JFrog

Sources: JFrog (homepage) · JFrog Security Research · 2026 SSC report announcement (BusinessWire)

JFrog is a software supply chain platform vendor, built around the Artifactory binary repository and a security suite (Xray, Advanced Security) that scans artifacts, dependencies, and AI/ML model files. Its platform is the system of record for thousands of organizations, including most of the Fortune 100, which gives it telemetry across billions of software artifacts.

On this wiki JFrog appears mainly as a measurement source for software-supply-chain risk. Its JFrog Security Research team publishes the annual Software Supply Chain Security State of the Union, the first-party origin of the malicious-npm surge figure, the annual CVE-volume count, the malicious Hugging Face model tally, and the agentic developer-tooling attack-surface counts cited across Slopsquatting, the SDLC in the AI-Attacker Era thesis, and AI-Era Supply Chain Hardening. The precise figures and their page references live on the report summary.