Operations | Monitoring | ITSM | DevOps | Cloud

We are delighted to share the exciting news that JFrog has earned the “Deployed on AWS” badge in AWS Marketplace, marking yet another milestone in our journey of innovation and collaboration with Amazon Web Services (AWS). This achievement underscores our commitment to providing cutting-edge solutions that leverage AWS’s robust infrastructure to enhance the user experience and drive efficiency.

Attestations, or as we like to call them, evidence, are a critical piece to proving software supply chain integrity and security. However, without the right tools and processes, reviewing and verifying attestations can be time-consuming. At JFrog, we’re deeply committed to empowering developers, DevOps, and Security teams to make these complex workstreams as simple as possible.

Good news! You no longer have to be a DevOps or JFrog expert to harness the power of the JFrog Software Supply Chain Platform. With the introduction of JFrog’s MCP Server, we’re making the JFrog Platform accessible to your favorite large language models (LLMs). Now, every developer can take advantage of the detailed security and package information available in JFrog, such as vulnerability data from the JFrog Catalog, without needing to context-switch.

If there’s one thing we’ve learned from years of working with innovators across industries, it’s this: Progress happens when people come together—not just to showcase, but to share, ask questions, challenge one another, push both themselves and the industry to the next level, and co-create.

The JFrog Security Research team has recently discovered and disclosed CVE-2025-6514 – a critical (CVSS 9.6) security vulnerability in the mcp-remote project – a popular tool used by Model Context Protocol clients. The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it initiates a connection to an untrusted MCP server, posing a significant risk to users – a full system compromise.