Welcome to the JFrog Blog

Latest:

Introducing JFrog’s MCP Server: Better vibes and easier AI automation

July 17, 2025 Sean Pratt, Senior Manager, Product Marketing, JFrog

4 min read

Good news! You no longer have to be a DevOps or JFrog expert to harness the power of the JFrog Software Supply Chain Platform. With the introduction of JFrog’s MCP Server, we're making the JFrog Platform accessible to your favorite large language models (LLMs). Now, every developer can take advantage of the detailed security and…

Read More

All Blogs

The UK’s New Software Security Code of Practice and How JFrog Can Help

The UK’s New Software Security Code of Practice and How JFrog Can Help

July 16, 2025 Dafna Zahger Bernanka, JFrog Director of Product Marketing, Security | 8 min read

The UK government has taken a proactive step by recently releasing the Software Security Code of Practice, a vital framework aimed at strengthening the cybersecurity posture of organizations that develop and sell software. This code outlines essential practices and principles, guiding companies to enhance their software security throughout the development lifecycle, from initial design to…
Read More
How to Optimize DevSecOps Workflows Using JFrog

How to Optimize DevSecOps Workflows Using JFrog

July 15, 2025 Pranav Hegde, Tech Lead, JFrog | 9 min read

Embedding security within the Software Development Life Cycle (SDLC) is no longer just a best practice; it’s a full-on necessity. DevSecOps extends the DevOps model by making security a shared responsibility from the earliest stages of development. Today’s enterprises require this kind of integrated approach to streamline workflows from development to deployment. The JFrog Platform…
Read More
JFrog’s EveryOps Day Sydney Recap

JFrog’s EveryOps Day Sydney Recap

July 10, 2025 Sunny Rao, Senior Vice President of APAC, JFrog | 5 min read

If there’s one thing we’ve learned from years of working with innovators across industries, it’s this: Progress happens when people come together—not just to showcase, but to share, ask questions, challenge one another, push both themselves and the industry to the next level, and co-create. That spirit came alive at JFrog’s EveryOps Day Sydney, where…
Read More
Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients

Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients

July 9, 2025 Or Peles, JFrog Vulnerability Research Team Leader | 12 min read

The JFrog Security Research team has recently discovered and disclosed CVE-2025-6514 - a critical (CVSS 9.6) security vulnerability in the mcp-remote project - a popular tool used by Model Context Protocol clients. The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it initiates a connection to an untrusted…
Read More
SwiftPM, CocoaPods, and the Future of Enterprise Development for Apple Platforms

SwiftPM, CocoaPods, and the Future of Enterprise Development for Apple Platforms

June 25, 2025 Adam Browning, Senior Product Manager | 8 min read

Key Takeaways: With the rise in popularity of SwiftPM, CocoaPods Trunk (the central public registry) will be moving to a read-only state. Thankfully, you can continue to publish your CocoaPods dependencies into JFrog Artifactory - even proxying the entire CocoaPods Trunk if desired. While SwiftPM is great, there is no true Public Registry. Artifactory fully…
Read More
Why Cloudsmith Is a Risk You Can’t Afford: A Wake-Up Call on Superficial Software Supply Chain Security

Why Cloudsmith Is a Risk You Can’t Afford: A Wake-Up Call on Superficial Software Supply Chain Security

June 24, 2025 The JFrog Security Research Team | 25 min read

On the surface, some tools market DevSecOps capabilities as part of their software supply chain solution. Still, DevOps and Security teams who dig deeper into these tools will quickly spot some red flags, including: Packaging Competitor's Open Source as an Enterprise solution: Selling a paid “security” solution that’s little more than a thin UI layer…
Read More
Achieving Sovereign AI with the JFrog Platform and NVIDIA Enterprise AI Factory

Achieving Sovereign AI with the JFrog Platform and NVIDIA Enterprise AI Factory

June 11, 2025 Paul Garden, JFrog Partner and Industry Solutions | 8 min read

Key Takeaways: Sovereign AI ensures control over AI/ML data, models, and infrastructure, which is now essential for enterprises, regulated industries, and national interests. JFrog and NVIDIA have collaborated to deliver a secure, scalable solution for sovereign AI. NVIDIA provides the accelerated computing and AI software while JFrog ensures trusted DevSecOps and MLOps practices across the…
Read More
Multi-Stage Malware Attack on PyPI: Malicious Package Threatens Chimera Sandbox Users

Multi-Stage Malware Attack on PyPI: Malicious Package Threatens Chimera Sandbox Users

June 10, 2025 Guy Korolevski, JFrog Security Researcher | 8 min read

Update 25/06/2025: After the publication of our blog, JFrog was contacted by a security team and was informed that the PyPI package was published as part of an internal security audit - "The PyPI package was not created with malicious intent and users were not targeted by unknown threat actors, the purpose of this simulation…
Read More
Meet Sunny Rao, JFrog’s New SVP of Asia Pacific

Meet Sunny Rao, JFrog’s New SVP of Asia Pacific

May 29, 2025 Tali Notman, CRO, JFrog | 5 min read

With APAC economies rapidly going digital, businesses are hyper-focused on becoming more efficient, agile, and customer-focused. Software is playing an increasingly critical role in their success. At the same time, today’s software development landscape is more complex than ever, driven by cybersecurity concerns, emerging and constantly evolving regulatory requirements, plus AI-assisted coding trends that have…
Read More
How JFrog Delivers Self-Service Cloud Environments for our Developers

How JFrog Delivers Self-Service Cloud Environments for our Developers

May 27, 2025 Hanan Cohen, JFrog DevOps Team Leader | 9 min read

The internal DevOps team at JFrog needed to provision cloud resources, create environments, and manage infrastructure for our developers.  Unfortunately, it involved wasting a significant amount of time on repetitive tasks, that was slowing down the pace of innovation and taking away our developers' focus from building new features and industry leading products. Here is…
Read More

Popular Tags