JFrog

Your team builds fast, but are they building well? The JFrog Academy has courses, learning paths, practice labs, and certifications designed for #developers, #DevSecOps engineers, and #security managers. Whether you're just getting started with the JFrog Platform or leveling up on Advanced Security and JFrog Curation, there's a structured path for every skill level. Self-paced. Expert-led. Built for real-world #DevOps, #DevSecOps, and #AI / #ML. 🎓 Start learning today: academy.jfrog.com #SoftwareSupplyChain #LearningAndDevelopment

What an incredible week at @OneRSAC 2026! 🐸✨ From the packed halls of the Moscone Center to the deep-dive strategy sessions at our booth, and networking at the after party with Optiv, the message was clear: The #AI era demands a new security model. Shout out to: 🔑 Our Field CISO, Paul Davis who inspired us to simplify our "Golden Paths" to production. 🤝 And most importantly, the amazing folks we met and spoke to about securing every dependency, code, and binary. Missed us in person? You can still tour the platform to see how JFrog secures the AI software supply chain: jfrog.com/start-free/ #RSAC2026 #AppSec #SoftwareSecurity #DevSecOps

More details about the attack - research.jfrog.com/post/team-pcp-…

🚨 Security Alert: The Telnyx PyPI package was found to contain a malicious payload in versions 4.87.1 and 4.87.2. Avoid these versions immediately and rotate any potentially exposed credentials. More details coming soon.

🚨 PSA regarding CVE-2026-33017, the critical langflow vulnerability: This is an actively exploited critical vulnerability! Several public sources claim that the latest version (1.8.2) is fixed, but actually the vulnerability is still exploitable! If you are using langflow, we recommend - ``` pip uninstall langflow pip install langflow-nightly ``` The fix should be available in version 1.9.0 (currently unreleased). More details available in our #security research blog: bit.ly/3Pq7Wx4 #CVE #Langflow

🚨 PSA Regarding CVE-2026-33017 (critical langflow vuln, currently exploited in the wild). Several public sources claim that the latest version (1.8.2) is fixed, but actually the vulnerability is still exploitable! If you are using langflow, we recommend - ``` pip uninstall langflow pip install langflow-nightly ``` The fix should be available in version 1.9.0 (currently unreleased)

🤖✨Are you at @OneRSAC and looking to prioritize what vulnerabilities actually matter based on runtime context? Today's the last day to visit the JFrog at #S-748 to see how JFrog helps #developers fix vulnerabilities faster with context-aware insights and accelerate fixes with intelligent guidance. Don't settle for a list of bugs; get the context you need to remediate them instantly. Book your meeting with us before the conference ends: events.jfrog.com/rsac2026/ #RSAC #DevOps #AISecurity

Thank you Amsterdam for an unforgettable KubeCon Europe 2026! 🐸 ✨ We connected with brilliant minds, exchanged strategic ideas, caught David Robin's 'Stop XZ & Shai Hulud: Live Demo of JFrog Curation with Compliant Version Selection' session, and showcased how JFrog is powering secure, scalable software delivery. We’re already looking forward to being back next year, but until then, keep deploying! 🚀 #KubeCon #SoftwareSupplyChain #DevOps

With MCPs, agents now have the hands to interact autonomously with your enterprise systems, but an agent is only as safe as the tools it uses, and unverified tools are a massive liability. ⚠️ Join experts, Guy Eshet and Paul Davis, for a live feature showcase of the new JFrog MCP Registry. Learn how to eliminate the double standard between software and #AI by managing #MCP servers with the same governance policies you apply to traditional binaries. 👉 Register today: bit.ly/4uPYMKk 📅 March 31st | 10:00 AM PST #AISupplyChain

That's a wrap on our Melbourne luncheon roundtable! 🐸 Gathering some of ANZ's top security and #DevOps leaders over lunch, one theme rang loud and clear: as AI weaves itself into every pipeline, the software supply chain has never been a bigger target — and traditional security tools weren't built for this moment. A huge thank you to TaylorStanyon and Danny Perry or making it all run seamlessly, and to Andrew Bailey for joining as our guest speaker and bringing the customer voice into the room. 🙌 Until next time, Melbourne. 🐸 #JFrog #DevSecOps #SoftwareSupplyChain #AISecurity #JFrogMelbourne #AI #SoftwareSecurity

India’s leading DevOps minds are coming together in Mumbai. The world of #softwaredelivery is rapidly transforming and #DevOpsleaders must evolve with it. #EveryOpsDay Mumbai brings together India’s most forward-thinking minds across #DevOps, #DevSecOps, #PlatformEngineering, and #AI #MLOps for a highly curated day of insight, dialogue, and collaboration. Join senior technology leaders to explore: ⚡ The future of AI-driven DevSecOps 🔐 Securing the modern #softwaresupplychain 🚀 Building high-velocity developer platforms 🤝 Connecting with India’s top DevOps and engineering leaders This is India’s premium DevOps event, designed for leaders who are building the next generation of software. 📍 Mumbai | May 15, 2026 👉 Sign up today as seats are limited : bit.ly/4sR76HP #DevOpsLeaders #DevOpsCommunity #EveryOpsDayMumbai #Techeventinmumbai #Securityleaders #DevOpsEventinIndia

