Welcome to the JFrog Blog

Latest:

9 New Innovations. One Trust Layer.

March 18, 2026 The JFrog Team

11 min read

The software supply chain is no longer just about shipping code, it is about managing intelligence and risk. As DevOps, DevSecOps, DevGovOps and AI/ML practices converge into a single AI-driven and increasingly agentic delivery pipeline, the demands on development and security teams have reached a new level. The platform that once managed packages and artifacts…

Read More

All Blogs

From Agentic Risk to Agentic Confidence: The JFrog MCP Registry is GA

From Agentic Risk to Agentic Confidence: The JFrog MCP Registry is GA

March 18, 2026 Ran Romano, JFrog VP of P&E | 6 min read

In an AI-native world where Model Context Protocol (MCP) is the universal standard for AI connectivity, the security and governance stakes have never been higher. AI’s ability to take autonomous action through MCPs means that a single breach of an MCP server can grant attackers control over mission-critical enterprise systems, putting enterprises in an immediate…
Read More
Survive the AI Code Blizzard: Introducing Snippet Detection

Survive the AI Code Blizzard: Introducing Snippet Detection

March 18, 2026 Dafna Zahger Bernanka, JFrog Director of Product Marketing, Security | 4 min read

In 2026, software development speed is an AI-solved problem. Yet, as AI-generated code volumes surge, organizations face a new kind of risk visibility gap. Developers are increasingly copying third-party snippets into their codebases—from both AI prompts and open-source software components—creating large security and compliance blind spots that lead to significant risks. While proven software composition…
Read More
Agent Skills are the New Packages of AI: It’s Time to Manage Them Securely

Agent Skills are the New Packages of AI: It’s Time to Manage Them Securely

March 16, 2026 Yonatan Arbel, JFrog Developer Advocacy Lead | 10 min read

Let’s talk about agent skills. As the AI agent ecosystem matures, we’re seeing a major shift in how users equip agents to run automated workflows. While robust protocols such as MCP exist to handle complex system integrations and authentication, skills have emerged as the go-to, low-friction way to shape an agent’s day-to-day behavior. Skills are…
Read More
The Dependency Dilemma: Balancing Innovation Speed with Supply Chain Resilience

The Dependency Dilemma: Balancing Innovation Speed with Supply Chain Resilience

March 11, 2026 Guest IDC Blogger: Katie Norton, Research Manager - DevSecOps and Software Supply Chain Security | 6 min read

Sponsored by JFrog ~  Development teams are shipping faster than ever. Generative AI coding assistants, early agentic workflows, and increasingly modular architectures have compressed the distance between concept and deployment. AI-enabled innovation has become an executive mandate, and teams are expected to deliver at speed without sacrificing security or compliance. At the same time, modern…
Read More
Webinar Recap: The Context Engine – Why Consolidation is the Natural Future of AppSec

Webinar Recap: The Context Engine – Why Consolidation is the Natural Future of AppSec

March 11, 2026 The JFrog Team | 9 min read

As the software development lifecycle continues to evolve, the rise of AI is introducing both unprecedented productivity and unprecedented risk. In a recent webinar hosted by JFrog, Jens Eckels sat down with Forrester Senior Analyst Janet Worthington to discuss the state of application security (AppSec), the explosive growth of agentic software development, and why consolidating…
Read More
Beyond Mirroring: 5 Reasons Your DevOps Strategy Depends on Repository Federation

Beyond Mirroring: 5 Reasons Your DevOps Strategy Depends on Repository Federation

March 10, 2026 Achinoam Katsoff-Sitton, JFrog Product Marketing Manager, DevOps | 5 min read

For today’s leading enterprise computing environments, the concept of  "centralized headquarters" is a relic. Today, R&D happens on different continents, spanning cloud, on-prem and hybrid environments, while stretching across multiple regulatory jurisdictions. But here is the hard truth: Most global organizations are still managing their binaries using legacy mirroring or "blind" infrastructure-level syncing. They treat…
Read More
How JFrog’s AI-Research Bot Found OSS CI/CD Vulnerabilities to Prevent Shai Hulud 3.0

How JFrog’s AI-Research Bot Found OSS CI/CD Vulnerabilities to Prevent Shai Hulud 3.0

March 5, 2026 Barak Haryati, JFrog Senior Director of Product Security | 18 min read

Recent incidents have proven that Continuous Integration (CI) workflows are the new battleground for software supply chain attacks. Security Pitfalls in GitHub Actions workflows, such as the unsanitized use of pull request (PR) data, can allow attackers to execute malicious code during CI runs with devastating consequences. For example, the high-profile "S1ngularity" attack on the…
Read More
NIS2 Compliance in 2026: Compliance Doesn’t Have to Mean Complexity

NIS2 Compliance in 2026: Compliance Doesn’t Have to Mean Complexity

March 2, 2026 Danny Parizada, JFrog Senior Solution Engineer | 7 min read

Originally published February 2025 and updated March 2026. The Network and Information Systems Directive 2 (NIS2) is the European Union’s effort to fortify cybersecurity across critical industries and services. Building on the original NIS Directive, NIS2 has broadened its scope, introduced stricter requirements, and placed greater emphasis on supply chain security. As we move further…
Read More

Popular Tags