JFrog swampUP 2024: News and Updates Live From the Show Floor
Live updates from this event have concluded.
JFrog’s annual user conference, swampUP 2024, brings together developers, DevOps teams, security engineers, SREs, AI/ML Engineers, thought leaders, industry experts, and technical professionals from the world’s leading enterprises. Together, we’ll explore the latest advancements, best practices, and transformative strategies shaping modern EveryOps. Here are live keynote updates coming from the event in Austin, TX on September 10-11 2024:
Conference Day 2, September 11th
[10:35 a.m.] Responsible AI: Policy Solutions for DevSecOps
Victoria A. Espinel | CEO, Business Software Alliance (BSA)
Jens Eckels | VP Product Marketing, JFrog
Artificial intelligence (AI) is revolutionizing problem-solving and innovation in DevSecOps. Leveraging AI responsibly is essential for building secure, trustworthy systems. Governments are crafting policies to ensure AI’s benefits while mitigating risks. BSA’s Policy Solutions for Building Responsible AI provides a framework to achieve these goals, focusing on governance, innovation, and transparency. In this final keynote session, JFrog VP of Product Marketing, Jens Eckels interviews CEO of BSA, Victoria A. Espinel.
Sound bites from the session
- Espinel on the legal process of using new tech without stifling innovation: “Our job is to understand the goal or business objective they’re trying to accomplish. Then we try to partner with them to identify the best approach to help them realize those objectives.”
- Espinel says, “A lot of the rules haven’t been written yet. But they’re being written. Many companies’ practices are driven less by what the laws on the book are today, and more by how those businesses want to begin to establish their shared approaches to AI safety.”
- Espinel on balancing a forward-looking approach with varying regulations across the globe: “It’s one the biggest challenges we deal with… the lack of clarity and consistency is a difficult thing. But there is an opportunity around AI regulation that I haven’t seen exist before.”
- “There’s an enormous rush of interest from governments around the world, and there’s an opportunity for them to work together.”
- Policymakers will have other competing priorities, Espinel says, so we have a 12- to 18-month window to get it done.
- On what is coming down the road, Espinel says, “There is a lot of concern about abusive material and what companies should do to avoid it. This is an area where some businesses have to make their own decisions about what prompts they use internally and what they think are the acceptable results of those prompts.”
- Espinel says, “The creative communities are very concerned about GenAI. That issue is one that is 100% coming in the U.S. and EU. The problem with regulation is it’s not always drafted to be as precisely as it should be, so the question is how we can make sure governments support tech innovation and creativity.”
[9:55 a.m.] Building the Bridge Between DevOps and MLOps in a GenAI World
Luke Marsden | CEO, Helix.ml
DevOps and MLOps intersect in ways never before considered in today’s AI-driven reality. With expertise in DevOps, MLOps, LLMs, Kubernetes, Docker and more, Luke Marsden explores how to build bridges, adopt best practices, and pitfalls to avoid as we all strive to make AI really work.
Sound bites from the session
- Marsden: “It’s really quite an exciting time to be alive in the time of AI and figuring out how to get it to benefit your business.”
- Marsden moves on to talk about the division between MLOps and LLMOps, and how the goal is to bridge that “chasm”.
- Mardsen’s “manifesto” surrounding DevOps for MLOps and LLMOps includes five essential characteristics: Reproducible, collaborative, tested, portable, and secure.
- Marsden: “If you take one thing away from this presentation: version all the things, test all the things, and host all the things.”
- Five points from Marsden on productionizing an LLMOps stack:
- Make it run on K8s
- Multi-node Ollama
- Integrate with APIs
- BUils an app editor
- YAML format for spec. GitOps! Evals!
[9:05 a.m.] JPMorganChase: Mastering DevOps at Scale
Gopinath Gopalsamy | Managing Director, JP Morgan Chase
With an unprecedented number of artifacts generated monthly, the scale of one of the world’s largest digital organizations is unmatched. In his keynote session, JPMC’s Executive Director Gopi Gopalsamy offers a peek inside the pipelines of one of the world’s most influential organizations.
Sound bites from the session
- Gopalsamy says his company works with $6 trillion in daily payment transactions. “You need a high amount of resiliency and reliability to support this volume of transactions.”
- “As a bank, the most important thing is trust — we’re a security-first organization, and I’m proud to say that,” Gopalsamy says.
- “Resiliency and reliability are key for us, and JFrog Artifactory plays a very key role in that.”
- Gopalsamy says that with all of the automation happening today, “even for a smaller company, you’re going to end up with millions of artifacts that need to be managed.”
