AGENDA
The Annual DevOps, DevSecOps, MLOps User Conference
Plan your schedule for swampUP 2025 and reserve your spot before sessions reach capacity!
September 8-10, 2025
Day 1
September 9th
Day 2
September 10th
0
7:30 AM
7:30 AM
Registration
Vintner's Dining Room
1
8:30 AM
8:30 AM
From Code to Runtime: Protecting Your Software Supply Chain
Salon A
Managing your software supply chain from code inception to runtime deployment is crucial for security, compliance, and efficiency. This workshop will guide you through best practices to serve as the gatekeeper of your supply chain, embedding security, automating processes, and ensuring compliance throughout the SDLC.
Key Skills Learned:
• Understand the essentials of securing your software supply chain.
• Identify and mitigate common risks and vulnerabilities in the supply chain.
• Integrate security practices throughout your SDLC (e.g., code review, dependency management, artifact scanning).
• Leverage JFrog tools like Xray and JFrog Advanced Security for secure artifact management.
• Automate security and compliance checks, and streamline deployment.
• Implement real-time monitoring and incident response strategies.
Who Should Attend?
• Software Developers and Engineers
• DevOps Professionals
• Security Engineers
• Project Managers & Team Leaders
Take control of your software supply chain - secure, streamline, and safeguard the journey from code to runtime.
Managing your software supply chain from code inception to runtime deployment is crucial for security, compliance, and efficiency. This workshop will guide you through best practices to serve as the gatekeeper of your supply chain, embedding security, automating processes, and ensuring compliance throughout the SDLC.
Key Skills Learned:
• Understand the essentials of securing your software supply chain.
• Identify and mitigate common risks and vulnerabilities in the supply chain.
• Integrate security practices throughout your SDLC (e.g., code review, dependency management, artifact scanning).
• Leverage JFrog tools like Xray and JFrog Advanced Security for secure artifact management.
• Automate security and compliance checks, and streamline deployment.
• Implement real-time monitoring and incident response strategies.
Who Should Attend?
• Software Developers and Engineers
• DevOps Professionals
• Security Engineers
• Project Managers & Team Leaders
Take control of your software supply chain - secure, streamline, and safeguard the journey from code to runtime.
2
8:30 AM
8:30 AM
JFrog Artifactory Foundations: Optimize & Secure Your Software Pipeline
Salon K
Development teams struggle with securing artifacts, automating complex workflows, and maintaining compliance across various stages of the software development lifecycle (SDLC). This workshop addresses those challenges by showing you how to effectively use JFrog tools - Artifactory and Xray - to streamline and secure your SSC, making it easier to automate processes, identify vulnerabilities, and integrate security from start to finish.
Key Skills Learned:
• Use JFrog tools to manage, secure, and automate your software supply chain.
• Set up and manage repositories and automate CI/CD pipelines efficiently.
• Implement security best practices across your software lifecycle.
Who Should Attend?
• DevOps Engineers looking to integrate security into their workflows.
• Security Engineers focused on strengthening their software supply chain.
• Software Engineers interested in automating and securing their delivery pipelines.
Join us to improve your DevSecOps practices and secure your software supply chain from start to finish.
Development teams struggle with securing artifacts, automating complex workflows, and maintaining compliance across various stages of the software development lifecycle (SDLC). This workshop addresses those challenges by showing you how to effectively use JFrog tools - Artifactory and Xray - to streamline and secure your SSC, making it easier to automate processes, identify vulnerabilities, and integrate security from start to finish.
Key Skills Learned:
• Use JFrog tools to manage, secure, and automate your software supply chain.
• Set up and manage repositories and automate CI/CD pipelines efficiently.
• Implement security best practices across your software lifecycle.
Who Should Attend?
• DevOps Engineers looking to integrate security into their workflows.
• Security Engineers focused on strengthening their software supply chain.
• Software Engineers interested in automating and securing their delivery pipelines.
