Welcome to the JFrog Blog

Latest:

The 282% ROI of Unified Security

January 21, 2026 David Eisenstadt, JFrog Senior Business Value Consultant

5 min read

We’re excited to share the findings of our commissioned Forrester Consulting Total Economic Impact™ (TEI) study, published in January 2026. This study examines the return on investment (ROI) that organizations realized by deploying a unified platform for managing and securing the software supply chain. Today, software supply chains are facing unprecedented pressure from surging open-source…

Read More

All Blogs

Announcing JFrog AppTrust: Building Unshakeable Trust in Every Application You Deliver

Announcing JFrog AppTrust: Building Unshakeable Trust in Every Application You Deliver

September 9, 2025 Eyal Dyment, JFrog VP Security | 7 min read

The pressure to deliver applications quickly has created a complex software supply chain that is vulnerable to more  threats than ever before. New regulations are shifting the liability to software developers, demanding auditable proof of security across the entire product lifecycle. Caught between velocity and complexity, the critical question is this: Can you truly vouch…
Read More
Using JFrog to Align Your Systems for ISO 27001 Compliance

Using JFrog to Align Your Systems for ISO 27001 Compliance

August 28, 2025 Paul Davis, Field CISO | 8 min read

ISO/IEC 27001 is an information security standard that is quickly becoming a must-have for any organization that handles proprietary customer data. ISO 27001 certification is now often a requirement to do business, particularly for IT and SaaS organizations - JFrog included! In this blog, you’ll learn more about ISO 27001, how to get certified, and…
Read More
New Invisible Attack Creates Parallel Poisoned Web Only for AI Agents

New Invisible Attack Creates Parallel Poisoned Web Only for AI Agents

September 4, 2025 Shaked Zychlinski, JFrog AI Architect | 7 min read

AI agents are rapidly evolving from simple text generators into powerful autonomous assistants that can browse the web, book travel, and extract complex data on our behalf. This new "agentic" AI, which operates in a "sense-plan-act" loop, promises to revolutionize how we interact with the digital world. But as we grant these agents more autonomy…
Read More
New compromised packages identified in largest npm attack in history

New compromised packages identified in largest npm attack in history

September 9, 2025 Andrey Polkovnichenko, JFrog Security Researcher | 3 min read

Duckdb, coveops/abi and more new packages discovered as compromised in the ongoing phishing campaign On September 8th, a malicious actor compromised the npm registry by publishing trojanized versions of 18 widely-used packages, after obtaining developers’ tokens in a phishing attack, as reported by Aikido. Massively popular packages such as "debug", "chalk" and "ansi-styles" were compromised.…
Read More
FrogML SDK: the Gateway to Model Governance

FrogML SDK: the Gateway to Model Governance

August 19, 2025 Rami Pinku, Senior Product Manager, JFrog ML | 5 min read

Data-driven decisions are critical. And to support high-stakes decision-making – from fraud detection in credit card transactions to demand forecasting in retail – organizations are increasingly relying on complex models. According to McKinsey, 78% of organizations report using AI in at least one business function, highlighting just how embedded AI and ML models have become…
Read More
Agentic Software Supply Chain Security: AI-Assisted Curation and Remediation

Agentic Software Supply Chain Security: AI-Assisted Curation and Remediation

September 9, 2025 Paul Garden, JFrog Partner and Industry Solutions | 7 min read

Software supply chains are the #1 attack vector for cybercriminals, and the challenge isn’t just finding vulnerabilities; it’s fixing them fast while ensuring security, compliance, and developer productivity. As supply chains grow in complexity, traditional tools aren’t enough; organizations need intelligent, autonomous assistance embedded directly into developer workflows. We are pleased to announce that JFrog…
Read More
Not Built to Scale: The Hidden Fragility of Cloudsmith

Not Built to Scale: The Hidden Fragility of Cloudsmith

July 29, 2025 The JFrog Artifactory Team | 11 min read

Cloudsmith claims that they are an enterprise-ready solution, a platform designed to meet the needs of modern organizations at scale. On the surface, they "talk the talk": reliability, performance, security, scalability -- they even go as far as presenting themselves as an "infinitely-scalable alternative to JFrog". However, when a vendor claims to be built for…
Read More
JFrog swampUP 2025: News and Updates Live From the Show Floor

JFrog swampUP 2025: News and Updates Live From the Show Floor

September 9, 2025 The JFrog Team | 33 min read

Live updates from this event have concluded. JFrog’s annual user conference, swampUP 2025, is the ultimate gathering of the brightest minds in DevOps, DevSecOps, and MLOps where they exchange ideas, insights and practical strategies for navigating this transformation while amplifying trust, traceability, and transparency in the era of intelligent software. Here are live keynote updates…
Read More

Popular Tags