JFrog Ltd.
Climate Impact & Sustainability Data (2023)
Reporting Period: 2023
Environmental Metrics
ESG Focus Areas
- Software Supply Chain Security
Climate Goals & Targets
Environmental Challenges
- Increasing number of vulnerabilities (CVEs) year over year.
- Growing number of malicious packages in open-source repositories.
- Human error leading to exposed secrets and misconfigurations.
- Remediation of vulnerabilities consuming significant developer time (25% of working time).
Mitigation Strategies
- Adoption of security frameworks like OpenSSF and SLSA by 89% of organizations.
- Implementation of security scans at various stages of the SDLC (coding, build, promotion, runtime).
- Use of multiple application security solutions (SAST, DAST, SCA, API security, etc.) by many organizations.
- Efforts to review security and compliance of open-source ML models by 94% of organizations.
- Use of AI/ML in security scanning and remediation by 90% of organizations.
Supply Chain Management
Responsible Procurement
- Use of security frameworks and tools to detect malicious packages.