Join us to improve your DevSecOps practices and secure your software supply chain from start to finish.
3
8:30 AM
8:30 AM
Mastering Scalable Architectures for Global Enterprises with JFrog
Salon J
As enterprises scale their operations globally, creating architectures that are resilient, available, and adaptable to hybrid and multi-cloud environments becomes critical. This workshop dives into designing scalable, enterprise-level SDLC architectures, leveraging JFrog tools to meet the complex needs of modern digital ecosystems. You’ll gain hands-on experience in addressing performance, redundancy, and global collaboration challenges while ensuring operational efficiency.
Key Skills Learned:
• Articulate the key components and benefits of an enterprise-scale architecture for your organization.
• Implement scalable solutions that enhance reliability and resilience across multi-cloud environments.
• Select and design deployment topologies that meet enterprise-specific requirements.
• Anticipate and address potential operational, security, and compliance challenges.
• Create a blueprint that supports operational continuity and global collaboration.
Who Should Attend:
• DevOps and IT Architects.
• Principal and Senior Engineers.
• Systems Administrators.
• Network Engineers.
• IT Decision-Makers.
Start architecting for the future of enterprise-scale success!
As enterprises scale their operations globally, creating architectures that are resilient, available, and adaptable to hybrid and multi-cloud environments becomes critical. This workshop dives into designing scalable, enterprise-level SDLC architectures, leveraging JFrog tools to meet the complex needs of modern digital ecosystems. You’ll gain hands-on experience in addressing performance, redundancy, and global collaboration challenges while ensuring operational efficiency.
Key Skills Learned:
• Articulate the key components and benefits of an enterprise-scale architecture for your organization.
• Implement scalable solutions that enhance reliability and resilience across multi-cloud environments.
• Select and design deployment topologies that meet enterprise-specific requirements.
• Anticipate and address potential operational, security, and compliance challenges.
• Create a blueprint that supports operational continuity and global collaboration.
Who Should Attend:
• DevOps and IT Architects.
• Principal and Senior Engineers.
• Systems Administrators.
• Network Engineers.
• IT Decision-Makers.
Start architecting for the future of enterprise-scale success!
4
8:30 AM
8:30 AM
GitHub Actions for JFrog: Streamlining Workflows and Enhancing Security
Salon H
This workshop provides a comprehensive exploration of integrating the Jfrog Platform with GitHub to optimize your software development lifecycle. Through hands-on exercises, participants will learn how to leverage GitHub Actions to automate workflows and connect them seamlessly with JFrog for efficient artifact management, CI/CD, and security. The session will cover essential practices for secure authentication, build information management, and vulnerability scanning, demonstrating how these integrations streamline development processes and enhance collaboration.
Key Skills Learned:
- OIDC Authentication: understand and implement OpenID Connect (OIDC) for secure authentication between GitHub and JFrog.
- GitHub Actions Automation: learn to automate CI/CD workflows using GitHub Actions and integrate them with the JFrog platform.
- JFrog Advanced Security Integration: discover how to integrate JFrog Advanced Security with GitHub Advanced Security for comprehensive vulnerability scanning and remediation.
- Source Code Scanning: bulk Installation across multiple repositories.
Who Should Attend:
- Software Developers & Engineers
- DevOps Professionals
- Security Engineers
- Team Leaders & Project Managers
Enhance your software development process by integrating JFrog and GitHub to automate workflows, improve security, and streamline artifact management.
This workshop provides a comprehensive exploration of integrating the Jfrog Platform with GitHub to optimize your software development lifecycle. Through hands-on exercises, participants will learn how to leverage GitHub Actions to automate workflows and connect them seamlessly with JFrog for efficient artifact management, CI/CD, and security. The session will cover essential practices for secure authentication, build information management, and vulnerability scanning, demonstrating how these integrations streamline development processes and enhance collaboration.
Key Skills Learned:
- OIDC Authentication: understand and implement OpenID Connect (OIDC) for secure authentication between GitHub and JFrog.
