Welcome to the JFrog Blog

Latest:

AI Models Won’t Pick Sides in the Security War. Governance and Policy Will.

April 3, 2026 Shlomi Ben Haim, CEO & Co-founder, JFrog

7 min read

Two significant software supply chain cybersecurity attacks, seven days apart, with one hundred and eighty million weekly downloads between them. The chaos from development teams to the boardroom is real. And the pace is only going to get faster. Much, much faster... On March 24, the LiteLLM Python package, the proxy through which millions of…

Read More

All Blogs

Governance That Ships: Embedding Policy as Code Into Your System of Record

Governance That Ships: Embedding Policy as Code Into Your System of Record

April 3, 2026 Paul Davis, Field CISO Roy Goldenberg, JFrog Product Marketing Manager | 6 min read

Proving compliance is a necessity, but in a world of tightening regulations, the path to compliance is currently paved with spreadsheets, screenshots, and manual attestations. We call this the "Audit Tax", the millions of dollars and thousands of people hours spent not just integrating security, but on proving you are handling security. With the advent…
Read More
Stop Policies From Breaking Your Builds

Stop Policies From Breaking Your Builds

March 25, 2026 Jacqueline Basil, JFrog Product Marketing Manager, Security Manish Mehra, JFrog Product Manager | 4 min read

Security policies exist to protect your software supply chain. So why do they keep breaking your builds? This is the unspoken frustration inside most DevOps and security teams today. Supply chain attacks drove 30% of external breaches in 2025 . So your security team did the right thing. They added policies to flag packages that…
Read More
9 New Innovations. One Trust Layer.

9 New Innovations. One Trust Layer.

March 18, 2026 The JFrog Team | 11 min read

The software supply chain is no longer just about shipping code, it is about managing intelligence and risk. As DevOps, DevSecOps, DevGovOps and AI/ML practices converge into a single AI-driven and increasingly agentic delivery pipeline, the demands on development and security teams have reached a new level. The platform that once managed packages and artifacts…
Read More
Survive the AI Code Blizzard: Introducing Snippet Detection

Survive the AI Code Blizzard: Introducing Snippet Detection

March 18, 2026 Dafna Zahger Bernanka, JFrog Director of Product Marketing, Security | 4 min read

In 2026, software development speed is an AI-solved problem. Yet, as AI-generated code volumes surge, organizations face a new kind of risk visibility gap. Developers are increasingly copying third-party snippets into their codebases—from both AI prompts and open-source software components—creating large security and compliance blind spots that lead to significant risks. While proven software composition…
Read More
The Dependency Dilemma: Balancing Innovation Speed with Supply Chain Resilience

The Dependency Dilemma: Balancing Innovation Speed with Supply Chain Resilience

March 11, 2026 Guest IDC Blogger: Katie Norton, Research Manager - DevSecOps and Software Supply Chain Security | 6 min read

Sponsored by JFrog ~  Development teams are shipping faster than ever. Generative AI coding assistants, early agentic workflows, and increasingly modular architectures have compressed the distance between concept and deployment. AI-enabled innovation has become an executive mandate, and teams are expected to deliver at speed without sacrificing security or compliance. At the same time, modern…
Read More
Webinar Recap: The Context Engine – Why Consolidation is the Natural Future of AppSec

Webinar Recap: The Context Engine – Why Consolidation is the Natural Future of AppSec

March 11, 2026 The JFrog Team | 9 min read

As the software development lifecycle continues to evolve, the rise of AI is introducing both unprecedented productivity and unprecedented risk. In a recent webinar hosted by JFrog, Jens Eckels sat down with Forrester Senior Analyst Janet Worthington to discuss the state of application security (AppSec), the explosive growth of agentic software development, and why consolidating…
Read More
How JFrog’s AI-Research Bot Found OSS CI/CD Vulnerabilities to Prevent Shai Hulud 3.0

How JFrog’s AI-Research Bot Found OSS CI/CD Vulnerabilities to Prevent Shai Hulud 3.0

March 5, 2026 Barak Haryati, JFrog Senior Director of Product Security | 18 min read

Recent incidents have proven that Continuous Integration (CI) workflows are the new battleground for software supply chain attacks. Security Pitfalls in GitHub Actions workflows, such as the unsanitized use of pull request (PR) data, can allow attackers to execute malicious code during CI runs with devastating consequences. For example, the high-profile "S1ngularity" attack on the…
Read More

Popular Tags