The Agentic Development Era Emerges From The Swamp

JFrog SwamUp 10th annual user conference was held in the idyllic Napa Valley, far from swamps and mosquitoes, but full of “frogs” (what JFrog employees refer to themselves as). The conference is kept small and intimate by design. This gave customers, analysts, press, and investors the ability to interact directly with JFrog management and each other.  

The theme of the event was that the AI evolution is here, and organizations must adopt or be left behind. This was not news for participants, many of whom were platform or application engineers responsible for the enablement or development of AI/ML applications. But the announcements differentiated from their competitors including an emphasis on application trust, supply chain integrity, and agentic development releases.  

JFrog Platform Attempts To Leap Towards The Agentic Era 

Product announcements demonstrated a cohesive strategy to bring trust to the world of DevOps, DevSecOps, MlOps, and agentic development. JFrog’s feature announcements, ranging from generally available (GA), in beta, and coming soon, were well received by customers eager to explore their potential. However, JFrog could find challenges successfully executing across such a broad spectrum of areas. Some of the announcements that might hop JFrog ahead the most are: 

• JFrog AI Catalog is a central hub for open source, proprietary, and internally developed models that provides visibility into provenance, training data sets, licenses, and vulnerabilities. AI inventory, portfolio management, and discovery are shaping up to be hotly contested areas, with major players like SAP, ServiceNow, and Salesforce all staking claims as well as security players and specialized startups. JFrog has an advantage in being closer to the ground truth of what is actually being deployed, but in order to differentiate in this market will need to bring in even more contextual portfolio information – capabilities, finances, risks, etc.  

• JFrog’s Agentic Software Supply Chain Security applies its advanced security and curation capabilities to agentic development via a JFrog MCP server and GitHub integrations to shift development teams to a proactive security approach. In addition, the JFrog local SAST MCP allows developers to get feedback on first-party code weaknesses in its’ IDE and developers can prompt the AI agent (e.g. GitHub Copilot) to generate fix suggestions based on context fed by JFrog. Currently in alpha, the feature mimics those of other SAST vendors rather than leaping forward. 

• JFrog Fly is their agentic developer platform and an MCP server that works with multiple IDEs, including VS Code and Cursor. Integrated with GitHub and observability, Fly provides a chat interface that allows users to query, promote, and rollback existing releases based on specifics of the code (e.g., “which features were added to this release?” or “deploy the release that added styling to the user field.”). Fly includes an audacious reimagining of the software development process, making versioning automatic and version names obsolete. This makes for a slick demo but may introduce confusion for JFrog clients who don’t want to give up their semantic versions or who need to support back-level software.  

• JFrog introduced three layers to increase “App Trust” in the age of agentic development and increased supply chain attacks.  The first layer is “application” as a new object in the platform to track application ownership, compliance, governance, etc. Evidence is the second layer and part of the system of record and lifecycle policies are the third.  App Trust pulls in GitHub’s artifact attestations for verifiable chain of custody from the artifact creation through software deployment, important for organizations that want to achieve SLSA level 3.  

• System of record scope for JFrog is more limited than some. JFrog focuses on binaries, auditability, and provable attestations (i.e., cryptographic signing) for build artifacts and steps in the SDLC. That’s less ambitious than what some other DevOps platforms mean by “single source of truth”: connecting business value to the SDLC. However, it plays to JFrog’s strengths, and allows them to work well with their partners who may have other viewpoints — and who may, themselves, claim to be the system of record. JFrog’s system of record will take some of the burden off development teams, especially those undergoing an audit, and may make it easier for auditors to check the box. That’s a win. 

Attackers Provided A Timely Reminder Of The Importance Of Software Supply Chain Security 

There was a last minute addition the last keynote on day one. The JFrog research team gave a detailed description of the NPM supply chain attack they had discovered the day before. Attackers compromised NPM maintainers with a believable 2FA reset phishing campaign. Thanks to JFrog, Aikido, and the open source community, they were able to minimize the impact of what could have been a major pay day for attackers and serious implications for organizations and individuals.  

JFrog has struggled to be seen as more than its artifact repository system. That’s made it vulnerable to all-in-one vendors who include adequate artifact management in their solutions. In addition, JFrog has strived to be seen as an application security solution by enterprise security professionals. JFrog’s announcement boosted their security cred and showed how organizations can and should help protect the developer community.    

 Forrester clients can schedule an inquiry or guidance session to break down the JFrog announcements. There is also an upcoming opportunity to connect with Forrester analysts (and your peers) in person: the Forrester Technology & Innovation Summit from November 2–5 or Security & Risk Summit from November 5–7. Both events are packed with visionary keynotes, informative breakout sessions, interactive workshops, insightful roundtables, and other special programs to help you master risk and conquer chaos.