- GitHub Actions Automation: learn to automate CI/CD workflows using GitHub Actions and integrate them with the JFrog platform.
- JFrog Advanced Security Integration: discover how to integrate JFrog Advanced Security with GitHub Advanced Security for comprehensive vulnerability scanning and remediation.
- Source Code Scanning: bulk Installation across multiple repositories.
Who Should Attend:
- Software Developers & Engineers
- DevOps Professionals
- Security Engineers
- Team Leaders & Project Managers
Enhance your software development process by integrating JFrog and GitHub to automate workflows, improve security, and streamline artifact management.
5
12:00 PM
12:00 PM
Training Day Lunch
Vintner's Dining Room
6
1:00 PM
1:00 PM
Foundations of DevSecOps: Avoiding Software Supply Chain Attacks
Salon K
With software supply chain attacks on the rise, security risks have never been more critical. This hands-on workshop focuses on JFrog’s security tools - from shift left to shift right - and how to integrate them into your DevSecOps strategy. We’ll explore how to secure your software supply chain, reduce vulnerabilities, and automate key workflows, ensuring your artifacts and dependencies are safe throughout the development lifecycle.
Key Skills Learned:
• Understand how JFrog tools from Curation to Xray and Advanced security can accelerate your DevSecOps goals.
• Use JFrog security scan capabilities and Developer-Focused Security.
• Gain hands-on experience in configuring repositories, scanning for vulnerabilities, and automating delivery pipelines.
• Implement best practices to secure your software supply chain, reducing the risk of vulnerabilities and improving compliance.
• How to shift security left by embedding security measures early in your SDLC.
Who Should Attend:
• Engineers working across SDLC phases - Development, Automation, DevOps, and SRE.
• Security Engineers focused on securing the software supply chain with the JFrog platform.
Join us to deepen your DevSecOps knowledge and enhance your organization’s security posture with JFrog’s trusted tools.
Sign Up Today!
With software supply chain attacks on the rise, security risks have never been more critical. This hands-on workshop focuses on JFrog’s security tools - from shift left to shift right - and how to integrate them into your DevSecOps strategy. We’ll explore how to secure your software supply chain, reduce vulnerabilities, and automate key workflows, ensuring your artifacts and dependencies are safe throughout the development lifecycle.
Key Skills Learned:
• Understand how JFrog tools from Curation to Xray and Advanced security can accelerate your DevSecOps goals.
• Use JFrog security scan capabilities and Developer-Focused Security.
• Gain hands-on experience in configuring repositories, scanning for vulnerabilities, and automating delivery pipelines.
• Implement best practices to secure your software supply chain, reducing the risk of vulnerabilities and improving compliance.
• How to shift security left by embedding security measures early in your SDLC.
Who Should Attend:
• Engineers working across SDLC phases - Development, Automation, DevOps, and SRE.
• Security Engineers focused on securing the software supply chain with the JFrog platform.
Join us to deepen your DevSecOps knowledge and enhance your organization’s security posture with JFrog’s trusted tools.
Sign Up Today!
7
1:00 PM
1:00 PM
Pavel Klushin
Senior Manager, Solution Engineering
Pavel Klushin is an ML expert with over ten years of expertise in cloud engineering. His work focuses on integrating AI with cloud infrastructures, enhancing performance and driving innovation across various industries.
MLOps in Action: From Experimentation to Production, Delivering AI You Can Trust
MLOps in Action: From Experimentation to Production
Salon J
Integrating machine learning with DevOps practices is essential for organizations to stay competitive. This hands-on workshop will introduce you to JFrog ML and its capabilities, empowering data scientists and DevOps teams to seamlessly manage the end-to-end machine learning lifecycle. Learn to securely build, deploy, and maintain machine learning models with JFrog’s powerful platform, while enhancing collaboration between data scientists and DevOps teams.
