JFrog

The #MCP ecosystem on @googlecloud is growing fast — and so is the need to manage it securely. The JFrog MCP Registry fixes this. ✅ Governed, self-serve adoption ✅ Granular tool-level permissions ✅ IDE integration 🐸 Stop choosing between velocity and governance. Accelerate your #AI supply chain: bit.ly/4tb7gcP #GenAI #DevSecOps

Bring the power of the force to your software supply chain with @jfrog Happy #StarWarsDay #MayThe4thBeWithYou

Know how to find and use the right AI models, you must. 💡 The JFrog Academy AI Catalog for Developers course is beginner-friendly 15 minutes lesson that teaches you how to discover and integrate #AI models into your applications the right way. 👉 bit.ly/4d87qMq Package models. External APIs. Custom models. All covered. No excuses. #MayThe4th #DevOps

🌟 🟢 Strong with the force, your team will be. Two cities. Two chances to level up and master the #AI surge at #swampUP. Get your tickets today → bit.ly/48cwTCH 🗽 swampUP (New York): September 1–3 🇪🇸 swampUP Europe (Barcelona): October 20–22 #MayThe4th #DevOps #DevSecOps

Speed without trust is just the Dark Side in disguise. May the 4th be with you - and may your binaries be with you, too. ✨ AI agents are shipping code faster than ever. Which means your artifact repo isn't storage — it's your last line of defense. With JFrog, every package is versioned. Every model traceable. One source of truth. Get started today: jfrog.com/may-promo #MayThe4thBeWithYou #DevSecOps #AI #JFrogForce #SoftwareSupplyChain

Picture this: Your team ships an AI-powered feature and customers love it, but days later, a security researcher flags that the model itself has a critical issue or worse, it’s malicious. 😳 You need to answer three questions and FAST: 1. Which model version is running in production? 2. Where did it come from and what's its provenance? 3. Who approved it, when, and is there a full audit trail? If you can't answer all three in under 60 seconds — you don't have a system of record. You have a hope and are likely staring down a potential breach. Your people are doing the best they can, but the system they're working in wasn't built for this. A key piece has been missing, but tomorrow, we're changing that… #JFrogForce

👀 We tried to warn them: Artifact sprawl. Rogue packages. Ungoverned #AI. The Dark Side has never been better resourced. No action was taken. Until now… Something big drops May 4th. The Force is finally fighting back. 🐸 #StarWarsDay #SoftwareSupplyChain #JFrogForce

Software supply chain attacks account for 53% of all enterprise breaches. 😵‍💫 They come from: 🙈 A dependency nobody checked 🙉 A model nobody vetted 🙊 A package that slipped through because there was no single place to catch it If you're like most orgs, your team brought in over 500 new packages last year. The #governance frameworks most organizations have in place were built for a different era. Are you ready to take back control? #DevSecOps #SoftwareSupplyChain #JFrogForce #SystemOfRecord #AI

💡Your #DevOps team speaks more than one language. Your training should too. JFrog Academy courses are now available in multiple languages, so every engineer on your team can learn the JFrog Platform in the language they think, code, and troubleshoot in: bit.ly/4sJM2T6 Because the best training isn't just technically accurate. It's accessible. When teams learn in their native language, concepts stick faster, onboarding accelerates, and your entire org gets to production-ready JFrog skills, together. Start training today 💪 #DevSecOps #PlatformEngineering

🚨 Another hijack today: The intercom-client npm package has been compromised in a supply chain attack. ⚠️ Affected Versions: 7.0.4

🚨 SECURITY ALERT: The popular PyPI package lightning has been compromised in a supply chain attack. ⚠️ Affected Versions: 2.6.2 and 2.6.3

🔁 #ICYMI - The Bitwarden CLI npm package was hijacked last week by a threat group called TeamPCP: bit.ly/4t40cyS With ~78,000 weekly downloads, it's a big one. This attack went beyond typical credential theft, targeting #AI coding tool configs, abusing #GitHub Actions as a C2 channel, and bypassing standard #security monitoring. If you haven't audited recently updated packages in your pipeline, now's the time. #DevSecOps #SupplyChainSecurity #npm

We are proud to announce that we have officially added the Cyber Essentials certification to our global compliance portfolio! ✅ At JFrog, we believe that maintaining a secure environment is a journey of continuous evolution. This milestone reflects our adherence to the technical standards set by the UK’s National Cyber Security Centre (#NCSC). By implementing these essential controls, we are further reinforcing our infrastructure to defend against common cyber threats and ensure the highest level of protection for our partners. The takeaway for our partners - 👉🏽 Expanded #Compliance: We have officially added Cyber Essentials to our global security portfolio. 👉🏽 #Security Maturity: This milestone demonstrates our commitment to strong, audited technical controls and cybersecurity maturity. 👉🏽 UK Market Focus: It provides essential assurance for our #UK customers and public sector partners by meeting NCSC government-backed standards. Explore our full range of certifications and compliance standards on our JFrog Trust page: bit.ly/4n2j7Zs

EU #compliance. #AI governance. Software supply chain security. 👆🏽If you've solved any of these in the real world — we want you on stage in Barcelona: bit.ly/3QvlGqV 🇪🇸 The #swampUP Europe call for papers is open and we're looking for speakers working at the edge of #DevOps, #DevSecOps, #SoftwareSupplyChain security, and #AI-driven development. Real-world experience, real talk. Submit your proposal by 18 May!

Who owns the system of record for your software artifacts and AI models?

Attackers just turned #HuggingFace into a malware delivery network and a place to dump your stolen credentials. A rogue #npm package called js-logger-pack looked harmless on install, but then quietly deployed a cross-platform implant that used Hugging Face's own infrastructure to store exfiltrated data. This is the new playbook: abuse trusted platforms to hide in plain sight. Read the full breakdown: bit.ly/4cAwlsO #CyberSecurity #SupplyChainAttack #AppSec

🕵 Principal #DevOps & Automation Engineer Bill Goodrich didn't just read the research on #SoftwareSupplyChain security. He's living it operationalizing #DevSecOps across 30+ projects and multiple continents at @ViaviSolutions. 🤝 And he's joining us on May 6 for a fireside chat on exactly how they did it: the decisions, the trade-offs, the moments where the old approach stopped working. If your team is managing distributed infrastructure, navigating compliance requirements like #ITAR, or just trying to make #security reviews stop being the bottleneck, then Bill's story maps directly to your reality. Tag a colleague who needs to hear this. Then register: bit.ly/4cn01th

The Bitwarden CLI was briefly compromised via a cascading supply chain attack. Malware slipped in through a hijacked GitHub Action and reached developers' most sensitive secrets before anyone noticed. 🔐 This is what modern #softwaresupplychain attacks look like. Read the breakdown: bit.ly/3QzGE7U #Cybersecurity #SoftwareSupplyChain #AppSec #Bitwarden

⏰ Early bird pricing for #swampUP in New York ends this Thursday, April 30th! ⏰ If you've been on the fence, this is your sign to move: swampup.jfrog.com Meet the frogs and industry innovators in New York City for three days of keynotes, hands-on training, and real conversations about what it actually takes to build, secure, and ship software in the #AI era. 🗽 #DevOps #DevSecOps #SoftwareSupplyChain

Your automated pipelines are a feature, but for attackers, they're an opportunity. A new wave of software library attacks hit #npm and #PyPI packages in the last week, silently merging malware into #dev environments in minutes. The Bitwarden CLI compromise alone reaches 70K downloads a week. Get the full breakdown: bit.ly/4mU2EGs #CyberSecurity #SupplyChainAttack #AppSec #OpenSource