Security policies shouldn’t be the reason your build fails. 🛑 Most tools use a binary "block-and-fail" approach, forcing developers to manually fix hidden dependency risks. JFrog Curation flips the script with Compliant Version Selection (CVS). CVS automatically finds and serves the highest policy-compliant version of a package—keeping your pipelines green and your developers in the flow. ✅ No tickets. ✅ No context switching. ✅ Pure velocity. Learn more: bit.ly/4t8EBWr #DevSecOps #SoftwareSupplyChain #AppSec #CyberSecurity #CloudNative #K8s #DeveloperExperience

We’re excited to be recognized by @cyberdefensemag in this year’s Global InfoSec Awards! 🌟 JFrog has been named a winner in three categories: 🔹 Hot Company | AI Security & Compliance 🔹 Cutting Edge | Data Governance or Product Security 🔹 Cutting Edge | Software Supply Chain Security Our team is dedicated to helping our customers stay ahead of the curve in a rapidly changing landscape. If you’re at @OneRSAC 2026 today, come say hi! We’d love to celebrate with the community that keeps us inspired. Congratulations to this year's winners: cyberdefenseawards.com #RSAC #InfoSec #CyberSecurity #Innovation

Honored to be named a Gold Winner in the 2026 @GlobeeAwards for Cybersecurity! 🏆 With a judging panel of 270+ industry experts and a strict merit-based evaluation, we are proud that the JFrog Software Supply Chain Platform met the high bar for excellence in innovation and threat defense. 🐸 Thank you to our users and the #cybersecurity community for your continued trust. Congratulations to our fellow honorees: bit.ly/3NuXSCi #GlobeeAwards #Innovation

Adopting #MCP without governance is essentially granting autonomous agents valid credentials to your internal infrastructure with zero oversight. 🙅 Stop the "wild west" of unmanaged #AI sprawl and download our new eBook, "Taming the Agentic Supply Chain," where we outline the framework for governing AI "hands" with the same rigor you apply to your software. Get a grip on your agentic supply chain. Download the eBook: bit.ly/4bZvbXs #AgenticSupplyChain

Ready to stop drowning in false positives and start scaling visibility? 🔎 Adyen built a custom abstraction layer to decouple dependency resolution from their core build system. This allows JFrog Xray to identify exactly what’s being shipped without breaking the developer workflow. If you want to deep dive further into... 🏗️ Decoupling resolution from build systems 🧩 Mapping custom internal dependencies 🛠️ Real-world architecture patterns Then register today to see the schematics at our webinar: jfrog.co/4szpaGk #DevSecOps #PlatformEngineering #SoftwareSupplyChain

Next stop for #swampUP2026 - Barcelona! 🇪🇸 Experience Europe’s premier DevSecOps conference, where world-class expertise meets the Mediterranean coast. In an era of rapid AI-driven software delivery, mastering trusted intelligence is the key to staying ahead of the curve. Join us this October for three days of deep dives into security, automation, and the future of the software supply chain. Early Bird Alert: Register by 20 June to secure the best rate on your pass! See you in Barcelona: swampup.jfrog.com/europe/ #SoftwareSupplyChain

⚠️ Last chance to register for Asia DevOps Live - happening tomorrow, March 26 at 11am SGT! When #AI is accelerating development at unprecedented speed, but velocity without control creates vulnerability, it helps to hear how forward-thinking organizations like Singapore Airlines, @CirclesLifeSG and @paymongo are building secure #DevOps pipelines. Tune in to learn more about how this crew addresses: 🕶️ Shadow AI governance 🔗 Open-source dependency protection 🎧 Reducing noise & false positives 🛡️Proactive blocking strategies The future of DevSecOps is proactive. Are you ready? Register today: jfrog.co/4bcs4Ka #FutureOfDevOps #AIInnovation #SecureByDesign #PlatformEngineering #CyberResilience #CloudSecurity

The JFrog booth was buzzing with energy today at @OneRSAC! Are you looking to stop malicious packages and high-risk AI models before they ever reach your pipeline? 📍Swing by Booth #S-748 tomorrow to see how we’re delivering #AppSec for the AI software supply chain! Or book 1:1 time with us to talk shop and strategize: events.jfrog.com/rsac2026/ #RSAC2026 #CyberSecurity #AISupplyChain #AI

Check out JFrog Curation: jfrog.com/curation/

This time: Trivy. Which led to: LiteLLM. And that's after: KICS. Different tools. Same story. A trusted component in the software supply chain gets compromised…if ever there was a time to check out JFrog curation - now would be it. Link in comments Get the full breakdown here: bit.ly/4c2H66J