Key Skills Learned:
• Seamlessly manage the full ML lifecycle, from experimentation to production, on a single platform.
• Track, compare, and version model experiments for optimized decision-making.
• Leverage JFrog Advanced Security features to scan models for vulnerabilities and ensure compliance.
• Automate training, validation, and deployment processes for faster, more reliable ML results.
• Collaborate effectively between data science and DevOps teams to accelerate model development and deployment.
Who Should Attend:
• Data Scientists.
• DevOps Engineers.
• IT Professionals & Project Managers.
Don’t miss the chance to take your machine learning deployments to the next level. JFrog ML can transform your MLOps processes for greater speed, security, and efficiency.
Integrating machine learning with DevOps practices is essential for organizations to stay competitive. This hands-on workshop will introduce you to JFrog ML and its capabilities, empowering data scientists and DevOps teams to seamlessly manage the end-to-end machine learning lifecycle. Learn to securely build, deploy, and maintain machine learning models with JFrog’s powerful platform, while enhancing collaboration between data scientists and DevOps teams.
Key Skills Learned:
• Seamlessly manage the full ML lifecycle, from experimentation to production, on a single platform.
• Track, compare, and version model experiments for optimized decision-making.
• Leverage JFrog Advanced Security features to scan models for vulnerabilities and ensure compliance.
• Automate training, validation, and deployment processes for faster, more reliable ML results.
• Collaborate effectively between data science and DevOps teams to accelerate model development and deployment.
Who Should Attend:
• Data Scientists.
• DevOps Engineers.
• IT Professionals & Project Managers.
Don’t miss the chance to take your machine learning deployments to the next level. JFrog ML can transform your MLOps processes for greater speed, security, and efficiency.
8
1:00 PM
1:00 PM
Paul Davis
Field CISO
Paul Davis is a distinguished IT security leader with over 20 years of experience shaping secure solutions for organizations worldwide. His career highlights include serving as CISO for a Fortune 10 company, CSO for critical infrastructure sectors, Director of Security Operations at a major stock exchange, and head of a global incident response team.
In his role as Field CISO at JFrog, Paul draws on this extensive expertise to help organizations strengthen their software supply chains and implement end-to-end security. His background encompasses systems engineering, program management, software development, and operations. Paul has successfully launched software companies, developed innovative solutions, and delivered transformative services for global enterprises
Compliant SDLC Without Compromise: Navigating Regulations & Beyond with JFrog, Compliance: The Holy Grail
Compliant SDLC Without Compromise: Navigating Regulations & Beyond with JFrog
Salon H
Maintaining compliance is no longer optional — it’s essential. This workshop guides you through the complexities of compliance regulations while ensuring the security and integrity of your software supply chain. Attendees will explore how JFrog tools, including JFrog Artifactory and JFrog Xray, enable organizations to not only meet regulatory requirements but also establish a culture of compliance excellence. Through hands-on experience, you’ll learn best practices for implementing compliance frameworks within your DevSecOps processes, automate compliance checks, and ensure rigorous security standards are met across the SDLC.
Key Skills Learned:
• Understand the key compliance requirements relevant to software development and deployment, including: NIST, SLSA, DORA, SOX and more
• Use JFrog Artifactory and JFrog Xray to manage open-source and proprietary artifacts while ensuring compliance.
• Automate compliance processes with JFrog CLI, REST APIs, and AQL to streamline workflows and reduce human errors.
• Implement proactive compliance strategies and integrate security measures early in the SDLC.
• Foster a culture of compliance excellence and improve collaboration across security, compliance, and development teams.
• Monitor and report compliance status using JFrog tools for ongoing compliance verification.
Don’t miss out on learning how JFrog can elevate your compliance strategy.
