Welcome to the JFrog Blog

Latest:

Using JFrog to Align Your Systems for ISO 27001 Compliance

August 28, 2025 Paul Davis, Field CISO

8 min read

ISO/IEC 27001 is an information security standard that is quickly becoming a must-have for any organization that handles proprietary customer data. ISO 27001 certification is now often a requirement to do business, particularly for IT and SaaS organizations - JFrog included! In this blog, you’ll learn more about ISO 27001, how to get certified, and…

Read More

All Blogs

8 Malicious npm Packages Deliver Multi-Layered Chrome Browser Information Stealer

8 Malicious npm Packages Deliver Multi-Layered Chrome Browser Information Stealer

August 27, 2025 Guy Korolevski, JFrog Security Researcher | 7 min read

Open-source software repositories have become one of the main entry points for attackers as part of supply chain attacks, with growing waves using typosquatting and masquerading, pretending to be legitimate. The JFrog Security Research team regularly monitors open-source software repositories using advanced automated tools, in order to detect malicious packages. In cases of potential software…
Read More
FrogML SDK: the Gateway to Model Governance

FrogML SDK: the Gateway to Model Governance

August 19, 2025 Rami Pinku, Senior Product Manager, JFrog ML | 5 min read

Data-driven decisions are critical. And to support high-stakes decision-making – from fraud detection in credit card transactions to demand forecasting in retail – organizations are increasingly relying on complex models. According to McKinsey, 78% of organizations report using AI in at least one business function, highlighting just how embedded AI and ML models have become…
Read More
The Innovation vs. Control Syndrome: Unlocking Enterprise AI’s Full Potential

The Innovation vs. Control Syndrome: Unlocking Enterprise AI’s Full Potential

August 5, 2025 Ohad Shalev, JFrog Product Marketing Manager, AI/ML | 4 min read

From optimizing supply chains to personalizing customer experiences, artificial intelligence and machine learning models are no longer statistics-based revenue initiatives; they’re foundational to modern business strategy. Organizations are pouring resources into developing and deploying AI, driven by the promise of unprecedented efficiency, insight, and competitive advantage. Yet, beneath this surging wave of innovation lies a…
Read More
Not Built to Scale: The Hidden Fragility of Cloudsmith

Not Built to Scale: The Hidden Fragility of Cloudsmith

July 29, 2025 The JFrog Artifactory Team | 11 min read

Cloudsmith claims that they are an enterprise-ready solution, a platform designed to meet the needs of modern organizations at scale. On the surface, they "talk the talk": reliability, performance, security, scalability -- they even go as far as presenting themselves as an "infinitely-scalable alternative to JFrog". However, when a vendor claims to be built for…
Read More
Top 5 Reasons to Make the Quantum Shift by Attending swampUP 2025

Top 5 Reasons to Make the Quantum Shift by Attending swampUP 2025

July 28, 2025 The JFrog Team | 3 min read

The software industry stands at the precipice of a "Quantum Shift," driven by rapid AI advancements and digital demands that require a fundamental transformation in how software is built, secured, and scaled. JFrog's annual swampUP conference is the ultimate gathering of the brightest minds in DevOps, DevSecOps, and MLOps where they exchange ideas, insights and…
Read More
JFrog Deployed on AWS: The Foundation for Cloud-Native Excellence

JFrog Deployed on AWS: The Foundation for Cloud-Native Excellence

July 25, 2025 Kate Kwiatkowski, Senior Director of Global Alliances | 4 min read

We are delighted to share the exciting news that JFrog has earned the "Deployed on AWS" badge in AWS Marketplace, marking yet another milestone in our journey of innovation and collaboration with Amazon Web Services (AWS). This achievement underscores our commitment to providing cutting-edge solutions that leverage AWS’s robust infrastructure to enhance the user experience…
Read More
Still Trusting Automated Patches Blindly? Think Again

Still Trusting Automated Patches Blindly? Think Again

July 23, 2025 Yonatan Arbel, JFrog Developer Advocate | 4 min read

The Breach: A High-Impact Compromise JounQin’s npm account, the maintainer of popular packages such as eslint-config-prettier, was compromised in a phishing attack. The attackers used the breached credentials to publish six malicious versions of eslint-config-prettier, along with three additional infected packages tied to the same account. In total, the compromised packages see roughly 78 million…
Read More
Free for the Community, Built by JFrog: Introducing the DSSE Attestation Online Decoder

Free for the Community, Built by JFrog: Introducing the DSSE Attestation Online Decoder

July 22, 2025 Yonatan Arbel, JFrog Developer Advocate | 3 min read

Attestations, or as we like to call them, evidence, are a critical piece to proving software supply chain integrity and security. However, without the right tools and processes, reviewing and verifying attestations can be time-consuming. At JFrog, we’re deeply committed to empowering developers, DevOps, and Security teams to make these complex workstreams as simple as…
Read More
Introducing JFrog’s MCP Server: Better vibes and easier AI automation

Introducing JFrog’s MCP Server: Better vibes and easier AI automation

July 17, 2025 Sean Pratt, Senior Manager, Product Marketing, JFrog | 4 min read

Good news! You no longer have to be a DevOps or JFrog expert to harness the power of the JFrog Software Supply Chain Platform. With the introduction of JFrog’s MCP Server, we're making the JFrog Platform accessible to your favorite large language models (LLMs). Now, every developer can take advantage of the detailed security and…
Read More

Popular Tags