Welcome to the JFrog Blog

Image

Latest:

JFrog Named a Leader in the Inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security

June 18, 2026 The JFrog Team

5 min read

The recognition is new; the commitment behind it isn't. It's official. Gartner just published the very first Gartner® Magic Quadrant™ for Software Supply Chain Security, and JFrog has been recognized as a Leader, placing highest for Ability to Execute among all the vendors included. For an inaugural report in a category this important, that placement…

Read More

All Blogs

Native Xet Protocol Support in JFrog Artifactory: How Enterprise Model Management Actually Works

Native Xet Protocol Support in JFrog Artifactory: How Enterprise Model Management Actually Works

June 24, 2026 Zohar Sacks, JFrog Senior Director of Product Tom Arie, JFrog Product Manager | 10 min read

Machine learning models are not like other software artifacts. A single fine-tuned LLM can weigh 70 GB. A model family may share 95% of its weights across dozens of variants. When hundreds of developers, training jobs, and GPU clusters all need the same model at the same time, the infrastructure underneath needs to be built…
Read More
Why Uniform Governance Fails with Enterprise AI Agents (And How to Fix It)

Why Uniform Governance Fails with Enterprise AI Agents (And How to Fix It)

June 24, 2026 Rami Pinku, Senior Product Manager, JFrog ML | 12 min read

As organizations aggressively shift from static Large Language Model (LLM) chatbots to fully dynamic, autonomous AI agents (e.g. systems designed to plan workflows, call APIs, write runtime code, and modify enterprise databases), traditional compliance and governance frameworks are hitting a breaking point. A landmark press release from Gartner highlights a critical systemic risk: treating AI…
Read More
How JFrog and NanoClaw are Bringing Software Supply Chain Security to the Age of Autonomous AI

How JFrog and NanoClaw are Bringing Software Supply Chain Security to the Age of Autonomous AI

June 24, 2026 Gal Marder, JFrog Chief Strategy Officer | 5 min read

There's a category of security risk that most organizations aren't ready for. It doesn't live in your code repository, your CI pipeline, or your developer laptops. It lives in your runtime, in the autonomous AI agents already running in your environment, extending their own capabilities, and making decisions that no human explicitly approved. This is…
Read More
Stop Treating Coding Agent Plugins Like Settings: Introducing Agent Plugins Repositories

Stop Treating Coding Agent Plugins Like Settings: Introducing Agent Plugins Repositories

June 23, 2026 Adam Browning, Senior Product Manager | 6 min read

Your developers install agent plugins every day: pulling from unmanaged GitHub repos, copying Cursor commands out of Slack, pointing Codex at a personal Git fork. Each of those is a new, uncontrolled distribution channel inside your software development lifecycle, and your platform team has zero visibility into any of it. A plugin is not a…
Read More
PixelSmash – Critical FFmpeg Vulnerability Turns Media Files into Weapons

PixelSmash – Critical FFmpeg Vulnerability Turns Media Files into Weapons

June 22, 2026 Yuval Moravchick, JFrog Vulnerability Research Team Lead Ori Hollander, JFrog Security Researcher | 23 min read

JFrog Security Research recently discovered and disclosed a critical vulnerability in FFmpeg, the world's most widely deployed media processing framework. The discovered vulnerability, which we've named PixelSmash, is CVE-2026-8461 - a heap out-of-bounds write in the MagicYUV decoder (CVSS 8.8 High). We escalated this vulnerability from a simple crash all the way to reliable remote…
Read More
npm v12’s Biggest Security Change: From Implicit to Explicit Trust

npm v12’s Biggest Security Change: From Implicit to Explicit Trust

June 18, 2026 Ofri Ouzan, JFrog Security Researcher Guy Korolevski, JFrog Security Researcher | 14 min read

For years, installing an npm package has meant trusting that every package in the dependency tree will behave as expected. Whether code originated from the npm registry, a Git repository, a remote URL, or an installation script buried deep within a transitive dependency, npm would typically execute or retrieve it automatically during the installation process.…
Read More
Introducing the JFrog Power for Kiro

Introducing the JFrog Power for Kiro

June 12, 2026 Eldad Assis, JFrog Principal DevOps Architect, CTO Office Arik Yakir, AWS Senior Partner Solutions Architect | 10 min read

A new CVE drops into a package you depend on. With the JFrog power for Kiro installed, your next move is a single prompt in your IDE, not a tab switch to the JFrog UI and thirty minutes of hand-rolled REST calls. This is what governed agentic development looks like in practice. If your team…
Read More
How to Validate Policy-as-Code Without Breaking Builds (Even When AI Writes the Code)

How to Validate Policy-as-Code Without Breaking Builds (Even When AI Writes the Code)

June 11, 2026 Segev Sharabi, JFrog Senior Product Manager, DevGovOps Roy Goldenberg, JFrog Product Marketing Manager, AppTrust | 6 min read

Picture two realities for the same compliance control reaching production. Reality One: Your AppSec team writes a new rule. An engineer uses Claude Code or Cursor to generate the OPA (Open Policy Agent) Rego policy in minutes. They deploy it. It blocks a legitimate release on a missing context variable, and the on-call engineer routes…
Read More
Our AI Agent Now Has a Security Conscience: Introducing the JFrog Plugin for Claude Code

Our AI Agent Now Has a Security Conscience: Introducing the JFrog Plugin for Claude Code

June 10, 2026 Yonatan Arbel, JFrog Developer Advocacy Lead | 8 min read

AI coding agents are changing the pace of software development. With tools like Claude Code, developers can move from idea to implementation faster than ever, generating code, exploring unfamiliar repositories, refactoring services, and turning plain-language intent into working software. That speed is powerful. But speed without governance = risk. It also creates a new challenge:…
Read More

Popular Tags