Maintaining compliance is no longer optional — it’s essential. This workshop guides you through the complexities of compliance regulations while ensuring the security and integrity of your software supply chain. Attendees will explore how JFrog tools, including JFrog Artifactory and JFrog Xray, enable organizations to not only meet regulatory requirements but also establish a culture of compliance excellence. Through hands-on experience, you’ll learn best practices for implementing compliance frameworks within your DevSecOps processes, automate compliance checks, and ensure rigorous security standards are met across the SDLC.
Key Skills Learned:
• Understand the key compliance requirements relevant to software development and deployment, including: NIST, SLSA, DORA, SOX and more
• Use JFrog Artifactory and JFrog Xray to manage open-source and proprietary artifacts while ensuring compliance.
• Automate compliance processes with JFrog CLI, REST APIs, and AQL to streamline workflows and reduce human errors.
• Implement proactive compliance strategies and integrate security measures early in the SDLC.
• Foster a culture of compliance excellence and improve collaboration across security, compliance, and development teams.
• Monitor and report compliance status using JFrog tools for ongoing compliance verification.
Don’t miss out on learning how JFrog can elevate your compliance strategy.
9
4:30 PM
4:30 PM
Welcome Reception
Crush lounge
10
7:30 AM
7:30 AM
Registration
Meritage Building - Lobby
11
7:45 AM
7:45 AM
Breakfast
Vintner's Dining Room
12
9:00 AM
9:00 AM
Shlomi Ben Haim Co-founder and CEO
Shlomi is Co-Founder and CEO of JFrog, creators of the universal DevOps platform.
He brings over 20 years of experience in building profitable, high-growth information technology companies.
Prior to JFrog, Shlomi was the CEO of AlphaCSP (acquired in 2005 by MalamTeam) and a Major in the Israeli Air Force.
Shlomi holds an MS from Clark University (Massachusetts, USA) and a BA from Ben-Gurion University (Israel).
The Quantum Shift – Rethink Software Supply Chain
Shlomi is Co-Founder and CEO of JFrog, creators of the universal DevOps platform.
He brings over 20 years of experience in building profitable, high-growth information technology companies.
Prior to JFrog, Shlomi was the CEO of AlphaCSP (acquired in 2005 by MalamTeam) and a Major in the Israeli Air Force.
Shlomi holds an MS from Clark University (Massachusetts, USA) and a BA from Ben-Gurion University (Israel).
The Quantum Shift – Rethink Software Supply Chain
alongside
Tariq Shaukat CEO of Sonar
Tariq Shaukat is CEO of Sonar, the leading provider of code quality and code security solutions, and is a member of Sonar’s Board of Directors. Tariq has extensive experience in growing and scaling private and public companies across many domains, including cloud computing, social media, travel, and entertainment.The Quantum Shift – Rethink Software Supply Chain
,
Tariq Shaukat CEO of Sonar
Tariq Shaukat is CEO of Sonar, the leading provider of code quality and code security solutions, and is a member of Sonar’s Board of Directors. Tariq has extensive experience in growing and scaling private and public companies across many domains, including cloud computing, social media, travel, and entertainment.The Quantum Shift – Rethink Software Supply Chain
, Justin Boitano VP of Enterprise AI at NVIDIAJustin Boitano, VP of Enterprise AI at NVIDIA, where he leads enterprise AI software and cybersecurity software development kit offerings that power modern data centers through full-stack accelerated computing. Since joining NVIDIA in 2008, Justin has led multiple business areas at the company, including product innovation and strategic partnerships across the cybersecurity ecosystem.The Quantum Shift – Rethink Software Supply Chain
and
Rahul Tripathi, GVP & GM, ITSM BU at ServiceNow. Rahul Tripathi leads ServiceNow’s flagship IT Service Management business, driving innovation with AI to modernize enterprise IT operations. With over 25 years in cloud, SaaS, and infrastructure, he’s held leadership roles at Skytap, Nutanix, HPE, and Cisco. At swampUP, Rahul will share how AI-powered ITSM is accelerating DevSecOps outcomes, aligning development, security, and operations teams at scale.The Quantum Shift – Rethink Software Supply Chain
Rahul Tripathi, GVP & GM, ITSM BU at ServiceNow. Rahul Tripathi leads ServiceNow’s flagship IT Service Management business, driving innovation with AI to modernize enterprise IT operations. With over 25 years in cloud, SaaS, and infrastructure, he’s held leadership roles at Skytap, Nutanix, HPE, and Cisco. At swampUP, Rahul will share how AI-powered ITSM is accelerating DevSecOps outcomes, aligning development, security, and operations teams at scale.The Quantum Shift – Rethink Software Supply Chain
The Quantum Shift - Rethink Software Supply Chain
Meritage Ballroom
13
9:45 AM
9:45 AM
Yoav Landman
Co-Founder and CTO
Co-Founder and CTO of JFrog, Yoav is the visionary behind Artifactory, the universal artifact repository manager. Prior to founding JFrog, he spent over a decade as a senior consultant specializing in Distributed Computing and Enterprise Build Systems and held several senior technical roles in global organizations. Yoav holds a master’s degree in computing from RMIT University and a Bachelor of Laws (LL.B) from the University of Haifa.
