Welcome to the JFrog Blog

Latest:

The Governance Gap Between Your Policy and Your Pipeline

May 20, 2026 Achinoam Katsoff-Sitton, JFrog Product Marketing Manager, DevOps

8 min read

Security teams are under more pressure than ever, and most of them believe they're keeping up. That confidence, it turns out, may be the most consequential finding in the JFrog 2026 Software Supply Chain Security State of the Union. Across 18.2 billion artifacts analyzed, independent vulnerability research from the JFrog Security Research team, and a…

Read More

All Blogs

The Agent Has Entered the Supply Chain

The Agent Has Entered the Supply Chain

May 19, 2026 Carmit Hershman, JFrog Senior Software Architect, CTO Office | 9 min read

Software Delivery in the Age of Agents The way software gets built has fundamentally shifted. AI coding agents are no longer just autocomplete on steroids; they're resolving packages, configuring environments, selecting tools, and in some cases running the entire development lifecycle, with or without a human in the loop. But here's the problem: the tools…
Read More
Keep your Agents Under Control with agent-belt

Keep your Agents Under Control with agent-belt

May 19, 2026 Dor Ringel, JFrog Senior Machine Learning Architect | 10 min read

You're shipping a product with an AI-facing interface, or embedding AI-facing interfaces across your existing product line - skills your customers trigger, MCP servers their agent reaches for. Indie author or enterprise, your code runs in someone else's agent runtime, against a model that updates every other day and a CLI that updates every other…
Read More
Accelerating AI Agent Development on Google Cloud with JFrog MCP Registry

Accelerating AI Agent Development on Google Cloud with JFrog MCP Registry

April 28, 2026 Guy Eshet, JFrog Senior Manager, Product Management | 5 min read

Developers building agentic AI on Google Cloud have powerful infrastructure at their fingertips: Gemini 3 for reasoning, Google’s Agent Development Kit (ADK) for orchestration, and a rapidly expanding ecosystem of Model Context Protocol (MCP) servers that connect agents to data and tools. So why are so many teams still waiting weeks to ship their first…
Read More
Building a Governed AI Model Supply Chain: Integrating AWS SageMaker and the JFrog Platform

Building a Governed AI Model Supply Chain: Integrating AWS SageMaker and the JFrog Platform

April 22, 2026 Grig Duta, JFrog Solution Engineer Rami Pinku, Senior Product Manager, JFrog ML | 9 min read

Amazon SageMaker accelerates the process of training and deploying machine learning models. However, as AI adoption scales from individual experiments to enterprise-wide production, the focus of leading Fortune 500 software development operations and security teams must shift from pure velocity to governance. The question is no longer just "Can we ship this model?" but "How…
Read More
Unlock the Power of Agents with JFrog’s Skills and MCP Tools

Unlock the Power of Agents with JFrog’s Skills and MCP Tools

April 21, 2026 Lavanya Chockalingam, JFrog Principal Product Marketing Manager, Platform | 5 min read

Agents are writing code, suggesting dependencies, and reviewing PRs, without any knowledge about your trusted package sources, security posture, or governance policies. When agents operate without supply chain context, they introduce risk, create rework, and weaken the guardrails DevSecOps teams rely on to ship with confidence. JFrog is changing that. Today, we’re launching an official…
Read More
Automate NIST SSDF Compliance: A Technical Guide to Policy as Code in JFrog AppTrust

Automate NIST SSDF Compliance: A Technical Guide to Policy as Code in JFrog AppTrust

April 16, 2026 Segev Sharabi, JFrog Senior Product Manager, DevGovOps Carmit Hershman, JFrog Senior Software Architect, CTO Office | 7 min read

For many engineering and security teams, NIST SP 800-218 (Secure Software Development Framework, or SSDF) compliance feels like a hurdle that is too difficult to overcome. To meet these and other emerging regulations and be effective in today’s DevSecOps environment, organizations are moving toward codifying these standards into machine-readable rules, also known as Policy as…
Read More
You Can’t Trust What You Can’t Trace

You Can’t Trust What You Can’t Trace

April 15, 2026 Rami Pinku, Senior Product Manager, JFrog ML | 8 min read

Picture this: Your security team finishes an AI vendor evaluation. The offering looks ironclad, with content filtering, output guardrails, and a stellar red-teaming report. Everyone leaves the meeting satisfied, and another governance box is checked. Six months later, a production incident hits. An AI agent, powered by a model your team "vetted," starts executing unauthorized…
Read More
Recap: Women in DevSecOps Fireside Chat — Leveraging AI in Software Delivery

Recap: Women in DevSecOps Fireside Chat — Leveraging AI in Software Delivery

April 9, 2026 The JFrog Team | 4 min read

In celebration of International Women's Month and the 2026 theme #GiveToGain, JFrog hosted a virtual fireside chat on March 19, 2026: Women in DevSecOps: Leveraging AI in the Software Delivery Lifecycle. Moderated by Shubha Gururaja Rao, Director of Solution Engineering at JFrog, the panel brought together two trailblazing technical leaders — Christine Tran, Head of…
Read More

Popular Tags