Skip to main content

JFrog and Carahsoft Partner to Better Secure the Public Sector’s Software Supply Chain

Government Organizations are Now Able to Accelerate the Delivery of Trusted Software from End to End Using the Secure Software Development Framework (SSDF)

JFrog Ltd. (Nasdaq: FROG), the Liquid Software company and creators of the JFrog Software Supply Chain Platform, and Carahsoft Technology Corp., the Trusted Government IT Solutions Provider®, today announced a partnership that empowers U.S. Government organizations to safeguard their software supply chains with automated DevSecOps workflows to secure software services consumed by citizens. Under the agreement, Carahsoft will serve as a JFrog Public Sector Distributor, making its platform solution available to the Public Sector through Carahsoft’s reseller partners and NASA Solutions for Enterprise-Wide Procurement (SEWP) V and Information Technology Enterprise Solutions – Software 2 (ITES-SW2) contracts.

This press release features multimedia. View the full release here:

New partnership empowers U.S. Government organizations to safeguard their software supply chains with automated DevSecOps workflows to secure software services consumed by citizens. (Graphic: Business Wire)

New partnership empowers U.S. Government organizations to safeguard their software supply chains with automated DevSecOps workflows to secure software services consumed by citizens. (Graphic: Business Wire)

“With the number and severity of security threats on the rise, plus increasing regulatory requirements, government organizations must ensure their software is compliant and secure, while also meeting their IT transformation goals,” said Shlomi Ziv, SVP of Americas, JFrog. “Our partnership with Carahsoft will provide public sector organizations with reliable solutions that incorporate security from the start while unburdening DevOps teams from complex and time-consuming remediation processes and ensuring compliance.”

Government agencies, like all organizations, want to release trusted software fast and on schedule to enable public servants to provide citizens with modern applications and digital services. The Secure Software Development Framework (SSDF) integrates secure development practices into the software development lifecycle, reducing vulnerabilities, mitigating potential impacts of known and unknown vulnerabilities and preventing future recurrences by addressing root causes.

Gartner predicts that 45 percent of organizations worldwide will experience a software supply chain attack by 2025 (a three-fold increase from 2021). Plus, a report by the SANS Institute showed there is a 70 percent chance a cybersecurity incident will be caused by an organization’s suppliers.

“Supply chain attacks in recent years have highlighted the importance of integrating security into each phase of software development,” said Natalie Gregory, Vice President of Open Source Solutions at Carahsoft. “JFrog’s platform provides agencies with unparalleled security, agility and peace of mind for their software supply chain. We’re excited to make these capabilities available to the Public Sector through our reseller partner network and supply Government agencies with the tools needed to enhance their security.”

Compliance with NIST SP 800-218 and the SSDF is mandatory for government organizations. The JFrog Software Supply Chain Platform is designed to assure customers that their environment complies with NIST 800-218 guidelines in accordance with the Office of Management and Budget (OMB) M-22-16 memorandum. All JFrog solutions are created using the SSDF, which is consistent with both the White House Executive Order (EO) 14028 and the White House Memorandum on Improving the Cybersecurity of National Security, Department of Defense (DoD) and Intelligence Community Systems in the NSM-8. The JFrog Platform supports on-premise, hybrid, cloud, multi-cloud or air-gapped environments and can be hosted on Amazon Web Services, Microsoft Azure or the Google Cloud Platform.

The JFrog Software Supply Chain Platform is available through Carahsoft's SEWP V contracts NNG15SC03B and NNG15SC27B, ITES-SW2 Contract W52P1J-20-D-0042 for Federal and the DoD, and the Massachusetts Higher Education Consortium (MHEC) and NJSBA contracts for Educational institutions. For more information, contact the Carahsoft team at (877) 742-8468 or, visit

Like this story? Tweet this: .@jfrog partners with @Carahsoft to help #publicsector organizations deliver trusted software faster. #DevSecOps #DevOps #softwaresupplychain #security #developers

About JFrog

JFrog Ltd. (Nasdaq: FROG) is on a mission to create a world of software delivered without friction from developer to device. Driven by a “Liquid Software” vision, the JFrog Software Supply Chain Platform is a single system of record that powers organizations to build, manage, and distribute software quickly and securely, ensuring it is available, traceable, and tamper-proof. The integrated security features also help identify, protect, and remediate against threats and vulnerabilities. JFrog’s hybrid, universal, multi-cloud platform is available as both self-hosted and SaaS services across major cloud service providers. Millions of users and 7K+ customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely embrace digital transformation. Once you leap forward, you won’t go back! Learn more at and follow us on Twitter: @jfrog.

About Carahsoft

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator® for our vendor partners, we deliver solutions for Open Source, DevSecOps, Cybersecurity, Artificial Intelligence and Machine Learning, MultiCloud, Customer Experience and Engagement, Big Data and more. Working with resellers, systems integrators, and consultants, our sales and marketing teams provide industry-leading IT products, services and training through hundreds of contract vehicles. Visit us at

Cautionary Note About Forward-Looking Statements

This press release contains “forward-looking” statements, as that term is defined under the U.S. federal securities laws, including but not limited to statements regarding the partnership between JFrog and Carahsoft, to empower U.S. Government organizations to safeguard their software supply chains with automated DevSecOps workflows.

These forward-looking statements are based on our current assumptions, expectations and beliefs and are subject to substantial risks, uncertainties, assumptions and changes in circumstances that may cause JFrog’s actual results, performance or achievements to differ materially from those expressed or implied in any forward-looking statement. There are a significant number of factors that could cause actual results, performance or achievements, to differ materially from statements made in this press release, including but not limited to risks detailed in our filings with the Securities and Exchange Commission, including in our annual report on Form 10-K for the year ended December 31, 2023, our quarterly reports on Form 10-Q, and other filings and reports that we may file from time to time with the Securities and Exchange Commission. Forward-looking statements represent our beliefs and assumptions only as of the date of this press release. We disclaim any obligation to update forward-looking statements.


Data & News supplied by
Stock quotes supplied by Barchart
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.