Welcome to the JFrog Blog

Latest:

2026: Trust Is the Currency, Platforms Are the Standard, and Vendors Must Justify Their Seat at the Table

January 1, 2026 Shlomi Ben Haim, CEO & Co-founder

11 min read

Listen to a NotebookLM podcast version of the blog: Your browser does not support the audio element. First things first Those who know me know that I don’t publish predictions just because the calendar flips, and for a few years, I’ve avoided posting blogs, forecasts, and year-end summaries. But 2025 was different. Not because of…

Read More

All Blogs

Why Enterprise and Fortune 500 Companies are Leaving Snyk and Checkmarx for JFrog

Why Enterprise and Fortune 500 Companies are Leaving Snyk and Checkmarx for JFrog

December 31, 2025 The JFrog Product Marketing Team | 6 min read

Effectively protecting your software supply chain has reached a critical turning point where the traditional strategy of integrating "best of breed" or point AppSec solutions is no longer sustainable. While tools like Snyk and Checkmarx served a purpose in the era of siloed development and security, today we’re seeing how leading companies are moving away…
Read More
JFrog vs Checkmarx: An AppSec Solution Comparison

JFrog vs Checkmarx: An AppSec Solution Comparison

December 31, 2025 The JFrog Product Marketing Team | 5 min read

Application Security (AppSec) can’t stop at source code. Today’s software is assembled, not written, from open-source packages, containers, binaries, and increasingly - AI models. While traditional AppSec tools like Checkmarx focus primarily on source code scanning, that approach leaves critical security and compliance gaps across the software supply chain. JFrog takes AppSec to the next…
Read More
JFrog vs Snyk: Why Effective AppSec Must Move Beyond Source Code

JFrog vs Snyk: Why Effective AppSec Must Move Beyond Source Code

December 30, 2025 The JFrog Product Marketing Team | 5 min read

The tech world is abuzz with the potential of AI and automated development, but this rapid advance is fueling a massive increase in regulatory scrutiny and supply chain risk. While many teams rely on source code scanning, focusing on code alone leaves a critical "malware blind spot" in the software supply chain. Today’s applications are…
Read More
Docker Hardened Images are Free: Scale Their Adoption with JFrog

Docker Hardened Images are Free: Scale Their Adoption with JFrog

December 29, 2025 Achinoam Katsoff-Sitton, JFrog Product Marketing Manager, DevOps | 4 min read

Securing your Docker containers just got a lot easier. On December 17, Docker announced that their catalog of over 1,000 Docker Hardened Images (DHI)—previously a premium-only feature—is now free and open source. This big change means every developer can now start their Dockerfile with a minimalist, near-zero CVE, SLSA Level 3 compliant foundation. If you’re…
Read More
swampUP Europe 2025 Recap

swampUP Europe 2025 Recap

December 23, 2025 The JFrog Team | 6 min read

The energy was electrifying as the inaugural swampUP Europe 2025 kicked off at the JW Marriott this past November! For three days Berlin became the epicenter of the DevOps, DevSecOps, and MLOps universe, buzzing with a sense of intrigue and excitement. This wasn’t just another tech conference; it was a convergence of innovation and regulation,…
Read More
CVE-2025-55182 and CVE-2025-66478 (“React2Shell”): All you need to know – UPDATED

CVE-2025-55182 and CVE-2025-66478 (“React2Shell”): All you need to know – UPDATED

December 9, 2025 JFrog Security Research Team | 7 min read

IMPORTANT UPDATE:  React2Shell Continues to Attack Cloud Infrastructure  (Dec 9th, 2025) JFrog Security Research continues to track the React2Shell vulnerability. Recent developments include the original POC from the researcher who found this vulnerability. This POC shows the simplicity of exploiting this CVE and reflects the real severity and impact of this CVE. (Dec 12th, 2025)…
Read More
Level Up Your Container Security: Introducing the JFrog Kubelet Credential Provider

Level Up Your Container Security: Introducing the JFrog Kubelet Credential Provider

December 3, 2025 Carmit Hershman, JFrog Senior Software Architect, CTO Office Eldad Assis, JFrog Principal Software Architect, CTO Office Muhammed Shahin, JFrog Senior Software Engineer Robin Duhan, JFrog Software Engineer | 10 min read

Editors Note: the JFrog Kubelet Credential Provider now supports Google Kubernetes Engine (GKE), Azure Kubernetes Service (AKS), and Amazon EKS including projected tokens (KEP-4412 enhancement). This blog is updated to reflect these capabilities. Amazon EKS, GKE, and AKS are fully managed, compliant Kubernetes services that simplify running, managing, and scaling containerized applications. These services automatically…
Read More

Popular Tags