JFrog Debuts Latest Series of Capabilities for ML and Software Management and Security

JFrog, the Liquid Software company and creators of the JFrog Software Supply Chain Platform, is announcing a myriad of new capabilities—ranging from machine learning (ML) management to DevOps-centric security and automation—that will be added to its platform.

ML Model Management, an industry-first set of functionality engineering to optimize the management and security of ML models, aligns AI deliveries with an enterprise’s existing DevOps and DevSecOps practices for more secure, governed ML releases.

Targeting the growing disparity between the production of ML models and present challenges—including cost and the lack of automation, expertise, and scalability—ML Model Management offers a single system of record to automate and optimize ML development, management, and security.

“It's no surprise that ML and AI are pretty buzzy at the moment,” said Sean Pratt, senior product marketing manager at JFrog. “But we noticed that our user base were…already using JFrog for all of the other binaries and components in their software releases, and it's the natural place for them to want to put their ML models as they're working on them and developing them. At the end of the day, a model is just another binary and another component that needs to be incorporated in a modern software release. “

Currently available in beta for JFrog Cloud customers, ML Model Management offers the following capabilities:

  • Identify and block utilization of malicious ML models
  • Scan ML model licenses for company policy compliance
  • Bundle and distribute ML models as part of any software release
  • Store home-grown or internally augmented ML models with comprehensive access controls and versioning history
  • Native connection with Hugging Face—a popular public ML repository—to proxy and cache open source AI models that companies already rely on for accelerate development, production, and increased protection

“It allows you to really manage all of your software artifacts, components, binaries, packages, etc., in one place, as opposed to having to try and track all that stuff in different tools and spaces,” explained Pratt. “It [also] introduces DevOps best practices into machine learning development. The other thing is that, because organizations nowadays are obviously looking to get the most juice from the squeeze in terms of the solutions that they've already invested in, instead of having to try to find another solution, you can take advantage of something they already have in place [JFrog].”

In addition to ML Model Management, JFrog is unveiling a series of capabilities that set the standard for quality, security, MLOps, and software release integrity, according to the vendor.

Forwarding a true shift-left strategy, JFrog is releasing Static Application Security Testing (SAST), Open Source Software (OSS) Catalog, and Release Lifecycle Management (RLM) capabilities.

SAST is designed to seamlessly integrate with numerous developer environments, ultimately driving faster and more accurate source code scanning for zero-day security vulnerabilities. It also helps to prevent false positives and aids in prioritizing remediation via contextual analysis. 

“The way we think about delivering application security is that it's not a point in time type of thing. It's not a point solution,” said Pratt. “It really needs to be a holistic approach that occurs before a developer even starts bringing in third party packages or writing code, all the way through the development, the build, the packaging, and promoting your potential releases…to when it's running in production.”

JFrog’s OSS Catalog, as part of JFrog Curation, equips users with a searchable index of software packages, located within the JFrog UI or API. Supported by both public and JFrog data, the OSS Catalog delivers rapid insights into the security and risk metadata harbored within OSS packages.

Like ML Model Management’s bundle capabilities for ML models, JFrog’s RLM enables users to create an immutable “Release Bundle” that defines a software package and its components earlier in the software development lifecycle. This centralizes a single source of truth for each application, further amplified by anti-tampering systems, compliance checks, and evidence capture for collecting data on release bundles throughout its lifecycle.

“With the alarming rise of software supply chain attacks, securing at the binary level with immutable software bundles is a must because it’s the only way to certify that what you’re releasing is safe for use,” said Asaf Karas, CTO at JFrog Security. “By providing a comprehensive platform that is developer-friendly and enterprise-ready—with security baked in at every phase, backed by an expert team of security researchers always watching for emerging threats—we can better arm companies to innovate faster with peace of mind in knowing their software is safe for use both today, and tomorrow.” 

To learn more about JFrog’s latest releases please visit