Welcome to the JFrog Blog

Latest:

From Prompt to Production: The New AI Software Supply Chain Security

February 23, 2026 Yoav Landman, CTO & Co-founder, JFrog

7 min read

When Anthropic announced Claude Code’s new security scanning capabilities, following the announcement of OpenAI's Aardvark, it marked an important moment for the industry. For the first time, expert-level security review is becoming embedded directly into the act of writing code. Subtle, context-dependent vulnerabilities can now be flagged as they are created. Zero-days can potentially be…

Read More

All Blogs

Why I’m Finally Ditching YUM for DNF in 2026 (And You Should, Too)

Why I’m Finally Ditching YUM for DNF in 2026 (And You Should, Too)

February 19, 2026 Asaf Waizman, JFrog RVP, Solution Engineering | 5 min read

If you’ve been managing Red Hat-based systems as long as I have, yum install is likely hardcoded into your muscle memory. For decades, YUM (Yellowdog Updater, Modified) served as the backbone of RPM Linux-based distributions, getting us through countless server setups and late-night patches. But the era of YUM is officially over. With RHEL 9,…
Read More
Vulnerability or Not a Vulnerability?

Vulnerability or Not a Vulnerability?

February 16, 2026 Jonathan Sar Shalom, JFrog Director of Threat Research | 5 min read

Disputed CVEs: It’s Not a Bug, It’s a Debate Every CVE starts as a vulnerability claim, but not every claim ends in agreement. Between researchers racing to disclose vulnerabilities, and open-source maintainers guarding the stability and reputation of their projects, a gray zone appears where “vulnerability” becomes a matter of debate. This is the story…
Read More
Giving OpenClaw The Keys to Your Kingdom? Read This First

Giving OpenClaw The Keys to Your Kingdom? Read This First

February 2, 2026 Natan Nehorai, JFrog Application Security Researcher Ofri Ouzan, JFrog Security Researcher | 9 min read

In security, we never assume perfection. We assume zero-trust, and we design controls to limit the blast radius. That mindset is missing from many OpenClaw deployments today. It is almost impossible not to hear about the new personal AI assistant, OpenClaw (formerly known as ClawdBot and MoltBot). Since its release in November 2025, it has…
Read More
Breaking AppSec Myths – Obfuscated Packages

Breaking AppSec Myths – Obfuscated Packages

February 4, 2026 Guy Korolevski, JFrog Security Researcher Ofri Ouzan, JFrog Security Researcher | 15 min read

As part of the JFrog Security Research team’s ongoing work, we continuously monitor newly published packages across multiple ecosystems for malicious activity. This effort serves the broader open source community through public research disclosures, and it directly impacts the detection capabilities behind JFrog Xray and JFrog Curation. Our scanning pipeline uses a broad set of…
Read More
The AI Blind Spot Debt: The Hidden Cost Killing Your Innovation Strategy

The AI Blind Spot Debt: The Hidden Cost Killing Your Innovation Strategy

February 3, 2026 Ohad Shalev, JFrog Product Marketing Manager, AI/ML | 6 min read

In today’s AI rush, I’ve seen even the most disciplined organizations find it almost impossible to apply the hard-won lessons of DevOps and DevSecOps onto AI adoption. These organizations often feel forced to choose between moving fast and staying in control. As a result, they develop a "wait and see" approach to AI usage and…
Read More
The 282% ROI of Unified Security

The 282% ROI of Unified Security

January 21, 2026 David Eisenstadt, JFrog Senior Business Value Consultant | 5 min read

We’re excited to share the findings of our commissioned Forrester Consulting Total Economic Impact™ (TEI) study, published in January 2026. This study examines the return on investment (ROI) that organizations realized by deploying a unified platform for managing and securing the software supply chain. Today, software supply chains are facing unprecedented pressure from surging open-source…
Read More
Dissecting and Exploiting CVE-2025-62507: Remote Code Execution in Redis

Dissecting and Exploiting CVE-2025-62507: Remote Code Execution in Redis

January 14, 2026 Ori Hollander, JFrog Security Researcher Ofri Ouzan, JFrog Security Researcher | 16 min read

A recent stack buffer overflow vulnerability in Redis, assigned CVE-2025-62507, was fixed in version 8.3.2. The issue was published with a high severity rating and assigned a CVSS v3 score of 8.8. According to the official advisory, “a user can run the XACKDEL command with multiple IDs and trigger a stack buffer overflow, which may…
Read More
Beyond the Hype: Building a Future-Proof Foundation for the AI-Native Enterprise

Beyond the Hype: Building a Future-Proof Foundation for the AI-Native Enterprise

January 7, 2026 Yuval Fernbach, JFrog VP and CTO MLOps | 6 min read

We are witnessing a fundamental transformation in how software is built. The industry has moved beyond the experimental phase of Machine Learning Operations and entered a complex new reality: the era of the AI Software Supply Chain. The adoption metrics confirm this shift is irreversible. Google reports that 90% of tech workers are now using…
Read More
JFrog Achieves AWS Security Competency

JFrog Achieves AWS Security Competency

January 14, 2026 Harel Avissar, JFrog Senior Director of Product Arun Prakash P, JFrog Cloud Operations Architect | 7 min read

At JFrog, our mission has long been to power the future of software, and we believe that future is undeniably cloud-native. This is why we’ve architected our platform as a container-first, Kubernetes-native SaaS—built for performance at scale on the world's leading cloud infrastructure. Our deep commitment to cloud excellence has reached a major milestone in…
Read More
JFrog vs Checkmarx: An AppSec Solution Comparison

JFrog vs Checkmarx: An AppSec Solution Comparison

December 31, 2025 The JFrog Product Marketing Team | 5 min read

Application Security (AppSec) can’t stop at source code. Today’s software is assembled, not written, from open-source packages, containers, binaries, and increasingly - AI models. While traditional AppSec tools like Checkmarx focus primarily on source code scanning, that approach leaves critical security and compliance gaps across the software supply chain. JFrog takes AppSec to the next…
Read More

Popular Tags