JFrog has been named a Chief in Gartner’s first Magic Quadrant for Software program Provide Chain Safety and ranked highest for Means to Execute within the new class.
The popularity provides JFrog a distinguished place in a market drawing elevated consideration as corporations face rising dangers throughout software program growth pipelines, open-source dependencies and AI-related belongings.
Software program provide chain safety has climbed the agenda as attackers more and more goal the instruments, packages and workflows used to create software program, slightly than solely completed functions. The emergence of AI-generated code and wider use of machine studying fashions has added one other layer of governance and oversight for big organisations.
JFrog’s strategy centres on managing and securing software program artefacts, binaries and AI belongings all through growth and deployment. Its platform is on the market in software-as-a-service, on-premises and hybrid codecs.
The corporate highlighted a number of product areas that contributed to its market place, together with software program composition evaluation, open-source licence compliance, third-party governance, software program invoice of supplies administration, risk intelligence and binary artefact administration. It additionally pointed to instruments designed to handle the usage of AI fashions and agent-based growth in enterprise environments.
AI governance
JFrog linked its market place to a broader shift in safety priorities as AI turns into extra deeply embedded in software program growth. It argued that visibility over code repositories alone is now not sufficient when organisations are additionally importing fashions, packages and automatic instruments from exterior sources.
JFrog cited findings from its 2026 Software program Provide Chain Safety State of the Union report displaying rising strain on growth and safety groups. The findings included 177,000 new malicious packages detected and a 451% year-on-year rise in malicious npm packages.
The report additionally discovered that attackers are focusing on AI fashions, agentic instruments and developer workflows, whereas many organisations proceed to supply AI fashions from untrusted repositories. In response to JFrog, this has created a governance hole that many current safety instruments don’t handle.
A number of of the capabilities highlighted by JFrog mirror that concern. These embrace JFrog Curation, supposed to dam dangerous open-source elements earlier than they enter software program environments, and JFrog AI Catalog and MCP Server, which applies current software program safety controls to AI belongings.
It additionally pointed to JFrog AppTrust, designed to supply audit trails and coverage enforcement data, together with expanded SBOM proof capabilities supporting VEX aligned to CycloneDX and SPDX 3.0. These options are geared toward clients and regulators searching for proof that vulnerabilities have been assessed and danger choices documented.
Government view
Shlomi Ben Haim, Co-Founder and Chief Government Officer of JFrog, stated the corporate sees a structural change in how software program engineering and safety are converging.
“Software program Engineering is evolving into Software program Provide Chain Engineering. In the present day’s builders and safety groups carry a far larger duty: not solely to construct software program, however to construct software program that may be trusted in a hybrid world of human and AI brokers. Whereas that is Gartner’s first Magic Quadrant for this class, JFrog has been pioneering software program provide chain safety for years. We recognised early that pace alone is just not sufficient – organisations want a holistic platform that delivers pace, safety, and governance throughout the complete software program lifecycle,” Ben Haim stated.
He additionally linked the shift to the expansion of AI-assisted software program creation and the ensuing enlargement of the assault floor.
“The AI period is accelerating software program creation. Enterprises are delivery quicker, and more and more counting on AI-generated code, fashions, and autonomous movement. Because of this, the functions and scanners themselves are now not the first goal, however the software program provide chain that creates and delivers it’s. Organisations want a single supply of fact that governs each binary, each bundle, each mannequin, and each agent ability from the second it enters the pipeline till the second it runs in manufacturing. That’s exactly what JFrog was constructed to ship. We’re honored to be recognised by Gartner, not just because we consider it validates our imaginative and prescient, however as a result of it displays the belief our clients place in us every single day to safe and energy the world’s software program provide chains,” he stated.
JFrog stated it serves about 6,600 organisations worldwide, together with a majority of the Fortune 100, underscoring the size at which software program provide chain controls are actually being adopted.