Welcome to the JFrog Blog

Latest:

Trusted AI Adoption (Part 1): Consolidation

March 9, 2026 Ohad Shalev, JFrog Product Marketing Manager, AI/ML

6 min read

Imagine your lead Software Engineer walks into your office and says, "Good news! I just deployed that critical update to production. I wrote the code on my personal laptop, didn’t run it through CI/CD, skipped the security scan, and just copied the files directly to the server with a USB drive." You would fire them.…

Read More

All Blogs

How JFrog’s AI-Research Bot Found OSS CI/CD Vulnerabilities to Prevent Shai Hulud 3.0

How JFrog’s AI-Research Bot Found OSS CI/CD Vulnerabilities to Prevent Shai Hulud 3.0

March 5, 2026 Barak Haryati, JFrog Senior Director of Product Security | 18 min read

Recent incidents have proven that Continuous Integration (CI) workflows are the new battleground for software supply chain attacks. Security Pitfalls in GitHub Actions workflows, such as the unsanitized use of pull request (PR) data, can allow attackers to execute malicious code during CI runs with devastating consequences. For example, the high-profile "S1ngularity" attack on the…
Read More
NIS2 Compliance in 2026: Compliance Doesn’t Have to Mean Complexity

NIS2 Compliance in 2026: Compliance Doesn’t Have to Mean Complexity

March 2, 2026 Danny Parizada, JFrog Senior Solution Engineer | 7 min read

Originally published February 2025 and updated March 2026. The Network and Information Systems Directive 2 (NIS2) is the European Union’s effort to fortify cybersecurity across critical industries and services. Building on the original NIS Directive, NIS2 has broadened its scope, introduced stricter requirements, and placed greater emphasis on supply chain security. As we move further…
Read More
From Prompt to Production: The New AI Software Supply Chain Security

From Prompt to Production: The New AI Software Supply Chain Security

February 23, 2026 Yoav Landman, CTO & Co-founder, JFrog | 7 min read

Listen to a NotebookLM podcast version of the blog:   When Anthropic announced Claude Code’s new security scanning capabilities, following the announcement of OpenAI's Aardvark, it marked an important moment for the industry. For the first time, expert-level security review is becoming embedded directly into the act of writing code. Subtle, context-dependent vulnerabilities can now…
Read More
Why I’m Finally Ditching YUM for DNF in 2026 (And You Should, Too)

Why I’m Finally Ditching YUM for DNF in 2026 (And You Should, Too)

February 19, 2026 Asaf Waizman, JFrog RVP, Solution Engineering | 5 min read

If you’ve been managing Red Hat-based systems as long as I have, yum install is likely hardcoded into your muscle memory. For decades, YUM (Yellowdog Updater, Modified) served as the backbone of RPM Linux-based distributions, getting us through countless server setups and late-night patches. But the era of YUM is officially over. With RHEL 9,…
Read More
Vulnerability or Not a Vulnerability?

Vulnerability or Not a Vulnerability?

February 16, 2026 Jonathan Sar Shalom, JFrog Director of Threat Research | 5 min read

Disputed CVEs: It’s Not a Bug, It’s a Debate Every CVE starts as a vulnerability claim, but not every claim ends in agreement. Between researchers racing to disclose vulnerabilities, and open-source maintainers guarding the stability and reputation of their projects, a gray zone appears where “vulnerability” becomes a matter of debate. This is the story…
Read More
Giving OpenClaw The Keys to Your Kingdom? Read This First

Giving OpenClaw The Keys to Your Kingdom? Read This First

February 2, 2026 Natan Nehorai, JFrog Application Security Researcher Ofri Ouzan, JFrog Security Researcher | 9 min read

In security, we never assume perfection. We assume zero-trust, and we design controls to limit the blast radius. That mindset is missing from many OpenClaw deployments today. It is almost impossible not to hear about the new personal AI assistant, OpenClaw (formerly known as ClawdBot and MoltBot). Since its release in November 2025, it has…
Read More
Breaking AppSec Myths – Obfuscated Packages

Breaking AppSec Myths – Obfuscated Packages

February 4, 2026 Guy Korolevski, JFrog Security Researcher Ofri Ouzan, JFrog Security Researcher | 15 min read

As part of the JFrog Security Research team’s ongoing work, we continuously monitor newly published packages across multiple ecosystems for malicious activity. This effort serves the broader open source community through public research disclosures, and it directly impacts the detection capabilities behind JFrog Xray and JFrog Curation. Our scanning pipeline uses a broad set of…
Read More
The AI Blind Spot Debt: The Hidden Cost Killing Your Innovation Strategy

The AI Blind Spot Debt: The Hidden Cost Killing Your Innovation Strategy

February 3, 2026 Ohad Shalev, JFrog Product Marketing Manager, AI/ML | 6 min read

In today’s AI rush, I’ve seen even the most disciplined organizations find it almost impossible to apply the hard-won lessons of DevOps and DevSecOps onto AI adoption. These organizations often feel forced to choose between moving fast and staying in control. As a result, they develop a "wait and see" approach to AI usage and…
Read More

Popular Tags