Welcome to the JFrog Blog

Latest:

JFrog Named a Leader in the Inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security

June 18, 2026 The JFrog Team

4 min read

The recognition is new; the commitment behind it isn't. It's official. Gartner just published the very first Gartner® Magic Quadrant™ for Software Supply Chain Security, and JFrog has been recognized as a Leader, placing highest for Ability to Execute among all the vendors included. For an inaugural report in a category this important, that placement…

Read More

All Blogs

npm v12’s Biggest Security Change: From Implicit to Explicit Trust

npm v12’s Biggest Security Change: From Implicit to Explicit Trust

June 18, 2026 Ofri Ouzan, JFrog Security Researcher Guy Korolevski, JFrog Security Researcher | 14 min read

For years, installing an npm package has meant trusting that every package in the dependency tree will behave as expected. Whether code originated from the npm registry, a Git repository, a remote URL, or an installation script buried deep within a transitive dependency, npm would typically execute or retrieve it automatically during the installation process.…
Read More
Introducing the JFrog Power for Kiro

Introducing the JFrog Power for Kiro

June 12, 2026 Eldad Assis, JFrog Principal DevOps Architect, CTO Office Arik Yakir, AWS Senior Partner Solutions Architect | 10 min read

A new CVE drops into a package you depend on. With the JFrog power for Kiro installed, your next move is a single prompt in your IDE, not a tab switch to the JFrog UI and thirty minutes of hand-rolled REST calls. This is what governed agentic development looks like in practice. If your team…
Read More
How to Validate Policy-as-Code Without Breaking Builds (Even When AI Writes the Code)

How to Validate Policy-as-Code Without Breaking Builds (Even When AI Writes the Code)

June 11, 2026 Segev Sharabi, JFrog Senior Product Manager, DevGovOps Roy Goldenberg, JFrog Product Marketing Manager, AppTrust | 6 min read

Picture two realities for the same compliance control reaching production. Reality One: Your AppSec team writes a new rule. An engineer uses Claude Code or Cursor to generate the OPA (Open Policy Agent) Rego policy in minutes. They deploy it. It blocks a legitimate release on a missing context variable, and the on-call engineer routes…
Read More
Our AI Agent Now Has a Security Conscience: Introducing the JFrog Plugin for Claude Code

Our AI Agent Now Has a Security Conscience: Introducing the JFrog Plugin for Claude Code

June 10, 2026 Yonatan Arbel, JFrog Developer Advocacy Lead | 8 min read

AI coding agents are changing the pace of software development. With tools like Claude Code, developers can move from idea to implementation faster than ever, generating code, exploring unfamiliar repositories, refactoring services, and turning plain-language intent into working software. That speed is powerful. But speed without governance = risk. It also creates a new challenge:…
Read More
The Governance Gap: What IDC’s 2026 Data Reveals About AI and the Software Supply Chain

The Governance Gap: What IDC’s 2026 Data Reveals About AI and the Software Supply Chain

June 10, 2026 Yuval Fernbach and Asaf Barkan | 4 min read

In a landscape where executive teams demand immediate AI integration, engineering and security leaders find themselves navigating a complex operational balancing act. To explore how organizations can accelerate delivery pipelines without introducing fatal security risks, JFrog recently hosted a virtual panel discussion titled "Agentic Software Delivery in 2026: How to Bridge the Gap Between AI…
Read More
NVIDIA NIM Models Are Now Governed Assets in Your Supply Chain

NVIDIA NIM Models Are Now Governed Assets in Your Supply Chain

June 4, 2026 Or Cohen Naznin, Product Manager, JFrog ML | 7 min read

NVIDIA NIM (NVIDIA Inference Microservices) packages production-ready AI models into optimized containers for enterprise deployment. Your developers need them. Your coding agents pull them. And until now, they pulled them directly from NVIDIA's NGC registry, bypassing the supply chain controls you've spent years building. JFrog AI Catalog now brings NVIDIA NIM models under the same…
Read More
Talk to Your Platform: Spin Up JFrog Self-Service Trials with MCP – No Human Intervention Required

Talk to Your Platform: Spin Up JFrog Self-Service Trials with MCP – No Human Intervention Required

June 3, 2026 Runy Rapaport, JFrog VP Product Led Growth | 8 min read

JFrog is one of the first Software Supply Chain Management and Security Platforms to provide MCP functionality, which we have now opened up to anyone interested in trying Claude and Cursor in their own development environment. Doing a free trial is one of the best ways to see how JFrog integrates with your developers, operations…
Read More
Introducing the Global Software Supply Chain Excellence Awards: Celebrating the People Behind the Software Pipelines

Introducing the Global Software Supply Chain Excellence Awards: Celebrating the People Behind the Software Pipelines

June 2, 2026 The JFrog Team | 4 min read

Today, JFrog is proud to introduce the Software Supply Chain Excellence Awards, the first-ever customer awards program created to spotlight the teams and individuals who are doing the hard work of securing and scaling modern software delivery. Why We Built This At JFrog, one of our core values is WIN and the belief in achieving…
Read More

Popular Tags