Blog Home

JFrog Achieves AWS Security Competency

By Harel Avissar, JFrog Senior Director of Product Arun Prakash P, JFrog Cloud Operations Architect

7 min read

AWS Security Competency

At JFrog, our mission has long been to power the future of software, and we believe that future is undeniably cloud-native. This is why we’ve architected our platform as a container-first, Kubernetes-native SaaS—built for performance at scale on the world’s leading cloud infrastructure. Our deep commitment to cloud excellence has reached a major milestone in our long-standing collaboration with Amazon Web Services (AWS): JFrog has achieved AWS Security Competency status.

This designation is a testament to our commitment to providing customers with a secure, end-to-end platform that protects the software supply chain on the trusted, scalable foundation of AWS. In this article, we’ll explore what the AWS Security Competency entails, break down the technical challenges of securing cloud-native supply chains, and discuss how the JFrog and AWS integration delivers tangible business benefits.

Why the AWS Security Competency Matters Now

The software supply chain is under constant attack. In late 2025, sophisticated malicious campaigns like the Shai-Hulud attacks demonstrated how threat actors can weaponize developer infrastructure to spread malware across the Node Package Manager (npm) registry. These automated worms scan filesystems for cloud keys and can even delete user directories if exfiltration fails.

To help customers navigate this increasingly complex threat landscape, AWS maintains the Security Competency: a rigorous benchmark of excellence for partners. This framework ensures customers can identify vetted experts who possess the deep technical knowledge required to defend against such advanced threats.

What it means for our customers

The AWS Security Competency recognizes that JFrog has demonstrated technical proficiency and successful customer outcomes in securing applications on AWS. It provides our customers the peace of mind that they are building on a platform rigorously vetted by AWS experts.

For us, security isn’t an afterthought. It’s woven into the fabric of our DevOps and DevSecOps solutions. From the moment a developer writes code to the second it is deployed, our platform ensures every artifact is secure and compliant. Our competency status highlights this capability and our seamless integration with core AWS services—including but not limited to Amazon EKS, Amazon RDS, Amazon EBS, Amazon S3, AWS IAM, and Amazon CloudWatch—providing end-to-end visibility throughout the software development lifecycle (SDLC).

The Challenge: Securing Cloud-Native Supply Chains

As organizations scale on AWS, securing the software supply chain becomes increasingly complex. Traditional security methods often fail to keep pace with cloud-native development, leading to three core challenges:

1. The “Black Box” of binary risk

Modern cloud applications are assembled, not just written. Developers constantly pull third-party binaries—such as npm packages, Maven artifacts, and Docker images—from public repositories into AWS environments.

  • The Problem: There is a critical lack of visibility into what resides inside these artifacts, including transitive dependencies and malicious packages.
  • The Risk: Without deep recursive scanning, these “black box” binaries can reach production in AWS services like Amazon EKS or Amazon ECR before their risks are identified.

2. Friction between “Dev” and “Sec”

Security teams frequently operate in silos, utilizing tools that are disconnected from the primary AWS CI/CD pipeline.

  • The Problem: Disconnected security workflows force developers to context-switch or wait for slow, out-of-band scans.
  • The Risk: This friction creates a bottleneck that encourages teams to bypass security controls entirely to maintain deployment velocity, or significantly slows down the time-to-market.

3. Tool sprawl and alert fatigue

Managing a cloud-native footprint often involves juggling a fragmented collection of dashboards and disconnected point solutions.

  • The Problem: Vulnerability data from the application layer is rarely correlated with the underlying infrastructure layer.
  • The Risk: Teams “drown in noise” and suffer from security fatigue, struggling to prioritize which vulnerabilities pose a legitimate threat and which are merely non-exploitable background noise.

