Welcome to the JFrog Blog

Latest:

9 New Innovations. One Trust Layer.

March 18, 2026 The JFrog Team

11 min read

The software supply chain is no longer just about shipping code, it is about managing intelligence and risk. As DevOps, DevSecOps, DevGovOps and AI/ML practices converge into a single AI-driven and increasingly agentic delivery pipeline, the demands on development and security teams have reached a new level. The platform that once managed packages and artifacts…

Read More

All Blogs

Survive the AI Code Blizzard: Introducing Code Snippet Security

Survive the AI Code Blizzard: Introducing Code Snippet Security

March 18, 2026 Dafna Zahger Bernanka, JFrog Director of Product Marketing, Security | 4 min read

In 2026, software development speed is an AI-solved problem. Yet, as AI-generated code volumes surge, organizations face a new kind of risk visibility gap. Developers are increasingly copying third-party snippets into their codebases—from both AI prompts and open-source software components—creating large security and compliance blind spots that lead to significant risks. While proven software composition…
Read More
The Dependency Dilemma: Balancing Innovation Speed with Supply Chain Resilience

The Dependency Dilemma: Balancing Innovation Speed with Supply Chain Resilience

March 11, 2026 Guest IDC Blogger: Katie Norton, Research Manager - DevSecOps and Software Supply Chain Security | 6 min read

Sponsored by JFrog -  Development teams are shipping faster than ever. Generative AI coding assistants, early agentic workflows, and increasingly modular architectures have compressed the distance between concept and deployment. AI-enabled innovation has become an executive mandate, and teams are expected to deliver at speed without sacrificing security or compliance. At the same time, modern…
Read More
Webinar Recap: The Context Engine – Why Consolidation is the Natural Future of AppSec

Webinar Recap: The Context Engine – Why Consolidation is the Natural Future of AppSec

March 11, 2026 The JFrog Team | 9 min read

As the software development lifecycle continues to evolve, the rise of AI is introducing both unprecedented productivity and unprecedented risk. In a recent webinar hosted by JFrog, Jens Eckels sat down with Forrester Senior Analyst Janet Worthington to discuss the state of application security (AppSec), the explosive growth of agentic software development, and why consolidating…
Read More
How JFrog’s AI-Research Bot Found OSS CI/CD Vulnerabilities to Prevent Shai Hulud 3.0

How JFrog’s AI-Research Bot Found OSS CI/CD Vulnerabilities to Prevent Shai Hulud 3.0

March 5, 2026 Barak Haryati, JFrog Senior Director of Product Security | 18 min read

Recent incidents have proven that Continuous Integration (CI) workflows are the new battleground for software supply chain attacks. Security Pitfalls in GitHub Actions workflows, such as the unsanitized use of pull request (PR) data, can allow attackers to execute malicious code during CI runs with devastating consequences. For example, the high-profile "S1ngularity" attack on the…
Read More
NIS2 Compliance in 2026: Compliance Doesn’t Have to Mean Complexity

NIS2 Compliance in 2026: Compliance Doesn’t Have to Mean Complexity

March 2, 2026 Danny Parizada, JFrog Senior Solution Engineer | 7 min read

Originally published February 2025 and updated March 2026. The Network and Information Systems Directive 2 (NIS2) is the European Union’s effort to fortify cybersecurity across critical industries and services. Building on the original NIS Directive, NIS2 has broadened its scope, introduced stricter requirements, and placed greater emphasis on supply chain security. As we move further…
Read More
From Prompt to Production: The New AI Software Supply Chain Security

From Prompt to Production: The New AI Software Supply Chain Security

February 23, 2026 Yoav Landman, CTO & Co-founder, JFrog | 7 min read

Listen to a NotebookLM podcast version of the blog:   When Anthropic announced Claude Code’s new security scanning capabilities, following the announcement of OpenAI's Aardvark, it marked an important moment for the industry. For the first time, expert-level security review is becoming embedded directly into the act of writing code. Subtle, context-dependent vulnerabilities can now…
Read More
Why I’m Finally Ditching YUM for DNF in 2026 (And You Should, Too)

Why I’m Finally Ditching YUM for DNF in 2026 (And You Should, Too)

February 19, 2026 Asaf Waizman, JFrog RVP, Solution Engineering | 5 min read

If you’ve been managing Red Hat-based systems as long as I have, yum install is likely hardcoded into your muscle memory. For decades, YUM (Yellowdog Updater, Modified) served as the backbone of RPM Linux-based distributions, getting us through countless server setups and late-night patches. But the era of YUM is officially over. With RHEL 9,…
Read More

Popular Tags