|
By Grig Duta
Amazon SageMaker accelerates the process of training and deploying machine learning models. However, as AI adoption scales from individual experiments to enterprise-wide production, the focus of leading Fortune 500 software development operations and security teams must shift from pure velocity to governance.
|
By Lavanya Chockalingam
Agents are writing code, suggesting dependencies, and reviewing PRs, without any knowledge about your trusted package sources, security posture, or governance policies. When agents operate without supply chain context, they introduce risk, create rework, and weaken the guardrails DevSecOps teams rely on to ship with confidence. JFrog is changing that.
|
By Segev Sharabi
For many engineering and security teams, NIST SP 800-218 (Secure Software Development Framework, or SSDF) compliance feels like a hurdle that is too difficult to overcome. To meet these and other emerging regulations and be effective in today’s DevSecOps environment, organizations are moving toward codifying these standards into machine-readable rules, also known as Policy as Code (PaC).
|
By Rami Pinku
Picture this: Your security team finishes an AI vendor evaluation. The offering looks ironclad, with content filtering, output guardrails, and a stellar red-teaming report. Everyone leaves the meeting satisfied, and another governance box is checked. Six months later, a production incident hits. An AI agent, powered by a model your team “vetted,” starts executing unauthorized deletions in your CRM.
|
By The JFrog Team
In celebration of International Women’s Month and the 2026 theme, JFrog hosted a virtual fireside chat on March 19, 2026: Women in DevSecOps: Leveraging AI in the Software Delivery Lifecycle.
|
By Paul Garden
Note: This blog was originally published in July 2024 and updated on an annual basis. It was most recently updated in April 2026. Regulatory compliance is a common and critical part of today’s rapidly evolving financial services landscape. One new regulation that EU financial institutions must adhere to is the Digital Operational Resilience Act (DORA), enacted to enhance the operational resilience of digital financial services.
|
By Paul Davis
Proving compliance is a necessity, but in a world of tightening regulations, the path to compliance is currently paved with spreadsheets, screenshots, and manual attestations. We call this the “Audit Tax”, the millions of dollars and thousands of people hours spent not just integrating security, but on proving you are handling security.
|
By Shlomi Ben Haim
Two significant software supply chain cybersecurity attacks, seven days apart, with one hundred and eighty million weekly downloads between them. The chaos from development teams to the boardroom is real. And the pace is only going to get faster. Much, much faster…
|
By Sunny Rao
For years, the conversation around digital transformation in Southeast Asia focused on “getting to the cloud.” Today, that conversation has shifted. Our region is no longer just adopting the cloud; we are leapfrogging traditional development cycles by integrating AI and cloud-native architectures at a staggering pace. However, this acceleration has created a byproduct that many organizations are struggling to contain.
|
By Yuval Fernbach
The LiteLLM supply chain compromise of March 24, 2026, is not an isolated incident. It is the latest and perhaps most dangerous chapter in an evolving attacker playbook that JFrog Security Research has been tracking for years. The target has shifted from developers to the AI agents that developers now rely on to build software.
|
By JFrog
In today's complex business world, staying organized and secure is more important than ever. This video breaks down GRC (Governance, Risk, and Compliance)—an integrated approach that helps organizations manage their goals, threats, and regulatory requirements in one unified way.
|
By JFrog
How do AI models go from a cool idea to a reliable app feature? One answer:. It's the "#DevOps for" that helps teams build, deploy, and monitor models without breaking things.
|
By JFrog
In software, speed is great, but safety is critical. How do you get both? That's the "Sec" in. It’s why has gained popularity: moving from the end of the line to the very beginning. Instead of a final check, it becomes a "shared responsibility" for Dev, Sec, and Ops teams at every stage of software development and delivery.
|
By JFrog
Only secure, verified, compliant software should reach production. Full stop. With increasing pressure on modern development teams to deliver across security and compliance requirements, a fully-secured, attestable pipeline demands complete visibility and control across the entire release lifecycle in a single solution.
|
By JFrog
Only secure, verified, compliant software should reach production. Full stop. With increasing pressure on modern development teams to deliver across security and compliance requirements, a fully-secured, attestable pipeline demands complete visibility and control across the entire release lifecycle in a single solution.
|
By JFrog
How can you ensure your software supply chain is resilient and prepared for the challenges ahead? In this exclusive session, we’ll reflect on key lessons from 2024 and showcase how JFrog is leading the way in securing DevOps pipelines for 2025 and beyond. Join us for an engaging conversation with industry experts as we uncover real-world insights, explore actionable strategies, and demonstrate innovations designed to safeguard your software delivery lifecycle in an evolving threat landscape.
|
By JFrog
DSSE, or Dead Simple Signing Envelope, is a standard JSON format for signing arbitrary data, widely accepted for attesting software supply chain security, particularly for SLSA provenance and attestations verification.
|
By JFrog
Some of the largest financial services organizations in the world - including the top 5 banks in the US - all use JFrog to deliver applications faster, and more securely. Working closely with these top banks, trading and insurance companies has taught us a thing or two about getting DevSecOps right in these highly regulated, complex environments.
|
By JFrog
How can you ensure your software supply chain is resilient and ready for the challenges of tomorrow? In this exclusive session, we delved into the practical lessons of 2024 and showcased how JFrog is leading the charge in securing DevOps pipelines. In this engaging conversation between industry experts, we uncovered real-world insights, explored actionable strategies, and demonstrated innovations that safeguard your software delivery lifecycle.
