Software supply chain company JFrog Ltd. today announced a new range of product releases that it’s calling a turning point in how enterprises deliver, secure and govern artificial intelligence software.

The new releases, announced at the JFrog swampUP 2025 conference in Napa, California, include JFrog Fly, JFrog AppTrust, a new Evidence Ecosystem, agentic remediation capabilities and the JFrog AI Catalog. Each new release is designed to strengthen the software supply chain for an era where human and AI-driven development coexist.

The first release, JFrog Fly, introduces what the company describes as the industry’s first “agentic repository,” a zero-configuration environment built to accelerate AI-driven software delivery. It integrates with platforms such as GitHub Copilot, Claude Code and Cursor Technologies Inc. to give developers a way to manage agentic artifacts, automate tech-stack detection and apply semantic release metadata without breaking workflow. According to JFrog, the goal of Fly is to reduce manual overhead so development teams can ship software at the pace of AI coding.

Complementing Fly is JFrog AppTrust, which the company is pitching as the world’s first “DevGovOps” solution. AppTrust automates audit and compliance requirements by collecting and signing evidence from across the software development lifecycle to establish a single source of truth for release governance. The platform provides evidence-based policies, contextual insights and automated promotion gates through integrations with ServiceNow Inc., SonarSource S.A. and other partners to allow enterprises to balance speed and trust in their release pipelines.

The company also announced its Evidence Ecosystem, a network of partner integrations that extend AppTrust’s capabilities. It captures attestations from companies including GitHub Inc., ServiceNow, Sonar, Gradle Inc., CoGuard Inc. and Troj.ai Inc.

The contributions cover everything from build provenance and code quality to deployment approvals and AI model security testing. JFrog aims to reduce compliance burdens while creating a verifiable audit trail for every release by standardizing and cryptographically signing this evidence.

On the security front, the company announced new agentic remediation features for its MCP Server service that the company launched in July. The new features introduce self-healing supply chain workflows that allow vulnerabilities to be detected and patched automatically in the integrated development environment, with fixes generated in line with enterprise security policies.

JFrog describes the new Model Context Protocol support features as a shift from reactive patching to proactive, continuous remediation and a way to immunize codebases against recurring risks while keeping developers focused on innovation.

The last release today, JFrog AI Catalog, is a central hub for discovering, governing and deploying AI models. The catalog provides model lineage tracking, compliance enforcement and one-click deployment across environments or to providers such as OpenAI, Anthropic PBC and Amazon Web Services Inc. The idea is that by consolidating AI models, datasets and metadata, the catalog can help enterprises accelerate adoption of AI while ensuring security and regulatory alignment.

Photo: JFrog