Paul Garden
JFrog Partner and Industry SolutionsPaul heads up JFrog’s Industry Solutions function at JFrog and has a passion for sharing DevOps, Security, and Software Development best practices with enterprises, and the developer and security communities. He leverages 20+ years of experience in Product Management and Product Marketing to create impactful go-to-market campaigns and collateral. Driving usage and adoption of JFrog’s Software Supply Chain Platform is Paul’s primary focus. When he’s not helping developers and DevOps teams keep their software artifacts safe and secure; you can find him playing golf or wine tasting in the Santa Cruz Mountains.
The Latest From Paul Garden
-
JFrog and GitHub: Next-Level DevSecOps
| 6 min readMost DevSecOps pipelines have a gap: source code security and binary security are handled in separate silos. This creates blind spots, slows teams down, and increases risk. At swampUP 2025, we’re unveiling the next evolution of the JFrog and GitHub integration, a deeply integrated DevSecOps experience that unifies best-of-breed code and binary platforms. With JFrog…
Read More -
Agentic Software Supply Chain Security: AI-Assisted Curation and Remediation
| 7 min readSoftware supply chains are the #1 attack vector for cybercriminals, and the challenge isn’t just finding vulnerabilities; it’s fixing them fast while ensuring security, compliance, and developer productivity. As supply chains grow in complexity, traditional tools aren’t enough; organizations need intelligent, autonomous assistance embedded directly into developer workflows. We are pleased to announce that JFrog…
Read More -
Achieving Sovereign AI with the JFrog Platform and NVIDIA Enterprise AI Factory
| 8 min readKey Takeaways: Sovereign AI ensures control over AI/ML data, models, and infrastructure, which is now essential for enterprises, regulated industries, and national interests. JFrog and NVIDIA have collaborated to deliver a secure, scalable solution for sovereign AI. NVIDIA provides the accelerated computing and AI software while JFrog ensures trusted DevSecOps and MLOps practices across the…
Read More -
Navigating DORA Compliance: Software Development Requirements for Financial Services Companies
| 8 min readNote: This blog was updated May 1, 2025 Regulatory compliance is a common and critical part of today's rapidly evolving financial services landscape. One new regulation that EU financial institutions must adhere to is the Digital Operational Resilience Act (DORA), enacted to enhance the operational resilience of digital financial services. The BCI Supply Chain Resilience…
Read More -
Software Ate the World, but Digital Transformation Can Give You Indigestion
| 7 min readIn today's digitally-driven world, organizations rely heavily on software applications to streamline services, provide operations, engage customers, and drive innovation through digital transformation. Software has also become the lynchpin for securing an entire business’ services and keeping them up and running. Yet, this omnipresent force comes with its own set of challenges. The importance of…
Read More -
Top DevOps Experts offer Key Insights at swampUP
| 9 min readWith five keynotes and 15 breakout sessions in one day, there was no shortage of important industry knowledge and key insights from this year’s JFrog swampUP DevOps and DevSecOps user conference. Presenters discussed the role of DevOps at Netflix, how Fidelity migrated to the Cloud, the trend of shifting further left than left, and more.…
Read More -
Announcing JFrog SAST: Build Trust and Release Code With Confidence
| 6 min readToday’s software applications power almost every aspect of our lives, and ensuring the security of these applications is paramount. Threat actors can cause devastating consequences for companies, leading to financial losses, reputational damage, and legal repercussions. Companies building commercial or in-house applications must adopt robust security measures throughout their software development lifecycle to avoid releasing…
Read More -
Prevent Credential Exposure in Code
| 5 min readIn today's software development world, developers rely on numerous types of secrets (credentials), to facilitate seamless interaction between application components. As modern applications become more complex and require authentication for services and dependencies, the practice of hardcoding secrets during software development is on the rise. The most common types of credentials are: Application Program Interface…
Read More -
From zero to breach in seconds: Why you need to focus on software supply chain security now
| 5 min readThe RSA Conference 2023 addressed several key issues and trends in the cybersecurity industry. Generative AI was a key topic of discussion, with attendees, executives and policymakers seeing its potential in both offense and defense in the cybersecurity arms race. The White House's National Cybersecurity Strategy was also a topic of conversation across panels and…
Read More -
Save time fixing security vulnerabilities much earlier in your SDLC
| 4 min readAre you or your development team tired of using application security tools that generate countless results, making it difficult to identify which vulnerabilities pose actual risks? Do you struggle with inefficient or incorrect prioritization due to a lack of context? What adds insult to injury is that traditional CVSS scoring methods ignore critical details like…
Read More
