Key Takeaways from Frogward Innovation Days in India

At JFrog India, we recently wrapped up Frogward Innovation Days—a week-long celebration in Bangalore where internal teams from engineering, IT, marketing, sales ops, and support came together to collaborate, experiment, and solve real-world challenges. Before diving into the highlights, it’s worth sharing what makes Frogward Innovation Days unique. This isn’t just a week of fun …

The AI/ML Regulatory Landscape and How to Stay Ahead

The entire world of technology is abuzz about AI/ML. It’s arguably the most disruptive technology to society since the smartphone. In fact, Gartner estimates that the number of companies using open-source AI directly will increase tenfold by 2027. While this rapid advance is fueling quantum leaps in innovation, it also ignites increasing scrutiny from regulatory …

JFrog and GitHub: Next-Level DevSecOps

Most DevSecOps pipelines have a gap: source code security and binary security are handled in separate silos. This creates blind spots, slows teams down, and increases risk. At swampUP 2025, we’re unveiling the next evolution of the JFrog and GitHub integration, a deeply integrated DevSecOps experience that unifies best-of-breed code and binary platforms. With JFrog …

Stop the Chaos: How to Centralize, Secure, and Control Developer Extensions

Picture this: A new developer joins your team, excited to start contributing. On day one, they spend hours installing and configuring their IDE, searching for the “right” extensions. Their setup ends up being completely different from everyone else’s. Sound familiar? Worse yet, what if that “productivity-boosting” extension or new MCP server they just installed also …

Agentic Software Supply Chain Security: AI-Assisted Curation and Remediation

Software supply chains are the #1 attack vector for cybercriminals, and the challenge isn’t just finding vulnerabilities; it’s fixing them fast while ensuring security, compliance, and developer productivity. As supply chains grow in complexity, traditional tools aren’t enough; organizations need intelligent, autonomous assistance embedded directly into developer workflows. We are pleased to announce that JFrog …

How to Optimize DevSecOps Workflows Using JFrog

Embedding security within the Software Development Life Cycle (SDLC) is no longer just a best practice; it’s a full-on necessity. DevSecOps extends the DevOps model by making security a shared responsibility from the earliest stages of development. Today’s enterprises require this kind of integrated approach to streamline workflows from development to deployment. The JFrog Platform …

The State of the Software Supply Chain 2025

Managing and securing the software supply chain is crucial for trusted releases, but as any tech organization knows, it also presents significant challenges. With over 15 years of experience and a dedicated security research team, we at JFrog understand these threats. In a rapidly evolving post-AI world, DevSecOps teams are struggling to keep pace with …

JFrog-and-Hugging-Face-join-forces_Thumbnail

JFrog and Hugging Face Join Forces to Expose Malicious ML Models

ML operations, data scientists, and developers currently face critical security challenges on multiple fronts. First, staying up to date with evolving attack techniques requires constant vigilance and security know-how, which can only be achieved by a dedicated security team. Second, existing ML model scanning engines suffer from a staggering rate of false positives. When a …

Curl and libcurl - Blog_Thumbnail

CVE-2024-6197 Curl and Libcurl: Use-after-Free on the Stack

On July 24th 2024, Curl maintainers announced a new stack buffer Use After Free (UAF) vulnerability – CVE-2024-6197. This type of vulnerability is very uncommon since UAF issues usually occur on the heap and not on the stack. While the vulnerability can be easily exploited for causing denial of service, in this blog we will …

Wget-0-Day-203x148_1.png

CVE-2024-10524 Wget Zero Day Vulnerability

While researching CVE-2024-38428 in GNU’s Wget, our team found a new 0-day vulnerability. The vulnerability, later assigned CVE-2024-10524, may lead to various types of attacks – including phishing, SSRF, and MiTM. These attacks can have severe consequences such as resource restriction bypass and sensitive information exposure. Upon discovering this vulnerability, our team responsibly disclosed it …