AI-Driven DevOps Unleashed: The Future Starts Here
AI-Driven DevOps Unleashed: The Future Starts Here
Meritage Ballroom
The future of DevOps is being transformed with autonomous agents. As the world begins to focus on agentic-driven release management, we will soon experience agents driving crucial processes such as building, securing, and deploying packages alongside automated policy enforcement. These agents are not working in silos - they will (and are) communicating with one another, enabling real-time visibility and management of secure pipelines.
In this landmark technical keynote, we will reveal how JFrog is empowering teams to implement this modern approach to agentic software delivery - with minimal manual intervention, and with enhanced security – all in a streamlined release process without losing control!
The future of DevOps is being transformed with autonomous agents. As the world begins to focus on agentic-driven release management, we will soon experience agents driving crucial processes such as building, securing, and deploying packages alongside automated policy enforcement. These agents are not working in silos - they will (and are) communicating with one another, enabling real-time visibility and management of secure pipelines.
In this landmark technical keynote, we will reveal how JFrog is empowering teams to implement this modern approach to agentic software delivery - with minimal manual intervention, and with enhanced security – all in a streamlined release process without losing control!
14
10:15 AM
10:15 AM
Yuval Fernbach
VP, MLOps
Yuval Fernbach is VP and CTO of MLOps at JFrog, where he leads the integration of a fully managed ML platform following JFrog’s acquisition of Qwak, which he co-founded. With deep expertise in AI and infrastructure, Yuval helps teams streamline the entire ML lifecycle, from data prep to deployment, bridging the worlds of MLOps and DevOps for secure, scalable AI delivery.
Trusted AI at Scale: Secure Governance and Scalable Management for Your AI Models
Adel El Hallak
Senior Director Of Product
Adel El Hallak is senior director of product management for NVIDIA AI Enterprise at NVIDIA, responsible for the strategy and delivery of NVIDIA’s supported and secure production AI software platform. Previously, Adel was director of product management for IBM's cognitive systems unit. His mission was to help organizations realize business value with machine and deep learning through optimized hardware and software offerings. During his 14 years at IBM, Adel also held leadership positions across sales and marketing for HPC and advanced analytics. Adel holds a degree in computer science from McGill University and an MBA from Warwick Business School.
Trusted AI at Scale: Secure Governance and Scalable Management for Your AI Models
Trusted AI at Scale: Secure Governance and Scalable Management for Your AI Models
Meritage Ballroom
As AI becomes an indispensable part of modern software applications, managing machine learning models with the same rigor as code and binaries is essential. Yet most organizations still treat models as ad-hoc assets: scattered, untracked, and inconsistently governed, creating potentially serious risks around security, compliance, and operational trust.
