Operations | Monitoring | ITSM | DevOps | Cloud

Good news! You no longer have to be a DevOps or JFrog expert to harness the power of the JFrog Software Supply Chain Platform. With the introduction of JFrog’s MCP Server, we’re making the JFrog Platform accessible to your favorite large language models (LLMs). Now, every developer can take advantage of the detailed security and package information available in JFrog, such as vulnerability data from the JFrog Catalog, without needing to context-switch.

If there’s one thing we’ve learned from years of working with innovators across industries, it’s this: Progress happens when people come together—not just to showcase, but to share, ask questions, challenge one another, push both themselves and the industry to the next level, and co-create.

The JFrog Security Research team has recently discovered and disclosed CVE-2025-6514 – a critical (CVSS 9.6) security vulnerability in the mcp-remote project – a popular tool used by Model Context Protocol clients. The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it initiates a connection to an untrusted MCP server, posing a significant risk to users – a full system compromise.

Swift is the default and preferred language for developing applications within the Apple ecosystem. The Swift Package Manager (SwiftPM) has become the de-facto dependency manager for Swift, enabling developers to share and reuse code effortlessly. While its elegance lies in its simplicity, there’s a common concern about integrating SwiftPM into robust, enterprise-grade development workflows. This is where JFrog Artifactory shines.

Sovereign AI ensures control over AI/ML data, models, and infrastructure, which is now essential for enterprises, regulated industries, and national interests. JFrog and NVIDIA have collaborated to deliver a secure, scalable solution for sovereign AI. NVIDIA provides the accelerated computing and AI software while JFrog ensures trusted DevSecOps and MLOps practices across the entire AI lifecycle, from model development and security scanning to deployment at the edge and in air-gapped environments.

Open-source package repositories like the Python Package Index (PyPI) play a crucial role in software development. However, these platforms are also potential targets for malicious actors attempting to exploit application software vulnerabilities. The JFrog Security Research team regularly monitors open source software repositories using advanced automated tools, in order to detect malicious packages.

The internal DevOps team at JFrog needed to provision cloud resources, create environments, and manage infrastructure for our developers. Unfortunately, it involved wasting a significant amount of time on repetitive tasks, that was slowing down the pace of innovation and taking away our developers’ focus from building new features and industry leading products.

As Software as a Service (SaaS) solutions evolve, organizations face increasing pressure to ensure uninterrupted service delivery. One of the most significant threats to SaaS Service delivery and operational continuity is the presence of known and unknown Single Points of Failure (SPOFs). As a SaaS organization, the team at JFrog deeply understands the risks of SPOFs and works hard to avoid them.

Earlier this month the development industry was preparing for rate limit changes at Docker Hub. Ultimately, any rate limit changes were put on hold. Many JFrog customers have asked us, “How would Docker Hub rate limit changes impact us?” In this post we’ll discuss what you can do to ensure uninterrupted usage of Docker, now and into the future, regardless of rate limits.