Welcome to the JFrog Blog

Latest:

Securing Vibe Coding: JFrog Introduces AI-Generated Code Validation

November 13, 2025 Jacqueline Basil, JFrog Product Marketing Manager, Security

5 min read

A fundamental shift in software development is already here. Gartner predicts that by 2028, 75% of enterprise software engineers will use AI code assistants - a massive leap from less than 10% in early 2023. While this AI-driven speed creates a competitive advantage, it also opens a dangerous new front in the battle for software…

Read More

All Blogs

Beyond Models: JFrog AI Catalog Evolves to Detect Shadow AI and Govern MCPs

Beyond Models: JFrog AI Catalog Evolves to Detect Shadow AI and Govern MCPs

November 13, 2025 Ran Romano, JFrog VP of P&E | 5 min read

When we first introduced the JFrog AI Catalog, it was our mission to provide the industry with a single system of record for governing the complex landscape of internal, open-source, and external commercial AI models. This foundational step was critical for enterprises to move from uncontrolled innovation to delivering AI with trust and confidence. However,…
Read More
The Security Imperative: Trust, Speed, and Integral Defense

The Security Imperative: Trust, Speed, and Integral Defense

November 11, 2025 The JFrog Team | 10 min read

The systemic nature of software supply chain attacks is growing more complex, creating a critical tension between speed and security. The Israeli National Cyber Directorate’s (INCD) recent "Breaking the Chain" report validates that the most significant threats live outside your first-party code, highlighting a crisis of trust in the open-source-software (OSS) supply chain. While the…
Read More
Critical RCE Vulnerability CVE-2025-11953 Puts React Native Developers at Risk

Critical RCE Vulnerability CVE-2025-11953 Puts React Native Developers at Risk

November 4, 2025 Or Peles, JFrog Senior Security Researcher | 12 min read

The JFrog Security Research team recently discovered and disclosed CVE-2025-11953 - a critical (CVSS 9.8) security vulnerability affecting the extremely popular @react-native-community/cli NPM package that has approximately 2M weekly downloads. The vulnerability allows remote unauthenticated attackers to easily trigger arbitrary OS command execution on the machine running react-native-community/cli’s development server, posing a significant risk to…
Read More
JFrog & GitHub: Unifying the Software Supply Chain, One Step at a Time… and Our 2025 GitHub Technology Partner Award

JFrog & GitHub: Unifying the Software Supply Chain, One Step at a Time… and Our 2025 GitHub Technology Partner Award

October 28, 2025 Paul Garden, JFrog Partner and Industry Solutions | 6 min read

Organizations increasingly demand platforms that not only accelerate software delivery but also provide trust, security, and traceability. At JFrog, the software supply chain is managed and secured by default, from commit to runtime. That’s why our deep integration with GitHub is central to how we help teams manage, monitor, and secure every step of software…
Read More
A Framework for Cloud Resilience: Practical Steps to Harden Your Software Supply Chain

A Framework for Cloud Resilience: Practical Steps to Harden Your Software Supply Chain

October 23, 2025 Sean Pratt, Senior Manager, JFrog | 4 min read

“...our entire dev flow basically stopped, no builds, no tests, no deployments…”  This user quote, captured on Reddit, underscores the real-world consequence of cloud outages: when it happens, the world stops. As your organization scales, you often make strategic decisions to centralize your workloads, whether it’s meeting strict regulatory requirements that demand data locality, or…
Read More
JFrog Named as a Visionary in the 2025 Gartner® Magic Quadrant™ for Application Security Testing

JFrog Named as a Visionary in the 2025 Gartner® Magic Quadrant™ for Application Security Testing

October 22, 2025 Eyal Dyment, JFrog VP of Product | 5 min read

We’re excited to announce that Gartner has named JFrog a ‘Visionary’ in the 2025 Magic QuadrantTM for Application Security Testing. We believe this reflects JFrog’s forward thinking strategy of integrating application security seamlessly throughout the entire software development lifecycle in ways that help organizations deliver their most secure, trusted applications without impacting developers’ productivity.  Innovation…
Read More
CVE-2025-6515 Prompt Hijacking Attack – How Session Hijacking Affects MCP Ecosystems

CVE-2025-6515 Prompt Hijacking Attack – How Session Hijacking Affects MCP Ecosystems

October 21, 2025 Ori Hollander, JFrog Security Researcher Ofri Ouzan, JFrog Security Researcher | 10 min read

JFrog Security Research recently discovered and disclosed multiple CVEs in oatpp-mcp - the Oat++ framework’s implementation of Anthropic’s Model Context Protocol (MCP) standard. Among these, CVE-2025-6515 stood out due to its potential threat of hijacking MCP session IDs. Within the context of MCP we’ve dubbed this new attack technique "Prompt Hijacking". Your browser does not…
Read More
Top 5 Reasons to Attend JFrog’s Inaugural swampUP Europe 2025

Top 5 Reasons to Attend JFrog’s Inaugural swampUP Europe 2025

October 16, 2025 The JFrog Team | 4 min read

Following the resounding success of swampUP, the award-winning, annual DevOps, DevSecOps, and MLOps conference is heading to Europe! Set in the heart of Germany’s capital city of Berlin – a centrally-located, rapidly expanding tech hub – the inaugural swampUP Europe 2025 will detail the "quantum shift" in how software is built, secured, and scaled, with…
Read More

Popular Tags