Reminding us of yesterday’s OSS package gold rush, today’s ML/AI Models can originate from many sources: custom-built, open-source, and third-party APIs, each with different risks, ownership boundaries, and lifecycle considerations.
In this session, we’ll explore these emerging challenges, and show how advancements in JFrog ML and platform technologies are helping solve them. By treating every type of model as a first-class software artifact, you’ll learn how to integrate model management into your existing DevSecOps pipeline, enable trust by providing visibility, traceability, and evidence-based policy enforcement, and bring the same governance and trust to AI that you already rely on for your software supply chain. It’s time to take back control of AI!
As AI becomes an indispensable part of modern software applications, managing machine learning models with the same rigor as code and binaries is essential. Yet most organizations still treat models as ad-hoc assets: scattered, untracked, and inconsistently governed, creating potentially serious risks around security, compliance, and operational trust.
Reminding us of yesterday’s OSS package gold rush, today’s ML/AI Models can originate from many sources: custom-built, open-source, and third-party APIs, each with different risks, ownership boundaries, and lifecycle considerations.
In this session, we’ll explore these emerging challenges, and show how advancements in JFrog ML and platform technologies are helping solve them. By treating every type of model as a first-class software artifact, you’ll learn how to integrate model management into your existing DevSecOps pipeline, enable trust by providing visibility, traceability, and evidence-based policy enforcement, and bring the same governance and trust to AI that you already rely on for your software supply chain. It’s time to take back control of AI!
15
10:45 AM
10:45 AM
Coffee Break
Meritage Ballroom
16
11:00 AM
11:00 AM
Eyal Dyment
VP, Security
Eyal Dyment leads Security at JFrog, where he is responsible for driving the company’s security product strategy and innovation across the software supply chain. With a deep background in AI, machine learning, and data-driven product development, Eyal brings a unique blend of technical expertise and business acumen to the evolving DevSecOps landscape.
Reimagining Trust in Software Releases: A New Approach to Supply Chain Integrity
Yossi Shaul
SVP, DevOps
Yossi Shaul is the Senior Vice President of DevOps Core at JFrog, where he leads the development of the company's core DevOps platform. With a career spanning over two decades in software engineering and leadership, Yossi has been instrumental in shaping JFrog's comprehensive solutions that integrate DevOps, DevSecOps, and MLOps practices.
Reimagining Trust in Software Releases: A New Approach to Supply Chain Integrity
Anand Ahire
Head of Product Management - ITSM and DevOps
Anand Ahire leads the Product Management organization for IT Service Management and DevOps at ServiceNow. In this role, he shapes and delivers the strategic roadmap for ServiceNow’s DevOps and Value Stream Management (VSM) offerings, empowering enterprises to accelerate release velocity while maintaining rigorous governance.
With over 20 years of experience in technology, Anand has dedicated his career to developing market-leading solutions for developers and IT teams. Prior to ServiceNow, he was Vice President and General Manager at Electric Cloud (acquired by CloudBees) and held product leadership positions at BMC Software, driving innovation and growth across multiple product lines.
Reimagining Trust in Software Releases: A New Approach to Supply Chain Integrity
Kristina Heidinger
Senior Product Manager, Supply Chain Security
Tina is a Senior Product Manager at GitHub. She leads strategic initiatives across build integrity, SDLC security, and secure developer and DevOps workflows. Tina plays a key role in developing products that empower customers to adopt security best practices, such as SLSA provenance, and enforce security policies with minimal disruption to developer workflows. Her work enables organizations to strengthen their security posture while maintaining the agility and efficiency that modern software development demands.
Reimagining Trust in Software Releases: A New Approach to Supply Chain Integrity, Trusted Builds with GitHub and JFrog
Reimagining Trust in Software Releases: A New Approach to Supply Chain Integrity
Meritage Ballroom
Only secure, verified, compliant software should reach production. Full stop. With increasing pressure on modern development teams to deliver across security and compliance requirements, a fully-secured, attestable pipeline demands complete visibility and control across the entire release lifecycle in a single solution.
