As the software development lifecycle continues to evolve, the rise of AI is introducing both unprecedented productivity and unprecedented risk. In a recent webinar hosted by JFrog, Jens Eckels sat down with Forrester Senior Analyst Janet Worthington to discuss the state of application security (AppSec), the explosive growth of agentic software development, and why consolidating …
For today’s leading enterprise computing environments, the concept of “centralized headquarters” is a relic. Today, R&D happens on different continents, spanning cloud, on-prem and hybrid environments, while stretching across multiple regulatory jurisdictions. But here is the hard truth: Most global organizations are still managing their binaries using legacy mirroring or “blind” infrastructure-level syncing. They treat …
Imagine your lead Software Engineer walks into your office and says, “Good news! I just deployed that critical update to production. I wrote the code on my personal laptop, didn’t run it through CI/CD, skipped the security scan, and just copied the files directly to the server with a USB drive.” You would fire them. …
Recent incidents have proven that Continuous Integration (CI) workflows are the new battleground for software supply chain attacks. Security Pitfalls in GitHub Actions workflows, such as the unsanitized use of pull request (PR) data, can allow attackers to execute malicious code during CI runs with devastating consequences. For example, the high-profile “S1ngularity” attack on the …
AI is creating an overwhelming surge of digital artifacts and software components. The key to success is learning how to ride, secure, govern, and manage that wave – rather than being overwhelmed by it. This weekend, I asked my team to watch Chasing Mavericks. Jay Moriarity (not J-Frog, but stay with me) was one of …
Originally published February 2025 and updated March 2026. The Network and Information Systems Directive 2 (NIS2) is the European Union’s effort to fortify cybersecurity across critical industries and services. Building on the original NIS Directive, NIS2 has broadened its scope, introduced stricter requirements, and placed greater emphasis on supply chain security. As we move further …
We’re excited to announce that JFrog has officially earned the Microsoft Solutions Partner with certified software designation for Azure. This status is granted to partners who complete a technical review audit for interoperability with Microsoft products and demonstrate a consistent track record of customer success. For our customers, this means the JFrog Software Supply Chain …
The race to adopt AI agents has created a massive, unmonitored blind spot in the enterprise software supply chain. At the heart of this revolution is the Model Context Protocol (MCP) – an open connectivity standard designed to move AI models (LLMs) out of their passive “chat box” and give them direct active access to …
The “works on my machine” era is officially over. Nix is changing the way we think about software by treating packages as functional, immutable values, ensuring that a build works exactly the same way every time, on every machine. But while Nix excels on a local laptop, scaling that level of reproducibility across a global …
Software delivery is no longer a back-office function; it’s the heartbeat of the modern enterprise. While a 99.9% uptime SLA for essential software delivery services works for many, the acceleration of software velocity has made the “three-nines” benchmark a possible liability. For high performing software organizations, and those delivering critical services, nine hours of annual …
