14028 and the White House Memorandum on Improving the Cybersecurity of National Security, Department of Defense (DoD) and Intelligence Community Systems in the NSM-8. The JFrog Platform supports on-premise, hybrid, cloud, multi-cloud or air-gapped environments and can be hosted on Amazon Web Services, Microsoft Azure or the Google Cloud Platform. The JFrog Software Supply Chain Platform is available through Carahsoft's SEWP V contracts NNG15SC03B and NNG15SC27B, ITES-SW2 Contract W52P1J-20-D-0042 for Federal and the DoD, and the Massachusetts Higher Education Consortium (MHEC) and NJSBA contracts for Educational institutions.