The Solution: A Unified Approach to Security on AWS

The JFrog Platform offers a comprehensive security solution, seamlessly integrated with your AWS infrastructure and powered by:

  • JFrog Xray: Provides deep, recursive scanning of all binaries for vulnerabilities and license compliance issues with real-time feedback.
  • JFrog Advanced Security: Offers deeper analysis to uncover critical zero-day threats, exposed secrets, and malicious code. Includes contextual analysis to determine the actual reachability and exploitability of CVEs, helping teams prioritize the vulnerabilities that matter most.
  • JFrog Runtime Security: Extends protection beyond the build process by providing continuous, real-time monitoring of running applications on AWS to identify active threats.
  • JFrog Curation: Proactively vets and blocks risky open-source packages before they enter the supply chain, ensuring developers consume only trusted components.
  • JFrog AppTrust: Delivers application risk governance with evidence-based controls and contextualized insights through a single management console.
  • JFrog AI Catalog: A unified hub for discovering, governing, and serving AI and ML models across the organization.

By running on AWS, these solutions leverage the scale, reliability, and global reach of a cloud infrastructure designed to meet the world’s most stringent security requirements, empowering teams to innovate securely.

The Benefit: Leveraging JFrog and AWS Together

Consolidating security and DevOps onto an AWS-validated platform enables organizations to achieve significant gains in protection and efficiency across the entire business.

Benefit #1: Bridging the “trust gap” in vendor vetting

Instead of a manual, months-long review, the AWS Security Competency acts as a pre-validated baseline. Because AWS security experts have already audited the technical architecture, leadership can move from “Is this safe?” to “How fast can we deploy?” more quickly.

  • The result: A streamlined governance process that reduces the internal friction of vendor approval.

Benefit #2: Unblocking developer velocity and flexibility

Security is most effective when it’s a “quiet” part of the developer’s workflow. By integrating natively into the AWS CI/CD pipeline, the platform provides contextual security results where developers already live.

  • The result: It eliminates the “context-switching tax.” By using features like Contextual Analysis to filter out non-exploitable threats, teams can focus on real risks without sacrificing deployment frequency.

Benefit #3: Operational efficiency via the AWS ecosystem

Fragmented security stacks—juggling separate tools for containers, SCA, and artifacts—create “tool sprawl” and hidden costs. The Security Competency validates a unified approach that simplifies both the technical and financial side of the house.

  • The result: By utilizing AWS Marketplace, organizations can consolidate their billing and apply spend toward their existing AWS commitments, turning a security upgrade into a procurement win.

Proven Success: JFrog on AWS

Our mission is to help customers innovate faster and more securely. This achievement is a direct result of the trust our customers place in the JFrog Platform on AWS.

  • Iress, a global financial software leader, migrated to JFrog on AWS to eliminate maintenance overhead and enhance their security posture with continuous scanning, ensuring they meet strict regulatory requirements.
  • Mitsubishi UFJ e-Smart Securities adopted JFrog as a SaaS solution on AWS, achieving end-to-end traceability and improved governance for their software release process.
  • Technology Innovation Institute (TII) scaled their DevOps on AWS to support robotics research, using JFrog to automate security scans and reduce build/deploy times by 50%.
  • Informatica utilizes JFrog to secure artifacts across a complex hybrid architecture. “We wanted centralized artifact management that’s highly scalable and high performance… ensuring our developers and DevOps team can store, manage, and version artifacts throughout their lifecycles,” says Deepa Mani, Principal DevOps Engineer.

Take the Next Step

Achieving the AWS Security Competency is just the beginning. Whether you are migrating workloads to the cloud or securing a massive Kubernetes footprint, the JFrog Platform on AWS provides the “trust accelerator” you need.

Explore how the JFrog Platform and AWS work together to protect every artifact from code to production:

  • Learn More: Explore our partnership with AWS and find JFrog in AWS Marketplace.
  • Take a Tour: Get a quick, self-guided look at how JFrog helps secure your SDLC, no meeting required. Link to tour here:  https://jfrog.com/start/
  • See it in Action: Book a personalized demo to see contextual analysis and key security capabilities in action: Book here >
  • Join the Webinar (Jan 22): New Year, New Threats: Learn how to stop risky and malicious third-party components (from packages to models and more) before they reach developers, without slowing teams down. Register now >

Popular Tags