JFrog Platform

What is JFrog?

JFrog provides tools for software development and DevOps. It is best known for its flagship product, Artifactory, which is a repository manager that supports software packages created by any language or technology. Artifactory allows developers to manage binary artifacts, integrate with continuous integration (CI) and continuous delivery (CD) systems, and supports software deployment in a scalable and efficient manner.

Why Connect with JFrog?

Integrating JFrog with benefits organizations by enabling the use of JFrog ML's comprehensive management features for models, metadata, and lifecycle, alongside centralizing model management in Artifactory. This consolidation allows organizations to oversee all software components and dependencies through the JFrog platform, ensuring a unified source of truth. It facilitates control and monitoring of both internal and external resources and software dependencies within the organization.

• Seamless Persistence: ML models developed and recorded in JFrog ML, including datasets, serving images, and related artifacts, are automatically stored in JFrog's Artifactory. This ensures that all model components are securely managed and easily accessible.
• Dependency Management: The resolution of model dependencies is efficiently handled through JFrog's Artifactory. This process allows for the specification of certain remote repositories to be used, optimizing the management of dependencies by leveraging Artifactory's unique capabilities.
• Enhanced Security: HuggingFace models utilized within JFrog ML models are automatically scanned and analyzed by JFrog Xray. This step significantly boosts security by ensuring thorough analysis and risk assessment of the models used in production.

Connecting JFrog

📘

Admin Credentials Required

An Admin token is required for establishing a connection between JFrog ML and JFrog.

To integrate JFrog you'll need:

1. JFrog Base URL: This is the web address of your JFrog instance, such as https://qwak.jfrog.io/
2. Access Token: An access token with Administrator rights is required. JFrog ML utilizes this token initially to set up a group administrator for a JFrog ML generated project and subsequently used this dedicated token for operations.

Dependency Resolution

You have several options to tailor how build dependencies are resolved:

• Python Repositories: Choose specific Python repositories from your JFrog account to resolve dependencies. These selected repositories will be incorporated into a virtual repository created by JFrog ML, named "qwak-python-dependencies-virtual." This is the only repository JFrog ML uses for Python dependency resolution. Additionally, selecting the "allow external Python dependencies" option will include "pypi.org" in the virtual repository, allowing for the resolution of dependencies from outside JFrog.
• HuggingFace Repositories: Opt to use an existing HuggingFace repository or let JFrog ML create one on your behalf. This ensures HuggingFace model dependencies are resolved through the Artifactory proxy instead of directly from HuggingFace, enhancing control and security.

Created Resources

The JFrog account will include the creation of several components:

• qwak project: This is a new project initiated and managed by JFrog ML. All resources related to JFrog ML will be organized under this project
• Group Admin: A group Role will be established with admin privileges on the project.
• qwak-python-dependecies Virtual repository: This repository serves as the centralized location for resolving Python dependencies.
• qwak-huggingface-proxy-remote: If 'create HuggingFace proxy' selected - a hugging face remote repository will be created in the JFrog ML project - used as cache for all used HuggingFace ML models.

Overview of Repository Structure in JFrog Artifactory for JFrog ML Builds

The layout of a JFrog ML build within JFrog Artifactory is organized as follows:

├── huggingface-remote (single remote repo to HuggingFace. Not necessarily generated by Qwak)
├── pypi-remote/pypi-private-repos (Not necessarily generated by Qwak)
├── qwak-python-dependencies-virtual (Qwak generated virtual repository)
├── …
├── qwak-<Qwak-Project>-artifact-local
├── qwak-<Qwak-Project>-dataset-local
├── qwak-<Qwak-Project>-docker-local
    ├── <Qwak-Model>
        ├── <Qwak-Build-ID> (Docker artifact)
            ├── manifest.json
            ├── ...

For each project, three specific repositories are generated:

• qwak-<Qwak-Project>-artifact-local: a generic repository, hosting the artifacts produced by the build.
• qwak-<Qwak-Project>-dataset-local: a generic repository, containing the dataset artifacts logged by the user during the build process using qwak.log_data.
• qwak-<Qwak-Project>-docker-local: A Docker repository that stores the serving images, which are the final output of the build process. These images are used for deployments.

Each model and build is contained within its distinct folder under the respective repository.

Scanning for Vulnerabilities in HuggingFace Models

During the build process, JFrog ML retrieves HuggingFace models through Artifactory. Each model cached in the remote repository is scanned by JFrog Xray, which not only checks for vulnerabilities but also examines the licensing of the models. This comprehensive scan ensures that every model meets high security standards. Moreover, any policies and watches configured in JFrog are respected by the integration, ensuring consistent policy enforcement and security posture.

Please note that JFrog ML provides only a summary of the vulnerability scans conducted by JFrog Xray. For detailed insights, you are encouraged to click the "Scan results" button. This action will redirect you to the comprehensive scan report available on JFrog's platform.