AG真人官方

JFrog Extends its System of Record Solution, Empowering Application Delivery Governance with Evidence from World-Leading Companies

Unifying proof from GitHub, ServiceNow, Sonar, and more, JFrog AppTrust delivers a trusted single source of truth for faster, more reliable, compliant software releases

SUNNYVALE & NAPA VALLEY, Calif.--(BUSINESS WIRE)-- swampUP 2025 鈥� (鈥淛Frog鈥�) (NASDAQ: FROG), the Liquid Software company and creators of the , today announced its first set of Evidence Ecosystem partners to be included in JFrog AppTrust. Customers can now collectively create a centralized, trusted audit trail with clear attestations across the software development lifecycle, helping increase visibility, eliminate risk, and ensure release readiness, gaining greater confidence in each delivery.

Unifying proof from GitHub, ServiceNow, Sonar, and more, JFrog AppTrust delivers a trusted single source of truth for faster, more reliable, compliant software releases

鈥淭o enable the agentic AI revolution in software delivery, wherein every agent will require proof before moving forward with any release, organizations need a clear, auditable single source of truth of their software delivery process,鈥� said Gal Marder, Chief Strategy Officer, JFrog. 鈥淭ogether with our partners, we鈥檙e providing a trusted, DevGovOps solution for collecting cryptographically verifiable evidence and applying compliance policies. By verifying these policies across the software supply chain, organizations can confidently deliver trustworthy, compliant, secure applications in the agentic AI era.鈥�

CISOs and DevSecOps leaders face immense pressure to meet high standards of formal as well as internal regulations and security requirements amid rapid software delivery demands. In the accelerating world of AI, automation of GRC will become more demanding, placing more complexity on delivery teams. Non-compliance poses risks to the trust of customers in the software being shipped, as well as fines, reputational damage, and legal issues. Relying on homegrown solutions and manual processes for software provenance is unsustainable, easy to challenge and wastes precious developer time. within the generates a comprehensive audit trail that helps customers:

• Ensure Release Readiness of Software 鈥� Easily capture proof of the process software went through as it matured for release, inclusive of all tests, approvals, environments, and actions taken across the software development lifecycle (SDLC).
• Maintain a Single Source of Truth for cryptographically signed attestation data that is attached to your release artifacts, providing immutability and saving time for teams and auditors by eliminating the need to search across multiple systems.
• Simplify Auditing and Compliance Tracking by capturing evidence throughout each application鈥檚 lifespan, aiding and accelerating release decisions.
• Automate Evidence Collection across multiple tools, teams, and sites, reducing complexity.

To extend the richness of its evidence collection capabilities, JFrog is partnering with a dozen software leaders to create out-of-the-box evidence integrations, empowering organizations to consolidate SDLC process data into a single source of truth鈥攃rucial for GRC efforts in an era of rising security risks and regulatory scrutiny. JFrog鈥檚 initial group of Evidence Ecosystem partners will collect and share important software attestations such as:

• build attestations will be converted into JFrog Evidence and remain stored alongside each software package indefinitely for compliance verification and policy enforcement.
• will share its change requests, approvals, and vulnerability exceptions as signed evidence in JFrog AppTrust.
• 鈥檚 flagship product, , will create and share signed code quality and code security issues along with code coverage attestations with JFrog Evidence.
• will provide signed deployment attestations via their Kargo platform, using existing evidence to validate applications passed promotion gates and deployment environments before release.
• will generate evidence containing security findings across OWASP Top 10 and compliance validation, creating verifiable proof that comprehensive API security testing was completed before release.
• will attach signed configuration security scan results to software packages in JFrog, including Infrastructure as Code (IaC), application, and operating system findings as verifiable proof that security standards were met before deployment.
• will provide signed execution attestations from Dagger Cloud for local and CI workflow runs, creating verifiable proof of build and test processes with direct links to execution traces.
• will provide signed build attestations from its platform as JFrog Evidence, capturing build metadata, dependencies exposure, and performance insights to establish binary chain of custody for high-velocity deployment assurance.
• will run API discovery from source code and high-speed, authenticated grey-box DAST scans, attaching signed results to images that provide evidence of vulnerabilities, exploit validation with code-level insights, and remediation guidance before release.
• will provide signed ephemeral environment attestations capturing agentic and human validations with test outcomes as verifiable proof that reproducible end-to-end testing was completed before release.
• will perform automated security red teaming for AI models stored in JFrog and attach signed results as verifiable proof that comprehensive AI model behavioural testing was completed before deployment.

鈥淎s AI accelerates the pace of software development, developers and their organizations are struggling to ensure the highest levels of code quality and code security,鈥� said Tariq Shaukat, CEO of Sonar. 鈥淪onar鈥檚 partnership with JFrog addresses this challenge by integrating SonarQube鈥檚 industry-leading code analysis with JFrog Evidence, allowing for validated verification of all code, whether AI-generated or developer-written. By working together, we are enabling organizations to build high-quality, compliant software that fully embraces the speed of AI-driven development.鈥�

Companies interested in learning more about JFrog Evidence and how it works with JFrog AppTrust should read , visit our , or register for the 鈥淎ppTrust, AI Catalog and more鈥� webinar on October 9 at 9 AM PT. For more information on how to join JFrog鈥檚 AppTrust evidence partner ecosystem visit .

Like this Story? Tweet this: In the agentic AI era, every agent must have verifiable proof before proceeding with a release. @JFrog AppTrust and its evidence ecosystem provides a trusted, auditable, single source of truth for the entire SDLC, ensuring transparency, control, and confidence at every step. Learn more #DevSecOps #security #softwaresupplychain

About JFrog

JFrog Ltd. (Nasdaq: FROG), the creators of the unified DevOps, DevSecOps and MLOps platform, is on a mission to create a world of software delivered without friction from developer to production. Driven by a 鈥淟iquid Software鈥� vision, the JFrog Software Supply Chain Platform is a single system of record that powers organizations to build, manage, and distribute software quickly and securely, that is available, traceable, and tamper-proof. Integrated security features also help identify, protect, and remediate against threats and vulnerabilities. JFrog鈥檚 hybrid, universal, multi-cloud platform is available as both SaaS services across major cloud service providers and self-hosted. Millions of users and 7K+ customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely embrace digital transformation. Learn more at or follow us on X @JFrog.

Cautionary Note About Forward-Looking Statements

This press release contains 鈥渇orward-looking鈥� statements, as that term is defined under the U.S. federal securities laws, including, but not limited to, statements regarding our expectations with respect to the anticipated performance of the JFrog AppTrust Evidence Ecosystem, and the ability of JFrog and its partners to successfully collect and share software attestations.

These forward-looking statements are based on our current assumptions, expectations and beliefs and are subject to substantial risks, uncertainties, assumptions and changes in circumstances that may cause JFrog鈥檚 actual results, performance or achievements to differ materially from those expressed or implied in any forward-looking statement. There are a significant number of factors that could cause actual results, performance or achievements to differ materially from statements made in this press release, including but not limited to risks detailed in our filings with the Securities and Exchange Commission, including in our annual report on Form 10-K for the year ended December 31, 2024, our quarterly reports on Form 10-Q, and other filings and reports that we may file from time to time with the Securities and Exchange Commission. Forward-looking statements represent our beliefs and assumptions only as of the date of this press release. We disclaim any obligation to update forward-looking statements except as required by law.聽

View source version on businesswire.com:

Media Contact:

Siobhan Lyons, Director, Global Communications, JFrog, [email protected]



Investor Contact:

Jeff Schreiner, VP of Investor Relations, JFrog, [email protected]

Source: JFrog Ltd.