JFrog

18.3K posts

JFrog banner
JFrog

JFrog

@jfrog

Driven by a “Liquid Software” vision, the JFrog Software Supply Chain Platform powers organizations to build, manage, and distribute software quickly & securely

🌎 Katılım Mayıs 2009
2.3K Takip Edilen23.2K Takipçiler
JFrog
JFrog@jfrog·
We heard that some of you want a bit more time, so we're making it official: The deadline for the Software Supply Chain Excellence Awards has been extended to July 27! Nominations are still open, and we want to see yours: bit.ly/4wMiVBX 🏆 Submit before the new deadline and let your work speak for itself.
JFrog tweet media
English
0
0
0
185
JFrog
JFrog@jfrog·
🤩 Dedicate ~1 hour and go from setup to full administration with the skills to drive JFrog Curation adoption across your entire organization: bit.ly/4yg6KhH Built for administrators and #security managers who want to block risky open source packages before they ever reach developers, you can learn how to deploy, scale, and keep JFrog Curation running efficiently, so your #SoftwareSupplyChain's front door stays guarded. 🛡️What's holding you back? Start today! #DevSecOps #AppSec
JFrog tweet media
English
0
0
2
186
JFrog retweetledi
JFrog Security
JFrog Security@JFrogSecurity·
🚨Since when does a documentation improvement become a Critical vulnerability? Apparently, CVE-2026-59084. Apache Tomcat's EncryptInterceptor docs didn't warn that non-default algorithms like AES/CBC leave replay protection ineffective. The fix? Updated documentation. Zero lines of code changed. CISA rated it 9.1 Critical. Apache rated it Low. JFrog's analysis agrees with Apache.
English
1
6
22
2.6K
JFrog
JFrog@jfrog·
📅 The swampUP Europe agenda is LIVE! Ready to build a system of record for trusted, secure delivery in the #AI era? Join us for real stories and practical sessions at #swampUP Europe 2026 in Barcelona! Here’s a sneak peek at a couple of our customer speaker talks: 🔹 Owen Delaney & Wessley McInroy (Admiral): "The GenAI Code Is Easy. Shipping It Safely Is the Hard Part." 🔹 Jaivy Daam & Liliya Tsikhanovich (@Vattenfall_De): "Designing DevSecOps for Reality: Bootstrapping a Secure Software Supply Chain" 🔹 Tomislav Uvodic (Erste Bank): "How Erste Bank Turned DevSecOps Ambition into an Enterprise Program" Check out the full agenda and secure your spot today: bit.ly/4pmEJRx
JFrog tweet media
English
0
0
0
184
JFrog
JFrog@jfrog·
#AI is accelerating code production, but security isn't always coming along for the ride. 🏎️ ⚠️ Vibe-coding is scaling these decades-old threats to record-breaking volumes with a massive resurgence of classic web flaws: 3️⃣ Injection (+3,110%) 2️⃣ SQL Injection (+445%) 1️⃣ XSS (+181%) Read the report to know more about the top vulnerability types: bit.ly/4fvidCT #DevGovOps #DevSecOps #DevOps #CyberSecurity #SoftwareSupplyChain
JFrog tweet mediaJFrog tweet mediaJFrog tweet mediaJFrog tweet media
English
0
0
2
194
JFrog
JFrog@jfrog·
👍🏼 Building AI agents is the easy part. 👎🏼 Getting them production-ready and properly governed is where most teams stall out. Join JFrog and @googlecloud for a hands-on workshop covering what it actually takes to move AI agents from prototype to production: bit.ly/4oJBxyW You'll walk through governance frameworks, real controls, and the decisions engineering teams face once agents start making calls on their own. 💡 If you're building with agents, or figuring out how to keep them in check at scale, this session is built for you. Seats are limited. Save yours here.
JFrog tweet media
English
1
1
2
195
JFrog
JFrog@jfrog·
