The JFrog Security Research team regularly monitors open source software repositories using advanced automated tools, in order to detect malicious packages. In cases of potential supply chain security threats, our research team reports any malicious packages that were discovered to the repositoryโs maintainers in order to have them removed. This blog provides an analysis of โฆ
Every day, your developers are pushing software. Some of that software will make it to production, but many of those incremental builds will not. While you shouldnโt remove those incremental builds and old release versions haphazardly, if left unchecked, they can clog up your software repositories as well as the workflows and systems they serve. โฆ
Managing and securing the software supply chain is crucial for trusted releases, but as any tech organization knows, it also presents significant challenges. With over 15 years of experience and a dedicated security research team, we at JFrog understand these threats. In a rapidly evolving post-AI world, DevSecOps teams are struggling to keep pace with โฆ
As we turn the page on another chapter at JFrog, we say goodbye to an incredible member of our Board of Directors, Jessica Neal. Over the past five years, Jessica has been a guiding light for our organization, bringing HR insight, innovation, and the true heart of a Frog. During her time with us, Jessica โฆ
In a LinkedIn Live panel discussion hosted by Melissa McKay, Head of Developer Relations at JFrog, thought leaders from NVIDIA, GitHub, and JFrog came together to discuss the transformative power of AI in modern software development. This session delved into three key topics: the integration of AI in the software development lifecycle (SDLC), strategies for โฆ
On March 21st, 2025, the Next.js maintainers announced a new authorization bypass vulnerability โ CVE-2025-29927. This vulnerability can be easily exploited to achieve authorization bypass. In some cases โ exploitation of the vulnerability can also lead to cache poisoning and denial of service. Which versions of Next.js are affected? Next.js 15.x โ from version 15.0.0 โฆ
Overview Conan is a leading software package manager for C/C++ development environments. As an open source multi-platform package manager, it is used to create, manage and share native binaries and their dependencies based on C/C++ code. C/C++ is often the preferred language for developing embedded systems, mobile platforms, and real-time applications due to its low-level โฆ
Update: This issue was discovered and disclosed independently to Keras by JFrogโs research team and Peng Zhou. Machine learning frameworks often rely on serialization and deserialization mechanisms to store and load models. However, improper code isolation and executable components in the models can lead to severe security risks. The structure of the Keras v3 ML Model โฆ
AI/ML development is getting a lot of attention as organizations rush to bring AI services into their business applications. While emerging MLOps practices are designed to make developing AI applications easier, the complexity and fragmentation of available MLOps tools often complicates the work of Data Scientists and ML Engineers, and lessens trust in whatโs being โฆ
Enterprises are racing to integrate AI into applications, yet transitioning from prototype to production remains challenging. Managing ML models efficiently while ensuring security and governance is a critical challenge. JFrogโs integration with NVIDIA NIM addresses these issues by applying enterprise-grade DevSecOps practices to AI development. Before exploring this solution further, letโs examine the core MLOps โฆ
