Welcome to the JFrog Blog

Latest:

SwiftPM, CocoaPods, and the Future of Enterprise Development for Apple Platforms

June 25, 2025 Adam Browning, Senior Product Manager

8 min read

Key Takeaways: With the rise in popularity of SwiftPM, CocoaPods Trunk (the central public registry) will be moving to a read-only state. Thankfully, you can continue to publish your CocoaPods dependencies into JFrog Artifactory - even proxying the entire CocoaPods Trunk if desired. While SwiftPM is great, there is no true Public Registry. Artifactory fully…

Read More

All Blogs

Why Cloudsmith Is a Risk You Can’t Afford: A Wake-Up Call on Superficial Software Supply Chain Security

Why Cloudsmith Is a Risk You Can’t Afford: A Wake-Up Call on Superficial Software Supply Chain Security

June 24, 2025 The JFrog Security Research Team | 25 min read

On the surface, some tools market DevSecOps capabilities as part of their software supply chain solution. Still, DevOps and Security teams who dig deeper into these tools will quickly spot some red flags, including: Packaging Competitor's Open Source as an Enterprise solution: Selling a paid “security” solution that’s little more than a thin UI layer…
Read More
Achieving Sovereign AI with the JFrog Platform and NVIDIA Enterprise AI Factory

Achieving Sovereign AI with the JFrog Platform and NVIDIA Enterprise AI Factory

June 11, 2025 Paul Garden, JFrog Partner and Industry Solutions | 8 min read

Key Takeaways: Sovereign AI ensures control over AI/ML data, models, and infrastructure, which is now essential for enterprises, regulated industries, and national interests. JFrog and NVIDIA have collaborated to deliver a secure, scalable solution for sovereign AI. NVIDIA provides the accelerated computing and AI software while JFrog ensures trusted DevSecOps and MLOps practices across the…
Read More
Multi-Stage Malware Attack on PyPI: Malicious Package Threatens Chimera Sandbox Users

Multi-Stage Malware Attack on PyPI: Malicious Package Threatens Chimera Sandbox Users

June 10, 2025 Guy Korolevski, JFrog Security Researcher | 8 min read

Update 25/06/2025: After the publication of our blog, JFrog was contacted by a security team and was informed that the PyPI package was published as part of an internal security audit - "The PyPI package was not created with malicious intent and users were not targeted by unknown threat actors, the purpose of this simulation…
Read More
Meet Sunny Rao, JFrog’s New SVP of Asia Pacific

Meet Sunny Rao, JFrog’s New SVP of Asia Pacific

May 29, 2025 Tali Notman, CRO, JFrog | 5 min read

With APAC economies rapidly going digital, businesses are hyper-focused on becoming more efficient, agile, and customer-focused. Software is playing an increasingly critical role in their success. At the same time, today’s software development landscape is more complex than ever, driven by cybersecurity concerns, emerging and constantly evolving regulatory requirements, plus AI-assisted coding trends that have…
Read More
How JFrog Delivers Self-Service Cloud Environments for our Developers

How JFrog Delivers Self-Service Cloud Environments for our Developers

May 27, 2025 Hanan Cohen, JFrog DevOps Team Leader | 9 min read

The internal DevOps team at JFrog needed to provision cloud resources, create environments, and manage infrastructure for our developers.  Unfortunately, it involved wasting a significant amount of time on repetitive tasks, that was slowing down the pace of innovation and taking away our developers' focus from building new features and industry leading products. Here is…
Read More
JFrog’s SPOF Framework for SaaS Ecosystems

JFrog’s SPOF Framework for SaaS Ecosystems

May 14, 2025 Satheesh Balachandran, SRE Architect Midhun Mohanan, SRE Manager Prajith Bhaskaran, Director of Global SRE & Platform Ops | 7 min read

As Software as a Service (SaaS) solutions evolve, organizations face increasing pressure to ensure uninterrupted service delivery. One of the most significant threats to SaaS Service delivery and operational continuity is the presence of known and unknown Single Points of Failure (SPOFs). As a SaaS organization, the team at JFrog deeply understands the risks of…
Read More
RSAC 2025 Recap: Software Supply Chain Security Takes Center Stage

RSAC 2025 Recap: Software Supply Chain Security Takes Center Stage

May 12, 2025 Paul Davis, Field CISO | 5 min read

The RSA Conference 2025 at the Moscone Center in San Francisco on April 28 - May 1, brought together over 44,000 cybersecurity professionals from around the world. This year's event, marking the 34th annual flagship conference, placed significant emphasis on software supply chain security and secure software development lifecycle (SDLC) practices. From the keynotes, speaking…
Read More
A Vulnerable Future: MITRE’s Close Call in CVE Management

A Vulnerable Future: MITRE’s Close Call in CVE Management

April 23, 2025 Ofri Ouzan, JFrog Security Researcher Jonathan Sar Shalom, JFrog Director of Threat Research | 16 min read

Last week, one of the biggest concerns in the cybersecurity industry created a crisis that was avoided at the last minute. On April 16th, 2025, the MITRE Corporation announced:  “The current contracting pathway for MITRE to develop, operate, and modernize CVE and several other related programs, such as CWE, will expire.” Official letter from MITRE…
Read More
JFrog’s Journey with AWS Graviton

JFrog’s Journey with AWS Graviton

April 25, 2025 Shiran Melamed, DevOps Group Leader | 6 min read

Every business strives to optimize operational costs and efficiency. In the DevOps world, where cloud-scale operations are the norm, this becomes even more critical. At JFrog, while delivering a robust and highly scalable SaaS solution to our customers, we are equally focused on optimizing operational costs and maximizing infrastructure efficiency. Our recent transition to AWS…
Read More

Popular Tags