Welcome to the JFrog Blog

Latest:

The Power of JFrog Artifactory as Your Model Registry

October 24, 2025 Rami Pinku, Senior Product Manager, JFrog ML

5 min read

In my previous blog, we demonstrated how the FrogML SDK streamlines the process of integrating custom-built or publicly sourced models from your IDE into JFrog Artifactory. Now that your models are securely stored, versioned, and managed, the natural next question arises: "Ok, so you have some models in JFrog Artifactory, now what?" This is where…

Read More

All Blogs

A Framework for Cloud Resilience: Practical Steps to Harden Your Software Supply Chain

A Framework for Cloud Resilience: Practical Steps to Harden Your Software Supply Chain

October 23, 2025 Sean Pratt, Senior Manager, Product Marketing, JFrog | 4 min read

“...our entire dev flow basically stopped, no builds, no tests, no deployments…”  This user quote, captured on Reddit, underscores the real-world consequence of cloud outages: when it happens, the world stops. As your organization scales, you often make strategic decisions to centralize your workloads, whether it’s meeting strict regulatory requirements that demand data locality, or…
Read More
JFrog Named as a Visionary in the 2025 Gartner® Magic Quadrant™ for Application Security Testing

JFrog Named as a Visionary in the 2025 Gartner® Magic Quadrant™ for Application Security Testing

October 22, 2025 Eyal Dyment, JFrog VP of Product | 5 min read

We’re excited to announce that Gartner has named JFrog a ‘Visionary’ in the 2025 Magic QuadrantTM for Application Security Testing. We believe this reflects JFrog’s forward thinking strategy of integrating application security seamlessly throughout the entire software development lifecycle in ways that help organizations deliver their most secure, trusted applications without impacting developers’ productivity.  Innovation…
Read More
CVE-2025-6515 Prompt Hijacking Attack – How Session Hijacking Affects MCP Ecosystems

CVE-2025-6515 Prompt Hijacking Attack – How Session Hijacking Affects MCP Ecosystems

October 21, 2025 Ori Hollander, JFrog Security Researcher Ofri Ouzan, JFrog Security Researcher | 10 min read

JFrog Security Research recently discovered and disclosed multiple CVEs in oatpp-mcp - the Oat++ framework’s implementation of Anthropic’s Model Context Protocol (MCP) standard. Among these, CVE-2025-6515 stood out due to its potential threat of hijacking MCP session IDs. Within the context of MCP we’ve dubbed this new attack technique "Prompt Hijacking". Your browser does not…
Read More
Top 5 Reasons to Attend JFrog’s Inaugural swampUP Europe 2025

Top 5 Reasons to Attend JFrog’s Inaugural swampUP Europe 2025

October 16, 2025 The JFrog Team | 4 min read

Following the resounding success of swampUP, the award-winning, annual DevOps, DevSecOps, and MLOps conference is heading to Europe! Set in the heart of Germany’s capital city of Berlin – a centrally-located, rapidly expanding tech hub – the inaugural swampUP Europe 2025 will detail the "quantum shift" in how software is built, secured, and scaled, with…
Read More
JFrog AppTrust: A Technical Deep Dive into Building a Trusted Software Supply Chain

JFrog AppTrust: A Technical Deep Dive into Building a Trusted Software Supply Chain

October 16, 2025 Jacqueline Basil, JFrog Product Marketing Manager, Security | 7 min read

Software supply chains have grown more complex as software delivery accelerates across more teams, technologies and environments. While the pace of releases continues to increase, the ability to manage these releases has not accelerated correspondingly. Developers and development operations are now firmly in the spotlight, as new regulations demand clear, auditable proof that every stage…
Read More
Don’t Guess What to Scan: Runtime Scope Ensures Full Production Coverage

Don’t Guess What to Scan: Runtime Scope Ensures Full Production Coverage

October 15, 2025 Ariel Antoni, JFrog Senior Product Manager | 5 min read

Are you confident that you’re scanning for security vulnerabilities on all your software running in production? If this question makes you uncomfortable don’t worry. First, you’re not alone. Second - keep reading. Almost all security teams today face a massive challenge: they’re drowning in data but lack direction. They have an overwhelming amount of code…
Read More
Enhancing JFrog Internal Operations with Near Zero Downtime Migration

Enhancing JFrog Internal Operations with Near Zero Downtime Migration

October 8, 2025 Karam Jaber, JFrog Site Reliability Engineer | 6 min read

Data migrations have long been a significant source of anxiety for businesses and IT teams alike. The thought of moving critical databases often conjures images of prolonged downtime, service interruptions, and the ever-present risk of data loss. Indeed, statistics show that "90% of businesses experience unexpected downtime during database migrations, leading to significant revenue loss…
Read More
JFrog and ServiceNow: Accelerate Trusted Software Application Development

JFrog and ServiceNow: Accelerate Trusted Software Application Development

September 30, 2025 Brian Chang, Product Marketing Manager | 4 min read

Today’s software organizations can't make tradeoffs between speed and trust – you need both to succeed. But juggling them is tough. Moving too fast can lead to security vulnerabilities and compliance issues, while moving too slow means your competitors beat you to market. This tension creates friction that slows down every release, a problem that…
Read More
Shifting Security ‘Lefter’ Than Left Is The Key To Avoiding Risky Packages

Shifting Security ‘Lefter’ Than Left Is The Key To Avoiding Risky Packages

September 19, 2025 Asaf Karas, JFrog CTO & SVP Security | 4 min read

As the AI revolution accelerates, developers are being inundated with a dazzling array of new software packages and game-changing tools such as GitHub CoPilot, Sourcegraph, Qodo, Cursor, Goose, and others that promise incredible advances in productivity and impact. The excitement over this is high and just keeps on growing. Cyberattackers share equally in this excitement;…
Read More
Shai-Hulud npm supply chain attack – new compromised packages detected

Shai-Hulud npm supply chain attack – new compromised packages detected

September 16, 2025 Andrey Polkovnichenko, JFrog Security Researcher | 7 min read

Recently, the npm ecosystem has faced its third large-scale attack. Following the recent compromise of the nx packages  and another wave targeting popular packages, the registry has once again been attacked. The first report came from Daniel Pereira, who identified a compromised package: @ctrl/tinycolor@4.1.1. By the end of the day, JFrog’s malware scanners had identified…
Read More

Popular Tags