- Among Gopalsamy’s key takeaways: “First, you absolutely need better observability.” He also says that just in the past year, his company’s storage size has increased 30X, requiring strong hygiene policies.
- In terms of best practices, Gopalsamy advises against anonymous read access and building mega repos. While the intention with anonymous read access can be noble, it creates issues with maintaining performance, especially at scale.
- Gopalsamy also mentioned JP Morgan Chase’s evaluation of transitioning to JFrog SaaS – while the journey is just beginning with proof of concept (PoC), early results look promising.
[8:35 a.m.] How to Master Your Software Supply Chain with Trust
Scott Johnston | CEO, Docker
Shlomi Ben Haim | CEO & Co-founder, JFrog
The importance of a consolidated, end-to-end trusted software supply chain spans from public hubs through trusted pipeline source code repositories and software package registries as a single source of truth. Safeguarding this flow requires the right tools for developers for SSC security to protect against risks or mistakes before software is being updated on the edge. In this session JFrog CEO & Co-founder, Shlomi Ben Haim and Docker CEO, Scott Johnston hold an open dialogue on stage between today’s market leaders, discussing what consolidation looks like and what it takes to set the standards and shape the future of DevOps and DevSecOps.
Sound bites from the session
- Johnston says containers have been around for decades, “But it was really hard tech to take advantage of.” The idea of Docker was to take the complex tech and make it accessible to millions.
- Ben Haim: “We understand that we’re in the midst of change in the industry.” He asks Johnston how he’s looking at the next few years when it comes to tool consolidation.
- In response, Johnston says tool consolidation comes down to three key pillars: does it help with velocity, does it help people do work more efficiently, and does it help you reduce risk? “As the industry matures, you will see what was best-of-breed become consolidated.”
- Ben Haim asks if he thinks this will impact collaboration between vendors in the industry. Johnston: “We’re in the very first chapter of an exciting evolution.”
- Johnston says a current goal for the industry is to “Move the SLDC left toward developers and give them options that help them make smart choices from the get-go.”
- Johnston: “The most effective organizations we see provide guardrails and give developers choice within those guardrails.”
- On AI, Johnston says, “There are two massive transformations — the essence of applications is changing, there’s now code, models, and data… The second is, how applications are built. The ‘how’ used to be humans, but we believe that’s going to shift radically to humans setting requirements, but the code will be developed by bots or agents. That’s a very different world than we live in today.”
- “Guess what happens when agents become the bottleneck of code creation? You have an explosion of code.” Johnston says you need a community to guide it all to prevent and eliminate the excess “junk” created.
- Turning the attention to MLOps, Johnston says, “What’s interesting is the workflow for a model isn’t necessarily the same as it is for code; tuning a model is not running it through integration testing. At the workflow layer, models aren’t, at the end of the day, exactly like code.”
- “We typically see startups jump on new technologies early, but in this phase, the C-suite is so excited by the benefits of ML and AI, that we’ve never seen adoption so high,” Johnston says.
- On how JFrog and Docker will work together: “There are lots of clever things we can do to make it an easier and more delightful experience for developers and DevOps.”
- Ben Haim asks Johnston if he sees a future where software updates happen without human intervention. “When the limits are machine-based, you can achieve a continuous release cycle. But then it comes back to humans and the level of risk they’re willing to accept.”
[8:30 a.m.] Opening Keynote
Melissa McKay | Head of Developer Relations, JFrog
Welcome to day two of swampUP 2024! JFrog’s Head of Developer Relations, Melissa McKay, is opening the activities this morning with a short keynote. Melissa is passionate about Java, DevOps and Continuous Delivery. She serves on the CNCF governing board and shares her knowledge with the community as a developer, speaker, and author. Melissa has been recognized as a Java Champion and Docker Captain, is an international speaker at numerous events including KubeCon and DockerCon, and is co-author of the O’Reilly title, DevOps Tools for Java Developers.
Sound bites from the session
- McKay asks for a show of hands in the audience: “Who here is a speaker?” either internally at their organizations or at other conferences. She then initiates a round of applause for those who raised their hands, and mentioned that the special Carl Quinn annual speaker award will be announced at the end of the conference day.
- McKay then announces that swampUP 2025 will take place in Napa Valley! She then introduces JFrog’s CEO and Co-founder, Shlomi Ben Haim, who is joined onstage by Docker CEO, Scott Johnston for a fireside-style chat.
