Try JFrog
Guides
Contact SupportTry JFrog
Start typing to search…
  1. AppTrust

AppTrust Overview

AppTrust is JFrog's DevGovOps solution for ensuring trusted, secure, and compliant application releases. It is designed to seamlessly augment your existing Software Development Lifecycle (SDLC) with evidence-based policies at designated control points (known in AppTrust as stage gates). AppTrust provides an optimized balance between risk assurance to your business and development agility and speed.

AppTrust is designed for DevOps, Dev owners, release managers, AppSec, and compliance leads who are tasked with ensuring the required compliance and trust level in each release.

Key Features

  • Application entity: AppTrust stitches package, images, SDLC processes, and evidence collected during the SDLC, into a single, new entity called an application that includes business context, such as business criticality, labels, and ownership. Each application has an immutable unit of release called an application version that directly links to its parent application.
  • Application resource ownership: Each application resource, such as a package or image, is associated with the application that developed it. This binding between a resource and an application ensures that every resource has a single owner for traceability.
  • Control application version release compliance: Evidence-based lifecycle policies are integrated within the SDLC as control gates to ensure application version compliance. Each policy contains rules that measure the application version's compliance with your organization's requirements and can optionally block the version from progressing to the next stage.
  • Automatic public vulnerability detection and remediation: You can trigger JFrog binary CVE scanners at any SDLC stage gate using CVE-related policy rules and see the violations that were found (triggered issues). AppTrust even includes remediation recommendations.
  • Trusted Releases: Verified and compliant releases use dedicated evidence attestations to become "Trusted Releases", allowing providers and customers alike to trust the release.
  • Activity Log: The Activity Log provides a centralized audit trail of every significant AppTrust management and application-related event, from application creation and modifications to policy evaluations and promotion attempts.

These attributes transform abstract governance concepts into concrete, manageable data structures within the platform, establishing a single source of truth for governance and automation.

Updated 3 months ago