Every year, JFrog’s swampUP conference gives us a look at what’s next in DevOps, software delivery, and increasingly, AI. This year’s event in Napa did not disappoint. If you’ve followed JFrog over the years, you know they have never been shy about leading the conversation on how software is built, secured, and shipped. At swampUP 2025, they reminded everyone once again: JFrog is not just keeping up with the industry—it’s defining it.
In the DevOps world, it’s easy to get swept up in hype. AI, compliance, automation—everyone claims to be innovating. But JFrog’s announcements this week are more than marketing spin. They represent a coherent, ambitious vision for how software supply chains must evolve in a world where AI-native development, trust, and compliance are as central as speed and scale.
The Bigger Picture: Why This Matters
The past few years have seen software supply chain security leap to the top of every CIO and CISO’s priority list. Add in the explosion of AI tools, and the stakes are even higher. Enterprises need to innovate faster, but they can’t afford to cut corners on governance, compliance, or security. That tension—between speed and trust—is what JFrog is targeting.
Their strategy is clear: build the system of record for all software artifacts and now, AI models, and extend that system with governance and compliance baked in. Partnerships with hyperscalers, NVIDIA, and ServiceNow reinforce this ambition. JFrog isn’t just integrating with the ecosystem—they’re embedding themselves into the very fabric of how modern software is created, secured, and delivered.
JFrog Fly: The Agentic Leap
Let’s start with JFrog Fly, billed as the industry’s first agentic repository. For years, we’ve heard how AI has transformed coding, with tools like GitHub Copilot and Cursor making developers more productive. But release management—the actual process of getting code into production—remains stubbornly manual and disconnected.
JFrog Fly rethinks this by creating a zero-config, AI-native repository designed for “vibe coding” and agentic workflows. It promises semantic release management, centralized sharing of artifacts, and seamless integration with AI repos. In other words, Fly aims to do for release management what Copilot did for coding: make it frictionless.
For small teams, this could be game-changing. Fly could allow startups and scrappy developer squads to scale software delivery at a pace that used to be reserved for big enterprises. It’s JFrog reminding us that innovation doesn’t just happen at the code level—it happens in how you package, release, and deliver.
JFrog AppTrust: Governance Becomes DevGovOps
The next big announcement was JFrog AppTrust, described as a “DevGovOps” solution. The name may be new, but the need is not. As JFrog CEO Shlomi Ben Haim put it, after DevOps and DevSecOps, the next big challenge is governance.
AppTrust creates a secure release management layer that signs and secures evidence, automates release quality gates, and integrates governance into platforms like ServiceNow. The promise here is clear: every release is trusted, verified, and compliant—without slowing teams down.
The most intriguing part? AppTrust doesn’t just measure code quality; it contextualizes applications with ownership, dependencies, and risk insights. It’s governance not as a speed bump, but as an accelerator, reducing friction between developers, security, and compliance teams.
JFrog AI Catalog: Governing the AI Flood
AI adoption has exploded, but governance has not kept up. That’s where the JFrog AI Catalog comes in. This is a secure hub for discovering, governing, and deploying AI/ML models—whether they’re internal, open source, or from external providers like NVIDIA and Anthropic.
With direct access to NVIDIA’s Nemotron models, one-click deployments, and continuous scanning through JFrog Xray, the AI Catalog brings the same rigor to AI models that enterprises already expect for software artifacts. Think of it as Artifactory for the AI era.
Here’s the Shimmy take: enterprises are flying blind today when it comes to AI governance. The AI Catalog offers a way to bring visibility, compliance, and trust to a part of the stack that has so far been the Wild West. That’s not just an incremental step forward—it’s foundational if AI is going to scale responsibly in the enterprise.
The Evidence Ecosystem: Compliance You Can Trust
Finally, JFrog extended AppTrust with its Evidence Ecosystem, partnering with GitHub, ServiceNow, Sonar, and others to create a centralized audit trail of cryptographically signed attestations. This is about creating a single source of truth for compliance—no more scattered logs, no more manual processes.
In an era where regulators, auditors, and even AI agents will demand verifiable proof before a release goes live, this matters. JFrog is saying: don’t just trust us—prove it. And they’re giving organizations the tools to do exactly that.
Where This Is Headed
All of this fits into a broader trend I’ve been tracking: the convergence of AI-native development, secure supply chains, and governance. The days of “move fast and break things” are over. The future is “move fast and prove trust.”
JFrog gets this. And by putting themselves at the center of that conversation, they’re not just staying relevant—they’re shaping the next era of DevOps.
Wrapping Up from Napa
JFrog swampUP isn’t over yet, and I expect more announcements as the week continues. Techstrong and Techstrong TV are here on the ground, live-streaming sessions and capturing conversations. Jon Swartz is on-site covering the event editorially, so keep an eye out for more analysis from us.
But for now, one thing is clear: JFrog continues to leap, and in doing so, they’re pulling the entire industry forward with them. If you’re in DevOps, security, or AI development, these are announcements worth paying close attention to.