Conference Day 1, September 10th
[11:35 a.m.] Operationalizing genAI applications with DevOps practices
Patrick Debois | Founder of DevOps
Wrapping up the morning keynotes is Patrick Debois, the founder of DevOps, on operationalizing GenAI applications with DevOps practices. He also reflects on the business implications of these advancements and their significance in the ever-evolving landscape of technology.
Sound bites from the session
- One of the overarching messages from Debois: when developing GenAI applications, the release, version and testing principles are the same. Then, it’s time to move to production.
- Regarding observability, Patrick says, “Much like API tracing, you want prompt tracing.” You also want to A/B test prompts to test effectiveness — “We all understand how this works, and it’s very valuable.”
- As the GenAI paradigm emerged, Debois says, “One of the things we had to overcome was that data science people were the stars of the show, but engineers were scared. We really had to help engineers learn.”
- Debois says not to hide AI: “It indicates that the end user needs to be on their toes and less trustworthy in what they’re getting.”
- When it comes to dealing with GenAI, Debois highlights the need to be comfortable with a level of uncertainty. He further stresses the importance of observability-driven development.
- Debois finishes with a quote circulating on social media: The hottest new programming language is English. “It’s an amazing time to be alive,” he says.
[10:45 a.m.] Elevating Innovation: GitHub & JFrog Paving the Way Forward
Brian A. Randell | Staff Developer Advocate, GitHub
Yonatan Arbel | Developer Advocate, JFrog
What happens when the leaders in code management and GenAI join forces with the binary management and software supply chain security experts? In their keynote, GitHub’s Brian A. Randell and JFrog’s Yonatan Arbel share game-changing advances in the world’s top DevOps and DevSecOps platforms and how together, JFrog and GitHub are creating tectonic shifts in the development landscape.
Sound bites from the session
- Randell: “We want to help everyone deliver secure solutions faster — that means we need the tools available where developers need them.”
- Arbel says, “It all starts with the developer.” Randell adds, “It’s all about improving processes so we can do things faster and more securely.”
- “This year alone, we’ve already prevented more than 30,000 secrets from being pushed into public repositories,” Randell says.
- Following a product demo, Arbel says, “You have to know in order to trust.”
- The integration between JFrog and GitHub introduces integrity — dynamic, secure access that ensures dynamic, short-lived token generation for every workflow to minimize risk and enhance security.
- The integration also brings clarity—total workflow visibility for complete insight into CI/CD processes. Next is continuity, or seamless context navigation between JFrog and GitHub.
- Arbel: “We wouldn’t finish this session without mentioning AI, right?” He says this is one of the most exciting features he’s worked on in his eight years with JFrog — “giving Copilot a Frog’s brain.”
- The duo wraps up by saying the integration makes developers more responsible because they can now easily account for security.
[10:05 a.m.] From Silos to Synergy: MLOps & Developers Unified
Yuval Fernbach | VP & CTO, JFrog MLOps
The software supply chain increasingly incorporates elements of machine learning and AI that must be developed, trained, experimented upon and delivered into production. In his keynote session, Yuval Fernbach, CTO of JFrog MLOps, covers how the joint technologies of JFrog and the recently-acquired Qwak AI platform streamline a trusted AI supply chain and unify DevSecOps best practices with the world of machine learning to help companies deliver intelligent software fast.
Sound bites from the session
- Fernbach says that 85% of AI and ML projects fail to reach production. “It’s mostly because of infrastructure,” he says.
- “The ML lifecycle is different from the software lifecycle — and you need to make sure you support it.”
- On ML lifecycle challenges, Fernbach says organizations need improved collaboration, streamlined processes, enhanced monitoring, and the ability to scale the number of models in production.
- Yoav Landman then takes the stage once more to recap the morning announcements before a short coffee break — we’ll be back live in 10 minutes!
[9:40 a.m.] From Vulnerabilities to Vigilance: JFrog’s Security Focus
Eyal Dyment | VP of Product, JFrog
Did you know that many companies have 10 or more DevSecOps tools that scan their code and binaries? In this keynote, JFrog VP of Product, Eyal Dyment explores unique advancements in the JFrog Platform that cut security down to size; pinpointed, contextual remediation advice, consolidating tools to reduce cost and duplication, providing intensive, research-backed threat results and putting all of your DevSecOps initiatives into a holistic approach from end to end.
Sound bites from the session
- Dyment mentions that only 56% of organizations are scanning for both source code and binary vulnerabilities.
- On JFrog Advanced Security, Dyment says it goes beyond vulnerabilities with exposure detection and SAST scanning while also prioritizing CVEs with contextual analysis. “This is all coming from feedback from you (the users).”
