Driven by a “Liquid Software” vision, the JFrog Software Supply Chain Platform powers organizations to build, manage, and distribute software quickly & securely
Your npm packages are governed. Your PyPI packages are governed.
The prompts, skills, and MCP configs shaping your AI agents? Probably not.
APM + JFrog Artifactory brings the same package management discipline to AI agent primitives.
One apm.yml. One trusted registry. Every dev on the same page.
Full breakdown from JFrog’s own Yonatan Arbel and Daniel Meppiel, Software Global Black Belt at @Microsoft: https://t.co/t1DAV1OvW4
🚨 The Miasma worm has returned to npm! Four AsyncAPI packages were recently compromised to deliver the new Miasma v3 variant.
Read our full technical analysis:
https://t.co/hc106t5hTA
LAST CHANCE to secure your #swampUP 2026 sponsor opportunity in New York (Sept. 1–3): https://t.co/qvbL5qgBr8
With #swampUP bringing together the community at the center of software delivery innovation, don't miss your chance to get your brand in front of the engineering, #security, #AI, and platform leaders actively mastering the AI surge.
Spots are going fast, so claim yours now. 🐸
#DevGovOps #DevSecOps #DevOps
JFrog CEO @ShlomiBenHaim joined @Bloomberg Tech Disruptors' Mandeep Singh to talk about what keeps him up at night: coding agents and #SoftwareSupplyChain risk.
🎧 Listen here: https://t.co/OUIEoLMTX9
The pair discusses the impact of #LLM coding agents, the challenges of keeping up with model guardrails, and why software supply chain security and governance are top of mind for modern enterprises.
"The question isn't whether you'll use AI agents, it's how you'll build trust in their use by securing and governing them." - Shlomi Ben Haim, JFrog Co-founder and CEO
#AIGovernance #DevSecOps #DevGovOps
⚠️ Students visiting "Riverbend Tutoring" to bypass school Wi-Fi and play games didn't realize their browsers were being conscripted into a DDoS botnet.
We deobfuscated a massive campaign of 150+ npm packages (under names like charlie-kirk and ilovefemboys) acting as a free CDN for malicious student web proxies.
Our deep-dive recovered active payloads: a mutable remote loader and a custom Wisp-protocol WebSocket generator that attacked a nursing school's website at 2MB/s per visitor.
How the Lucide campaign weaponized student proxies:
https://t.co/RZy3ZQHCBy
🚨 LAST CHANCE to apply: Submissions for the Software Supply Chain Excellence Awards 2026 close this Friday, July 17th!
You only have a few days left to apply and secure your place in the League of FrogStars: https://t.co/WCi95shgbK
Whether you’ve unified #DevSecOps workflows, scaled model governance, or built an iron-clad defense, we want to hand your team an engraved Golden Frog on the #swampUP stage.
Take a leap today before the window closes!
#Frogstars #SSCEAwards
🚨 IronWorm returns! Shai-Hulud's rustier cousin has struck again, and it’s more sophisticated than ever. 🐛
An evolved variant of the infostealer has been discovered hiding in compromised versions of the popular jscrambler npm package (15k weekly downloads).
Read the full technical deep dive from the JFrog Security Research team: https://t.co/xCgDXk3wbL
I'm back from Berlin!
On July 28, I’ll join Mark Whitby for a live @jfrog webinar on securing DevOps pipelines from risky AI agents and malicious dependencies.
We’ll demo real attacks and how to stop them before they ship.
📅July 28, 10 AM CEST
🔗Link below
Let’s crush it!
The JFrog Software Supply Chain Platform is now available on Canada's SLSA Catalogue through DCI, Data Centre Intelligence Inc. 🇨🇦
As federal departments face new #SBOM, #AI governance, and automated decision-making requirements, JFrog gives them a trusted system of record for every binary, from dev to production.
Learn more: https://t.co/GV3w2qAzzD
#SoftwareSupplyChain #DevSecOps #Cybersecurity
Fragmented security tools leave gaps. Source code scanners that miss binaries. A binary repo that doesn't talk to your security dashboard. Runtime with no connection to either.
JFrog and GitHub closed that gap, and on July 15th we're showing you exactly how: https://t.co/CPqThO1Rdv
Join Yonatan Arbel (JFrog) and Dave Burnison (@GitHub) for a live walkthrough of the full integration: unified security dashboard, agentic remediation with GitHub Copilot, holistic SBOMs, Curation, runtime security, and more.
No slides-only. A real workflow and live demo. Then we open it up for YOU to ask us anything — the integration, architecture, roadmap, deployment, competitive comparisons.
Nothing is off limits!
#DevSecOps #GitHub #AppSec #softwaresecurity
Your AI agent just pulled a malicious package, but nobody checked.
As #AI takes over more dependency decisions, this is the new attack surface that most teams aren't watching.
DevOps Engineer Francesco Ciulla and JFrog's Mark Whitby will demo a live exploit on July 28th: a real app, real AI agents, real packages trying to slip through and how to stop them.
Register today: https://t.co/VYNA3QpWkg
#DevSecOps #SoftwareSupplyChain #DevOps
In a regulated industry, slow pipelines are not just frustrating. They are a competitive liability.
