Welcome to the JFrog Blog

Latest:

Beyond the Hype: Building a Future-Proof Foundation for the AI-Native Enterprise

January 7, 2026 Yuval Fernbach, JFrog VP and CTO MLOps

6 min read

We are witnessing a fundamental transformation in how software is built. The industry has moved beyond the experimental phase of Machine Learning Operations and entered a complex new reality: the era of the AI Software Supply Chain. The adoption metrics confirm this shift is irreversible. Google reports that 90% of tech workers are now using…

Read More

All Blogs

Why Enterprise and Fortune 500 Companies are Leaving Snyk and Checkmarx for JFrog

Why Enterprise and Fortune 500 Companies are Leaving Snyk and Checkmarx for JFrog

December 31, 2025 The JFrog Product Marketing Team | 6 min read

Effectively protecting your software supply chain has reached a critical turning point where the traditional strategy of integrating "best of breed" or point AppSec solutions is no longer sustainable. While tools like Snyk and Checkmarx served a purpose in the era of siloed development and security, today we’re seeing how leading companies are moving away…
Read More
JFrog vs Checkmarx: An AppSec Solution Comparison

JFrog vs Checkmarx: An AppSec Solution Comparison

December 31, 2025 The JFrog Product Marketing Team | 5 min read

Application Security (AppSec) can’t stop at source code. Today’s software is assembled, not written, from open-source packages, containers, binaries, and increasingly - AI models. While traditional AppSec tools like Checkmarx focus primarily on source code scanning, that approach leaves critical security and compliance gaps across the software supply chain. JFrog takes AppSec to the next…
Read More
JFrog vs Snyk: Why Effective AppSec Must Move Beyond Source Code

JFrog vs Snyk: Why Effective AppSec Must Move Beyond Source Code

December 30, 2025 The JFrog Product Marketing Team | 5 min read

The tech world is abuzz with the potential of AI and automated development, but this rapid advance is fueling a massive increase in regulatory scrutiny and supply chain risk. While many teams rely on source code scanning, focusing on code alone leaves a critical "malware blind spot" in the software supply chain. Today’s applications are…
Read More
CVE-2025-55182 and CVE-2025-66478 (“React2Shell”): All you need to know – UPDATED

CVE-2025-55182 and CVE-2025-66478 (“React2Shell”): All you need to know – UPDATED

December 9, 2025 JFrog Security Research Team | 7 min read

IMPORTANT UPDATE:  React2Shell Continues to Attack Cloud Infrastructure  (Dec 9th, 2025) JFrog Security Research continues to track the React2Shell vulnerability. Recent developments include the original POC from the researcher who found this vulnerability. This POC shows the simplicity of exploiting this CVE and reflects the real severity and impact of this CVE. (Dec 12th, 2025)…
Read More
PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities

PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities

December 2, 2025 David Cohen, JFrog Senior Security Researcher | 14 min read

AI Model Scanning as the First Layer of Security JFrog Security Research found 3 zero-day critical vulnerabilities in PickleScan, which would allow attackers to bypass the most popular Pickle model scanning tool. PickleScan is a widely used, industry-standard tool for scanning ML models and ensuring they contain no malicious content. Each discovered vulnerability enables attackers…
Read More
Shai-Hulud npm supply chain attack – new compromised packages detected

Shai-Hulud npm supply chain attack – new compromised packages detected

November 24, 2025 Andrey Polkovnichenko, JFrog Security Researcher | 9 min read

IMPORTANT UPDATE:  Shai-Hulud Returns  (Nov 24, 2025) JFrog continues to track, provide research and document another wave of the Shai-Hulud Software Supply Chain Attack which was originally reported by the JFrog Security Research team on 16-Sep-2025. Following the initial campaign, threat actors have returned with more advanced tactics, compromising an additional 796 new malicious packages…
Read More
Securing Vibe Coding: JFrog Introduces AI-Generated Code Validation

Securing Vibe Coding: JFrog Introduces AI-Generated Code Validation

November 13, 2025 Jacqueline Basil, JFrog Product Marketing Manager, Security | 5 min read

A fundamental shift in software development is already here. Gartner predicts that by 2028, 75% of enterprise software engineers will use AI code assistants - a massive leap from less than 10% in early 2023. While this AI-driven speed creates a competitive advantage, it also opens a dangerous new front in the battle for software…
Read More
The Security Imperative: Trust, Speed, and Integral Defense

The Security Imperative: Trust, Speed, and Integral Defense

November 11, 2025 The JFrog Team | 10 min read

The systemic nature of software supply chain attacks is growing more complex, creating a critical tension between speed and security. The Israeli National Cyber Directorate’s (INCD) recent "Breaking the Chain" report validates that the most significant threats live outside your first-party code, highlighting a crisis of trust in the open-source-software (OSS) supply chain. While the…
Read More

Popular Tags