Every winning side has a rock-solid backline. For thousands of dev teams around the world, that's JFrog. 🐸 From every artifact to every build, we help teams keep threats out of the net. That work is why JFrog was recently recognized as a Leader in the Gartner® Magic Quadrant™ for Software Supply Chain Security because defending your #softwaresupplychain shouldn't be a one-player game. Download the full report: bit.ly/4agwK1Z
English
0
0
0
178
JFrog
JFrog@jfrog·
53% of all breaches now originate from #softwaresupplychain attacks, nearly double from the prior year. The traditional response of layering on more security tools only creates more noise, more alert fatigue, and slower developers. The new IDC white paper, sponsored by JFrog, includes a customer case study of a global bank that proves it is possible to ship faster and stay more secure by consolidating on an integrated DevSecOps platform. Read the case study and see how leading teams are doing both. 📄 Download the white paper: bit.ly/3QTGVmu #DevSecOps #CyberSecurity #SoftwareSupplyChain #JFrog #IDC
JFrog tweet media
English
0
0
0
175
JFrog
JFrog@jfrog·
What happens when industry practitioners, innovators, and engineers come together to tackle the impact of #AI on #DevSecOps and security? Real conversations. Bold ideas. And a whole lot of momentum. #FrogwardInnovationDay2026, brought together brilliant minds from @Athenahealth , @PepsiCo, @Intuit, @Rakuten @Symphony, @Commonwealth @BankofAustralia, @SanDisk , @McDonald's, @Standardchartered , and more - united by one goal: solving the most pressing challenges in #DevSecOps and #AI. From Software Engineers to #Security Architects, attendees dug deep into real-world security challenges, collaborating across industries and skill sets to build practical solutions. The future of secure engineering is being shaped in rooms like this. 💡
JFrog tweet mediaJFrog tweet mediaJFrog tweet mediaJFrog tweet media
English
0
0
2
201
JFrog
JFrog@jfrog·
✅ Most teams have secured the code their developers write. 🛑 Far fewer have secured what their AI agents choose. On July 28th, JFrog's Mark Whitby and DevOps Engineer Francesco Ciulla will build a real app using AI agents, show you how malicious packages attempt to slip through, and give you the play by play on how to prevent it from happening. Secure your spot today: bit.ly/3T7unbZ #DevSecOps #AppSec #SoftwareSupplyChain
JFrog tweet media
English
0
0
0
152
JFrog
JFrog@jfrog·
⏱️ 15 minutes = That's all it takes to build a stronger #SoftwareSupplyChain foundation. If your team is juggling unmanaged binaries, inconsistent repository structures, or unclear access boundaries, our "JFrog #Artifactory: Repository Management" course shows them how to handle ALL of that: bit.ly/4fz6F12 In just one session, you'll learn how to design Local, Remote, and Virtual repositories that actually support your development teams, reduce network latency, and enforce governance through naming conventions and access controls. Beginner level. Start right now. 🎯 #DevOps #JFrogAcademy
JFrog tweet media
English
0
0
0
166
JFrog
JFrog@jfrog·
Your npm packages are governed. Your PyPI packages are governed. The prompts, skills, and MCP configs shaping your AI agents? Probably not. APM + JFrog Artifactory brings the same package management discipline to AI agent primitives. One apm.yml. One trusted registry. Every dev on the same page. Full breakdown from JFrog’s own Yonatan Arbel and Daniel Meppiel, Software Global Black Belt at @Microsoft: bit.ly/4bompS6
JFrog tweet media
English
1
0
2
255
JFrog retweetledi
JFrog Security
JFrog Security@JFrogSecurity·
🚨 The Miasma worm has returned to npm! Four AsyncAPI packages were recently compromised to deliver the new Miasma v3 variant. Read our full technical analysis: research.jfrog.com/post/miasma-wo…
JFrog Security@JFrogSecurity