The new @IDC white paper, sponsored by JFrog, features a customer case study of a global financial services firm operating across 40+ countries with 25,000 developers. They transformed a multi-week open source onboarding process into minutes, without sacrificing compliance or security.
The result? Improved DORA metrics, reduced tool sprawl, and development velocity that scales without growing headcount.
📄 Download now: https://t.co/bdIAYWGyUg
#DevSecOps #PlatformEngineering #DeveloperProductivity #IDC
Got a question about the JFrog + GitHub integration? Ask it live.
We're hosting an AMA with @GitHub on July 15. Join us for a live demo, real workflows, then open Q&A.
Architecture, roadmap, deployment — nothing off limits.
🔗 Register today: https://t.co/CPqThO1Rdv
#DevSecOps #AppSec
🚀 Boost by JFrog is in public preview: https://t.co/SUYqcEYwrs
Your coding agents are burning through tokens on noise they never needed in the first place.
Build logs. Test output. CLI chatter. Read once, thrown away, and charged at full price. The vast majority of what most teams pay for in input context falls into that category.
So we built #JFrogBoost.
A free CLI tool that filters out that noise before it ever reaches the agent. We rolled it out across 1,000+ engineers at JFrog and saved more than 100 billion tokens, while making our agents faster and more accurate in the process.
Lower costs. Faster agents. No trade-offs.
Now we're sharing it with the broader community.
⚡️Single-command install (no sign-up required)
🤖 Works with Cursor, Claude Code, Codex, and other coding agents
🔄 No workflow changes required
If your team is feeling the weight of #AI token costs, this was built for you.
Try it here for free!
#GenAI #DevOps #LLM #AIEngineering #CostOptimization #AIOps
🤔Need a little convincing about why you should attend #swampUP Europe 2026?
Get a taste of the incredible energy from swampUP 2025 in Berlin, and get ready to save your seat in Barcelona today: https://t.co/GNu6gmKcal
Last year in Berlin, 300+ of #DevOps, #DevSecOps, #AI and #security professionals came together for two days of real talks, real demos, and real conversations at swampUP Europe.
💡There were keynotes that actually challenged how you think about #SoftwareSupplyChain security and breakout sessions packed with practitioners, not just vendors. Every room was filled with changemakers.
Get ready to master the AI surge by grabbing your #swampUP ticket today!
You wouldn't hand the keys to your production environment to an unauthorized user, so why give them to an autonomous #AI agent?
Relying on non-deterministic LLMs to enforce access boundaries is a massive risk. To protect your pipeline, you must shift to deterministic controls, downscoped tokens, and composite identities.
Check out our 8-point IAM checklist to secure your AI workflows: https://t.co/PN0zmwKNBX
#IAM #DevSecOps #AppSec #SoftwareSupplyChain
#AI is finding vulnerabilities faster than most teams can patch them.
JFrog is joining @IBM and @RedHat's Lightwell ecosystem to change that.
The JFrog Platform lets organizations catalog, ingest, and deploy Lightwell's secure open-source packages directly into existing pipelines with no code changes, no manual remediation, and no disruption.
"We're thrilled to partner with IBM and Red Hat on Lightwell as we help companies identify and remediate issues, then operationalize open-source patching at scale. As the definitive system of record and trust layer, JFrog delivers the automated controls needed to ensure real protection keeps pace with AI-accelerated threats." — Gal Marder, CSO, JFrog
Full announcement: https://t.co/eW845dwjbs
#SoftwareSupplyChain #OpenSourceSecurity #DevSecOps #DevGovOps
With great #SoftwareSupplyChains comes great responsibility. 🕸️
The Legacy Award isn't about what you built for your company, but it's about what you built for the world.
Open source contributions, environmental impact, or securing critical infrastructure.
Show us how you use your power for the greater good. Apply today: https://t.co/WCi95shgbK.
#Frogstars #SSCEAwards
Three weeks ago, we announced Athena, the industry coalition to protect open source software from AI attacks.
Here’s where Athena stands today:
• 40,000+ vulnerabilities processed, doubled since launch
• 42% are critical- or high-severity
• 86% are network reachable, meaning attackers can trigger them remotely
• ~7% sit in packages more than five years old
Frontier models are finding these vulnerabilities faster than any single team can respond. No one company can solve this alone. Today, we’re welcoming new members to the coalition: @Akamai, @BlackDuck_SW, @CycodeHQ, @jfrog, @MorganStanley, @qualys, @upwindsecurity, and @Zafran_io.
More organizations mean more findings pooled and de-duplicated, which means fewer unique flaws left for an attacker to find first. It means more protection for the critical infrastructure we all rely on.
Learn more: https://t.co/0zqbQ0badu
We recently hosted Beyond Tokens, a builders night focused on faster agents, cleaner context, and secure AI infrastructure.
Three teams took the stage, each solving a real bottleneck in agentic workflows:
💡 JFrog Fly keeps agents aligned by persisting decision records, catching bad code changes before a single line is written
📉 JFrog Boost cuts token waste, running the same bug-fix task 36% cheaper by filtering noise from the context window
🔒 NanoClaw secures agent actions by blocking vulnerable npm packages outside the runtime so the AI can't route around them
The next wave of agentic development isn't about smarter models. It's about building the foundation that lets them do more on their own.
Catch the full recaps and session videos here 👉🏽 https://t.co/E9wbFMRuDS