Welcome to the JFrog Blog

Latest:

The State of the Software Supply Chain 2025

April 1, 2025 Sean Pratt, Senior Manager, Product Marketing, JFrog

6 min read

Managing and securing the software supply chain is crucial for trusted releases, but as any tech organization knows, it also presents significant challenges. With over 15 years of experience and a dedicated security research team, we at JFrog understand these threats. In a rapidly evolving post-AI world, DevSecOps teams are struggling to keep pace with…

Read More

All Blogs

Live Panel Recap: Women in DevOps 2025

Live Panel Recap: Women in DevOps 2025

March 26, 2025 The JFrog Team | 4 min read

In a LinkedIn Live panel discussion hosted by Melissa McKay, Head of Developer Relations at JFrog, thought leaders from NVIDIA, GitHub, and JFrog came together to discuss the transformative power of AI in modern software development. This session delved into three key topics: the integration of AI in the software development lifecycle (SDLC), strategies for…
Read More
CVE-2025-29927 – Authorization Bypass Vulnerability in Next.js: All You Need to Know

CVE-2025-29927 – Authorization Bypass Vulnerability in Next.js: All You Need to Know

March 24, 2025 Yoav Saporta, JFrog Security Researcher Yair Mizrahi, JFrog Security Research Team Lead | 10 min read

On March 21st, 2025, the Next.js maintainers announced a new authorization bypass vulnerability - CVE-2025-29927. This vulnerability can be easily exploited to achieve authorization bypass. In some cases - exploitation of the vulnerability can also lead to cache poisoning and denial of service. Which versions of Next.js are affected? Next.js 15.x - from version 15.0.0…
Read More
Conan Launches C/C++ Audit Functionality

Conan Launches C/C++ Audit Functionality

March 19, 2025 Diego Rodriguez-Losada Gonzalez, JFrog Lead Architect | 6 min read

Overview Conan is a leading software package manager for C/C++ development environments. As an open source multi-platform package manager, it is used to create, manage and share native binaries and their dependencies based on C/C++ code. C/C++ is often the preferred language for developing embedded systems, mobile platforms, and real-time applications due to its low-level…
Read More
Is TensorFlow Keras “Safe Mode” Actually Safe? Bypassing safe_mode Mitigation to Achieve Arbitrary Code Execution

Is TensorFlow Keras “Safe Mode” Actually Safe? Bypassing safe_mode Mitigation to Achieve Arbitrary Code Execution

March 12, 2025 Andrey Polkovnichenko, JFrog Security Researcher | 9 min read

Update: This issue was discovered and disclosed independently to Keras by JFrog's research team and Peng Zhou. Machine learning frameworks often rely on serialization and deserialization mechanisms to store and load models. However, improper code isolation and executable components in the models can lead to severe security risks. The structure of the Keras v3 ML Model…
Read More
Get to Know JFrog ML

Get to Know JFrog ML

March 4, 2025 William Manning, Senior Solution Architect, JFrog ML Sean Pratt, Senior Manager, Product Marketing, JFrog | 6 min read

AI/ML development is getting a lot of attention as organizations rush to bring AI services into their business applications. While emerging MLOps practices are designed to make developing AI applications easier, the complexity and fragmentation of available MLOps tools often complicates the work of Data Scientists and ML Engineers, and lessens trust in what’s being…
Read More
Accelerating Enterprise AI Development: A Guide to the JFrog-NVIDIA NIM Integration

Accelerating Enterprise AI Development: A Guide to the JFrog-NVIDIA NIM Integration

March 4, 2025 Kristian Taernhed, JFrog Senior Technical Alliance Manager | 5 min read

Enterprises are racing to integrate AI into applications, yet transitioning from prototype to production remains challenging. Managing ML models efficiently while ensuring security and governance is a critical challenge. JFrog’s integration with NVIDIA NIM addresses these issues by applying enterprise-grade DevSecOps practices to AI development. Before exploring this solution further, let's examine the core MLOps…
Read More
JFrog and Hugging Face Join Forces to Expose Malicious ML Models

JFrog and Hugging Face Join Forces to Expose Malicious ML Models

March 4, 2025 David Cohen, JFrog Senior Security Researcher | 17 min read

ML operations, data scientists, and developers currently face critical security challenges on multiple fronts. First, staying up to date with evolving attack techniques requires constant vigilance and security know-how, which can only be achieved by a dedicated security team. Second, existing ML model scanning engines suffer from a staggering rate of false positives. When a…
Read More
FINMA Compliance: DevSecOps Strategies for Securing the Swiss Financial Ecosystem

FINMA Compliance: DevSecOps Strategies for Securing the Swiss Financial Ecosystem

February 24, 2025 Danny Parizada, JFrog Senior Solution Engineer | 6 min read

The Swiss Financial Market Supervisory Authority (FINMA) sets strict requirements to ensure that financial institutions operating in Switzerland maintain robust security and operational resilience. FINMA’s guidelines are crucial for protecting sensitive financial data, minimizing risks, and maintaining trust in the Swiss financial ecosystem. As part of that, software supply chain security plays an essential role…
Read More
Introducing Support for Hex Packages

Introducing Support for Hex Packages

February 18, 2025 Brian Chang, Product Marketing Manager | 2 min read

JFrog has always prioritized universality, ensuring software development teams have true freedom of choice. Core to the JFrog Platform, JFrog Artifactory is the world’s most versatile artifact manager, natively supporting nearly 40 package types. After taking in valuable feedback from the developer community, we’re thrilled to discuss how we’re further expanding our universe with the…
Read More

Popular Tags