🚨 NPM SUPPLY CHAIN ATTACK ALERT 🚨 For the second time, packages in the AsyncAPI ecosystem have been compromised. After being targeted by the massive "Shai-Hulud: The Second Coming" worm attack, @asyncapi/generator (100k weekly downloads) and its sub-packages have been poisoned again. @asyncapi/generator (3.3.1) @asyncapi/generator-helpers (1.1.1) @asyncapi/generator-components (0.7.1) Check your build pipelines and dependencies immediately! 🛡️

English
1
9
11
2.2K
JFrog
JFrog@jfrog·
LAST CHANCE to secure your #swampUP 2026 sponsor opportunity in New York (Sept. 1–3): bit.ly/4u6ubY5 With #swampUP bringing together the community at the center of software delivery innovation, don't miss your chance to get your brand in front of the engineering, #security, #AI, and platform leaders actively mastering the AI surge. Spots are going fast, so claim yours now. 🐸 #DevGovOps #DevSecOps #DevOps
JFrog tweet media
English
0
0
0
169
JFrog
JFrog@jfrog·
JFrog CEO @ShlomiBenHaim joined @Bloomberg Tech Disruptors' Mandeep Singh to talk about what keeps him up at night: coding agents and #SoftwareSupplyChain risk. 🎧 Listen here: bloom.bg/4vLj9IN The pair discusses the impact of #LLM coding agents, the challenges of keeping up with model guardrails, and why software supply chain security and governance are top of mind for modern enterprises. "The question isn't whether you'll use AI agents, it's how you'll build trust in their use by securing and governing them." - Shlomi Ben Haim, JFrog Co-founder and CEO #AIGovernance #DevSecOps #DevGovOps
JFrog tweet media
English
1
0
2
183
JFrog retweetledi
JFrog Security
JFrog Security@JFrogSecurity·
⚠️ Students visiting "Riverbend Tutoring" to bypass school Wi-Fi and play games didn't realize their browsers were being conscripted into a DDoS botnet. We deobfuscated a massive campaign of 150+ npm packages (under names like charlie-kirk and ilovefemboys) acting as a free CDN for malicious student web proxies. Our deep-dive recovered active payloads: a mutable remote loader and a custom Wisp-protocol WebSocket generator that attacked a nursing school's website at 2MB/s per visitor. How the Lucide campaign weaponized student proxies: research.jfrog.com/post/lucide-pr…
English
1
8
45
209.1K
JFrog
JFrog@jfrog·
🚨 LAST CHANCE to apply: Submissions for the Software Supply Chain Excellence Awards 2026 close this Friday, July 17th! You only have a few days left to apply and secure your place in the League of FrogStars: jfrog.co/sscawards26 Whether you’ve unified #DevSecOps workflows, scaled model governance, or built an iron-clad defense, we want to hand your team an engraved Golden Frog on the #swampUP stage. Take a leap today before the window closes! #Frogstars #SSCEAwards
JFrog tweet media
English
0
0
0
175
JFrog retweetledi
JFrog retweetledi
Francesco Ciulla
Francesco Ciulla@FrancescoCiull4·
I'm back from Berlin! On July 28, I’ll join Mark Whitby for a live @jfrog webinar on securing DevOps pipelines from risky AI agents and malicious dependencies. We’ll demo real attacks and how to stop them before they ship. 📅July 28, 10 AM CEST 🔗Link below Let’s crush it!
Francesco Ciulla tweet media
English
2
1
30
2.5K
JFrog
JFrog@jfrog·
The JFrog Software Supply Chain Platform is now available on Canada's SLSA Catalogue through DCI, Data Centre Intelligence Inc. 🇨🇦 As federal departments face new #SBOM, #AI governance, and automated decision-making requirements, JFrog gives them a trusted system of record for every binary, from dev to production. Learn more: bit.ly/455IoJT #SoftwareSupplyChain #DevSecOps #Cybersecurity
JFrog tweet media
English
0
0
1
215