|
By JFrog
This JFrog webinar, hosted by our Public Sector partner Carahsoft, focused on automating the secure distribution of critical digital artifacts in air-gapped networks. For agencies, ensuring the integrity of these artifacts at the edge is paramount. Real-time access to mission-critical software for warfighters is essential, and timely software updates boost operational readiness and capabilities. Leveraging JFrog's latest tools, this approach significantly enhances operational capabilities for public sector agencies.
|
By JFrog
Cloud DevOps tools offer greater flexibility, rapid deployment, cloud automation, reduced IT costs, and low upfront costs with subscription pricing. Setting up your environment with Artifactory on the cloud on your choice provides unlimited scalability allowing you to grow according to your needs and is easily achieved by using cloud storage providers (Amazon AWS, Google GCP or Microsoft Azure) in your environment with Artifactory.
|
By JFrog
Software businesses of every industry and all sizes, from small startups to large enterprises, are looking for ways to accelerate their software development process in the race to innovate and deliver their offerings to their customers ahead of their competition.
|
By JFrog
Today, we live in a very connected world, where our devices, homes and cars all communicate with each other, and every company with a product or service has the need to develop software. It is one of the primary mediums by which they strive to provide better products, services and solutions, and has become paramount to a company's success. To continuously improve their software, companies must have sound DevOps or DevSecOps practices in place.
|
By JFrog
In today's enterprises, software is your company's everyday face, whether through the desktop, the cloud, or a mobile device, to all parts of the globe. Cars are computers on wheels. Thermostats are data terminals. Banks live in your phone. In this new world, software updates serve customer's demands. Each one you deliver is your opportunity to renew - or, if botched, destroy - their trust. How can you make every update top-notch at top speed?
|
By JFrog
Over the last several years, software development has evolved from deploying products periodically to building them on an ongoing basis using CI servers. A company's end product may be built on a daily or even hourly basis. This means that DevOps must support the continual flow of code from the individual developer's machine to the organization's production environment.
|
By JFrog
Two numbers are shaking the foundations of business. What do these two figures mean to your business? They mean that, odds are your competitive landscape is irrevocably changed - already. To start, expectations for delivery speed for new products, services, and everything are faster. The new table stakes in the DevOps world have raised the bar on collaboration, cross-organizational visibility, efficiency, even company culture. Another thing these two simple stats mean is that most businesses are already there, or heading there now.
- April 2026 (8)
- March 2026 (12)
- February 2026 (9)
- January 2026 (4)
- December 2025 (6)
- November 2025 (4)
- October 2025 (10)
- September 2025 (12)
- August 2025 (3)
- July 2025 (5)
- May 2025 (1)
- April 2025 (3)
- March 2025 (4)
- February 2025 (3)
- January 2025 (4)
- December 2024 (2)
- November 2024 (4)
- October 2024 (5)
- September 2024 (5)
- August 2024 (6)
- July 2024 (3)
- June 2024 (2)
- May 2024 (8)
- April 2024 (2)
- March 2024 (4)
- February 2024 (5)
- January 2024 (9)
- December 2023 (10)
- November 2023 (7)
- October 2023 (5)
- September 2023 (12)
- August 2023 (5)
- July 2023 (3)
- June 2023 (6)
- May 2023 (5)
- April 2023 (6)
- March 2023 (6)
- February 2023 (5)
- January 2023 (2)
- December 2022 (3)
- November 2022 (8)
- October 2022 (9)
- September 2022 (6)
- August 2022 (11)
- July 2022 (4)
- June 2022 (8)
- May 2022 (15)
- April 2022 (7)
- March 2022 (9)
- February 2022 (10)
- January 2022 (3)
- December 2021 (17)
- November 2021 (3)
- October 2021 (6)
- September 2021 (7)
- August 2021 (4)
- July 2021 (5)
- June 2021 (8)
- May 2021 (4)
- April 2021 (1)
- March 2021 (2)
- February 2021 (5)
- December 2020 (2)
- November 2020 (1)
- October 2020 (4)
- September 2020 (1)
- July 2020 (4)
- June 2020 (1)
- May 2020 (4)
- April 2020 (4)
- March 2020 (1)
- February 2020 (2)
- January 2020 (6)
- December 2019 (2)
- November 2019 (2)
JFrog products seamlessly integrate with practically any development environment on Earth, from legacy code to the most recent containers and micro-services.
JFrog's end-to-end platform provides a fully automated pipeline for distributing trusted software releases. Connecting all developers, DevOps engineers and product owners to end devices, the JFrog Platform ensures software flows quickly and free from interruption.
End-to-End Universal DevOps Platform:
- JFrog Artifactory: The undisputed software repository leader for integrated, universal artifact management at enterprise scale.
- JFrog Container Registry: The world’s most flexible, hybrid container registry, with enterprise-grade resiliency backed by JFrog Artifactory.
- JFrog XRay: Universal security vulnerability & compliance analysis, natively integrated with Artifactory for continuous governance across the DevOps pipeline.
- JFrog Pipelines: Universally orchestrate software releases and master the entire CI/CD pipeline from code to production.
- JFrog Distribution: Secure and validate your software releases, allowing trusted, optimized software distribution on a global scale.
- JFrog Mission Control: A single access point providing a centralized dashboard to oversee your DevOps pipeline.
Universal Artifact Management for DevOps Acceleration.