- JFrog Curation is a gateway that allows you to control, with policies, which packages can enter your organization. “We’re constantly adding to the technology based on your feedback.”
- He says we’re ready to take the next leap into production. He announces the availability of JFrog Runtime Security — “It’s not just another one-time solution.”
- The solution gives users real-time visibility and the ability to verify image integrity. It prioritizes and focuses on what matters most and provides bidirectional lineage.
- Dyment showcases a live demo of JFrog Runtime Security. “It allows you to see data flowing into your environments from multiple dimensions.”
- JFrog Runtime Security is available now in GA.
- Yoav Landman returns to the stage: “I hope you’re as excited as I am about JFrog Runtime Security — this blind spot has now been cleared up.”
- Finally, the attention turns to machine learning (ML) with a concise message: ML is now YOUR business.
[9:15 a.m.] JFrog Platform Innovation: Reloading Development Teams
Yoav Landman | CTO & Co-founder, JFrog
Enterprises are increasingly focused on end-to-end visibility and governance of the entire software supply chain in order to meet development team goals, security requirements and compliance needs. As efficiency across the software lifecycle becomes an issue, customers tell us that tooling consolidation via holistic platforms is the path for many companies. In his annual, landmark technology keynote, JFrog co-founder and CTO, Yoav Landman discusses the advancements in the JFrog Platform across EveryOps, and how an integrated platform is key to tomorrow’s development success.
Sound bites from the session
- Landman introduces the idea of EveryOps and breaking down silos across the software supply chain.
- “JFrog has started to eliminate risks one-by-one,” Landman says. Curation, SAST, Xray, and JFrog Advanced Security all contribute to end-to-end software supply chain security.
- Landman mentions that seven in 10 applications contain security vulnerabilities after five years in production. “After 18 months or so, you start to accumulate technical debt.”
- “We want to bridge this chasm with integrated dev-to-production visibility.”
[8:45 a.m.] EveryOps Matters
Shlomi Ben Haim | CEO & Co-founder, JFrog
In this annual swampUP kickoff, JFrog co-founder and CEO Shlomi Ben Haim – alongside a special guest – explores how developers may still start with code and CI, but are increasingly asked to hold the reins of EveryOps; building, securing and delivering alongside the machines and systems they created.
Sound bites from the session
- “Welcome from swampUP 2024, live from Austin, TX!” JFrog CEO and co-founder, Shlomi Ben Haim, has taken the stage for the morning’s first keynote presentation, “EveryOps Matters.” He mentions we’re celebrating the 10th anniversary of swampUP!
- “What they speak about in the boardroom is cost and predictability of cost — can we trust what’s coming from the developers all the way to the customer’s hands?”
- Ben Haim touches on four areas that combine to define the developer’s path: cloud/multicloud/hybrid, security, consolidation, and innovation. “You have to listen to what the market is saying.”
- He says spending on the public cloud will increase in the coming years, according to a JFrog survey — CIOs expect that 35.4% of IT budget will be spent in the cloud in five years.
- Security projects continue to be the No. 1 priority in 2024. Ben Haim mentions a new budget line — AI security and MLSecOps. “People are really stressed.”
- “We all want to be innovators — what we’ve seen with the recent adoption of new technologies is like nothing we’ve ever seen before. When you think about MLOps, it’s the same process as DevOps and DevSecOps, just serving different personas.”
- By 2024, most organizations will adopt AI solutions within their security teams. “When innovation knocks on your door, you can’t stand there and not open it. You need to embrace it and be ready for what your organization is going through.”
- Special guest GitHub CEO, Thomas Dohmke, joins Ben Haim via video: “As the volume of code continues to explode, everyone who touches code spends their time in the weeds. [Our integration] enables you to manage code and binaries more efficiently.”
- Dohmke adds, “We’re bringing the power of JFrog to GitHub Copilot.”
- “This is just the beginning,” Dohmke says.
- Ben Haim asks how this will change developers’ lives. By bringing JFrog into Copilot, developers gain a new level of institutional knowledge, Dohmke replies. “We’re bringing the collective knowledge of your world into a single place.”
- Ben Haim turns his attention to the single source of truth. “We have become the system of record for all software packages.”
- In a moment that gets the audience cheering, Ben Haim announces a collaboration with industry leader, NVIDIA. On JFrog’s collaboration with NVIDIA: “We are very excited, and we know that with the MLOps evolution, there is the potential for more and more collaboration.”
- Ben Haim thanks the partners and sponsors of swampUP 2024, including Google Cloud, AWS, GitHub, NVIDIA, Microsoft, and more. He finishes with a classic line: “May the Frog be with you.”