Welcome to the JFrog Blog

Latest:

How to Detect and Eliminate Shadow AI in 5 Steps

December 17, 2025 Or Cohen Naznin, Product Manager, JFrog ML

7 min read

The pressure to integrate AI is immense. Your developers need to move fast, and they’re finding ways to get the job done. But this rush for innovation often happens outside of established governance, creating a sprawling, invisible risk known as Shadow AI. To secure your organization, you must first understand what Shadow AI actually is.…

Read More

All Blogs

The Innovation vs. Control Syndrome: Unlocking Enterprise AI’s Full Potential

The Innovation vs. Control Syndrome: Unlocking Enterprise AI’s Full Potential

August 5, 2025 Ohad Shalev, JFrog Product Marketing Manager, AI/ML | 4 min read

From optimizing supply chains to personalizing customer experiences, artificial intelligence and machine learning models are no longer statistics-based revenue initiatives; they’re foundational to modern business strategy. Organizations are pouring resources into developing and deploying AI, driven by the promise of unprecedented efficiency, insight, and competitive advantage. Yet, beneath this surging wave of innovation lies a…
Read More
JFrog Deployed on AWS: The Foundation for Cloud-Native Excellence

JFrog Deployed on AWS: The Foundation for Cloud-Native Excellence

July 25, 2025 Kate Kwiatkowski, Senior Director of Global Alliances | 4 min read

We are delighted to share the exciting news that JFrog has earned the "Deployed on AWS" badge in AWS Marketplace, marking yet another milestone in our journey of innovation and collaboration with Amazon Web Services (AWS). This achievement underscores our commitment to providing cutting-edge solutions that leverage AWS’s robust infrastructure to enhance the user experience…
Read More
Still Trusting Automated Patches Blindly? Think Again

Still Trusting Automated Patches Blindly? Think Again

July 23, 2025 Yonatan Arbel, JFrog Developer Advocate | 4 min read

The Breach: A High-Impact Compromise JounQin’s npm account, the maintainer of popular packages such as eslint-config-prettier, was compromised in a phishing attack. The attackers used the breached credentials to publish six malicious versions of eslint-config-prettier, along with three additional infected packages tied to the same account. In total, the compromised packages see roughly 78 million…
Read More
Free for the Community, Built by JFrog: Introducing the DSSE Attestation Online Decoder

Free for the Community, Built by JFrog: Introducing the DSSE Attestation Online Decoder

July 22, 2025 Yonatan Arbel, JFrog Developer Advocate | 3 min read

Attestations, or as we like to call them, evidence, are a critical piece to proving software supply chain integrity and security. However, without the right tools and processes, reviewing and verifying attestations can be time-consuming. At JFrog, we’re deeply committed to empowering developers, DevOps, and Security teams to make these complex workstreams as simple as…
Read More
The UK’s New Software Security Code of Practice and How JFrog Can Help

The UK’s New Software Security Code of Practice and How JFrog Can Help

July 16, 2025 Dafna Zahger Bernanka, JFrog Director of Product Marketing, Security | 8 min read

The UK government has taken a proactive step by recently releasing the Software Security Code of Practice, a vital framework aimed at strengthening the cybersecurity posture of organizations that develop and sell software. This code outlines essential practices and principles, guiding companies to enhance their software security throughout the development lifecycle, from initial design to…
Read More
How to Optimize DevSecOps Workflows Using JFrog

How to Optimize DevSecOps Workflows Using JFrog

July 15, 2025 Pranav Hegde, Tech Lead, JFrog | 9 min read

Embedding security within the Software Development Life Cycle (SDLC) is no longer just a best practice; it’s a full-on necessity. DevSecOps extends the DevOps model by making security a shared responsibility from the earliest stages of development. Today’s enterprises require this kind of integrated approach to streamline workflows from development to deployment. The JFrog Platform…
Read More
JFrog and GitHub: Next-Level DevSecOps

JFrog and GitHub: Next-Level DevSecOps

September 10, 2025 Paul Garden, JFrog Partner and Industry Solutions | 6 min read

Most DevSecOps pipelines have a gap: source code security and binary security are handled in separate silos. This creates blind spots, slows teams down, and increases risk. At swampUP 2025, we’re unveiling the next evolution of the JFrog and GitHub integration, a deeply integrated DevSecOps experience that unifies best-of-breed code and binary platforms. With JFrog…
Read More
Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients

Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients

July 9, 2025 Or Peles, JFrog Senior Security Researcher | 12 min read

The JFrog Security Research team has recently discovered and disclosed CVE-2025-6514 - a critical (CVSS 9.6) security vulnerability in the mcp-remote project - a popular tool used by Model Context Protocol clients. The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it initiates a connection to an untrusted…
Read More
SwiftPM, CocoaPods, and the Future of Enterprise Development for Apple Platforms

SwiftPM, CocoaPods, and the Future of Enterprise Development for Apple Platforms

June 25, 2025 Adam Browning, Senior Product Manager | 8 min read

Key Takeaways: With the rise in popularity of SwiftPM, CocoaPods Trunk (the central public registry) will be moving to a read-only state. Thankfully, you can continue to publish your CocoaPods dependencies into JFrog Artifactory - even proxying the entire CocoaPods Trunk if desired. While SwiftPM is great, there is no true Public Registry. Artifactory fully…
Read More

Popular Tags