JFrog Named as a Visionary in the 2025 Gartner® Magic QuadrantTM for Application Security Testing

We’re excited to announce that Gartner has named JFrog a ‘Visionary’ in the 2025 Magic Quadrant^TM for Application Security Testing. We believe this reflects JFrog’s forward thinking strategy of integrating application security seamlessly throughout the entire software development lifecycle in ways that help organizations deliver their most secure, trusted applications without impacting developers’ productivity. 

Innovation is fundamental at JFrog, as can be seen in some of our recently introduced security products and capabilities. These reflect our vision of enabling the delivery of certifiable, trusted software, without ever slowing it down. Prominent examples include:

•  AppTrust, the industry’s first DevGovOps solution, seamlessly embeds governance, risk, and compliance directly into your existing Software Supply Chain. It provides a single application-based view and empowers you to drive compliant releases, using evidence based controls and contextualized insights
• Agentic Remediation. AI is well on its way to driving huge transformations in application security. JFrog’s Agentic Remediation brings the power of JFrog’s SAST, Catalog, and Curation to GitHub Copilot via JFrog’s MCP servers. Developers benefit from using AI, with substantially less hands-on security work thanks to inline context-aware code security and automatic remediation of CVEs.
• Curation for IDE Extensions. To protect organizations from potential threats that exploit third party tools, we recently launched Curation for IDE Extensions, which extends JFrog Curation – early blocking of malicious or risky open-source packages before they even enter – into IDE extensions.

Our Software Supply Chain Security Approach

JFrog customers benefit from security integrated natively within their Software Supply Chain Platform, rather than bolted on. This approach ensures smooth DevSecOps: Less friction, developer adoption, tool consolidation and no blind spots while never hindering the speed of delivery.

JFrog Security covers the entire software supply chain. We start with Curation, our firewall for keeping risky OSS packages from entering the software development lifecycle. We then scan binaries– in addition to code– with JFrog Xray, for software composition analysis (SCA) that is fully built into where software artifacts are managed. This approach is critical for operational efficiency across all SDLC stages and for coverage. If you don’t scan binaries, you miss catching some vulnerabilities and exposed secrets.

We ensure that DevSecOps stakeholders never drown in vulnerabilities. We provide developers and security teams with clear prioritization using contextual analysis and applicability so that the vulnerabilities that actually impact the application during runtime can be quickly remediated.

We also seamlessly integrate the software supply chain and production environment through JFrog Runtime, automatically alerting on unintended or unauthorized modifications to running images.

Our commitment to innovation, excellence and the community leads us: We’re a registered CVE Numbering Authority and our dedicated security research team is regularly at the forefront of critical discoveries, most recently reporting 6 of the 20+ npm packages that were recently compromised.

We’ve become a leader in ML security; recognizing the surge in AI/ML model attacks. We’re spearheading  automated curation and security validation of ML models, cutting reliance on error-prone manual governance and detecting malicious or tampered models before they reach the production level.

We have built application security that operates with DevSecOps agility, enabled by employing the LLMs of your choice. JFrog manages and secures software from the very first lines of code with our proprietary SAST technology, to running images in production with JFrog Runtime.

Our Momentum Continues To Build

In the software development world, the stakes have never been higher for organizations to ensure software integrity, compliance, quality, and performance of their applications without slowing the pace of their releases. JFrog is uniquely positioned to continue to deliver big on this promise, and we’re excited for what’s to come!

We will be sharing more about our vision and have several exciting announcements set for swampUP in Berlin (November 12-14). In the meantime, we invite you to connect with one of our DevSecOps experts for a deep-dive demo to see how JFrog secures your software supply chain, end-to-end.

Source: Gartner Research, Magic Quadrant for Application Security Testing, By  Jason Gross, Mark Horvath, Giles Williams, etc., October 2025

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and MAGIC QUADRANT is a registered trademark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.