Welcome to the JFrog Blog

Latest:

JFrog swampUP 2025: News and Updates Live From the Show Floor

September 9, 2025 The JFrog Team

30 min read

Live updates from this event have concluded. JFrog’s annual user conference, swampUP 2025, is the ultimate gathering of the brightest minds in DevOps, DevSecOps, and MLOps where they exchange ideas, insights and practical strategies for navigating this transformation while amplifying trust, traceability, and transparency in the era of intelligent software. Here are live keynote updates…

Read More

All Blogs

JFrog and GitHub: Next-Level DevSecOps

JFrog and GitHub: Next-Level DevSecOps

September 10, 2025 Paul Garden, JFrog Partner and Industry Solutions | 6 min read

Most DevSecOps pipelines have a gap: source code security and binary security are handled in separate silos. This creates blind spots, slows teams down, and increases risk. At swampUP 2025, we’re unveiling the next evolution of the JFrog and GitHub integration, a deeply integrated DevSecOps experience that unifies best-of-breed code and binary platforms. With JFrog…
Read More
Stop the Chaos: How to Centralize, Secure, and Control Developer Extensions

Stop the Chaos: How to Centralize, Secure, and Control Developer Extensions

September 10, 2025 Achinoam Katsoff-Sitton, JFrog Product Marketing Manager, DevOps | 4 min read

Picture this: A new developer joins your team, excited to start contributing. On day one, they spend hours installing and configuring their IDE, searching for the "right" extensions. Their setup ends up being completely different from everyone else's. Sound familiar? Worse yet, what if that "productivity-boosting" extension or new MCP server they just installed also…
Read More
Announcing JFrog AppTrust: Building Unshakeable Trust in Every Application You Deliver

Announcing JFrog AppTrust: Building Unshakeable Trust in Every Application You Deliver

September 9, 2025 Eyal Dyment, JFrog VP Security | 7 min read

The pressure to deliver applications quickly has created a complex software supply chain that is vulnerable to more  threats than ever before. New regulations are shifting the liability to software developers, demanding auditable proof of security across the entire product lifecycle. Caught between velocity and complexity, the critical question is this: Can you truly vouch…
Read More
Agentic Software Supply Chain Security: AI-Assisted Curation and Remediation

Agentic Software Supply Chain Security: AI-Assisted Curation and Remediation

September 9, 2025 Paul Garden, JFrog Partner and Industry Solutions | 7 min read

Software supply chains are the #1 attack vector for cybercriminals, and the challenge isn’t just finding vulnerabilities; it’s fixing them fast while ensuring security, compliance, and developer productivity. As supply chains grow in complexity, traditional tools aren’t enough; organizations need intelligent, autonomous assistance embedded directly into developer workflows. We are pleased to announce that JFrog…
Read More
Using JFrog to Align Your Systems for ISO 27001 Compliance

Using JFrog to Align Your Systems for ISO 27001 Compliance

August 28, 2025 Paul Davis, Field CISO | 8 min read

ISO/IEC 27001 is an information security standard that is quickly becoming a must-have for any organization that handles proprietary customer data. ISO 27001 certification is now often a requirement to do business, particularly for IT and SaaS organizations - JFrog included! In this blog, you’ll learn more about ISO 27001, how to get certified, and…
Read More
New Invisible Attack Creates Parallel Poisoned Web Only for AI Agents

New Invisible Attack Creates Parallel Poisoned Web Only for AI Agents

September 4, 2025 Shaked Zychlinski, JFrog AI Architect | 7 min read

AI agents are rapidly evolving from simple text generators into powerful autonomous assistants that can browse the web, book travel, and extract complex data on our behalf. This new "agentic" AI, which operates in a "sense-plan-act" loop, promises to revolutionize how we interact with the digital world. But as we grant these agents more autonomy…
Read More
8 Malicious npm Packages Deliver Multi-Layered Chrome Browser Information Stealer

8 Malicious npm Packages Deliver Multi-Layered Chrome Browser Information Stealer

August 27, 2025 Guy Korolevski, JFrog Security Researcher | 7 min read

Open-source software repositories have become one of the main entry points for attackers as part of supply chain attacks, with growing waves using typosquatting and masquerading, pretending to be legitimate. The JFrog Security Research team regularly monitors open-source software repositories using advanced automated tools, in order to detect malicious packages. In cases of potential software…
Read More
Confessions of a CISO: I Have Trust Issues

Confessions of a CISO: I Have Trust Issues

September 3, 2025 Paul Davis, Field CISO | 12 min read

The speed of software development today is driven by fierce competition and the constant demand for innovation. Organizations are launching software faster than ever to keep up with the market and drive growth. This need for speed has led to several key trends: Greater Accountability Demanded of Developers: Developer productivity is no longer only measured…
Read More
Still Trusting Automated Patches Blindly? Think Again

Still Trusting Automated Patches Blindly? Think Again

July 23, 2025 Yonatan Arbel, JFrog Developer Advocate | 4 min read

The Breach: A High-Impact Compromise JounQin’s npm account, the maintainer of popular packages such as eslint-config-prettier, was compromised in a phishing attack. The attackers used the breached credentials to publish six malicious versions of eslint-config-prettier, along with three additional infected packages tied to the same account. In total, the compromised packages see roughly 78 million…
Read More

Popular Tags