In this can’t-miss swampUP keynote session, we’ll look at new innovations across JFrog security and platform teams, as well as industry advancements that enable a not just connected, but fully-integrated and robust software supply chain security solution that meets the modern needs of a security-focused, EveryOps reality.
Join us for an exclusive look at how this tectonic security shift reshapes what you thought you knew about application security and governance, helping you unlock new levels of confidence in every release.
Only secure, verified, compliant software should reach production. Full stop. With increasing pressure on modern development teams to deliver across security and compliance requirements, a fully-secured, attestable pipeline demands complete visibility and control across the entire release lifecycle in a single solution.
In this can’t-miss swampUP keynote session, we’ll look at new innovations across JFrog security and platform teams, as well as industry advancements that enable a not just connected, but fully-integrated and robust software supply chain security solution that meets the modern needs of a security-focused, EveryOps reality.
Join us for an exclusive look at how this tectonic security shift reshapes what you thought you knew about application security and governance, helping you unlock new levels of confidence in every release.
17
12:00 PM
12:00 PM
Asaf Karas
CTO, SVP JFrog Security
Asaf Karas is the Chief Technology Officer for Security at JFrog, where he leads the vision and development of advanced DevSecOps solutions that secure the software supply chain from code to runtime. With over two decades of experience, including 14 years in Israel’s Defense Forces and as co-founder of embedded security startup VDOO, Asaf brings deep expertise in vulnerability research and real-world threat mitigation.
At JFrog, he has spearheaded innovations like JFrog Runtime for cloud-native security and partnered with Hugging Face to secure open-source ML models. A recognized thought leader, Asaf is passionate about bridging DevOps and security through intelligent, scalable tools.
Frog-Proof Security: Streamlining The Sec In DevSecOps
Frog-Proof Security: Streamlining The Sec In DevSecOps
Meritage Ballroom
What’s in store for Software Supply Chain security in 2026? With the types of software entering organizations ever-changing, and the volume ever-increasing, DevSecOps teams are facing new, and complex questions at macro and micro levels: How can teams effectively control and curate what enters systems? How can remediation be accelerated, while ensuring accuracy? How will the rising use of AI impact our threat landscape and can DevOps and Security teams truly share ownership of this emerging reality without adding friction?
While no one has a crystal ball, JFrog's leading-edge research and impactful real-world insights provide clarity. Join this session to gain critical foresight into the evolving and future software supply chain security challenges that will redefine how you operate. We will dissect recent, high-impact supply chain attacks to reveal malicious threats, and crucially, equip you with practical, implementable solutions for mitigating both current and emerging risks.
In a world being built for humans and machines side-by-side, your attack surface is morphing daily. Join this session to explore groundbreaking capabilities and new, exciting approaches that smoothly put the “Sec” back in DevSecOps.
What’s in store for Software Supply Chain security in 2026? With the types of software entering organizations ever-changing, and the volume ever-increasing, DevSecOps teams are facing new, and complex questions at macro and micro levels: How can teams effectively control and curate what enters systems? How can remediation be accelerated, while ensuring accuracy? How will the rising use of AI impact our threat landscape and can DevOps and Security teams truly share ownership of this emerging reality without adding friction?
While no one has a crystal ball, JFrog's leading-edge research and impactful real-world insights provide clarity. Join this session to gain critical foresight into the evolving and future software supply chain security challenges that will redefine how you operate. We will dissect recent, high-impact supply chain attacks to reveal malicious threats, and crucially, equip you with practical, implementable solutions for mitigating both current and emerging risks.
In a world being built for humans and machines side-by-side, your attack surface is morphing daily. Join this session to explore groundbreaking capabilities and new, exciting approaches that smoothly put the “Sec” back in DevSecOps.
18
12:30 PM
12:30 PM
Lunch
Vintner's Dining Room
19
1:30 PM
1:30 PM
Yonatan Arbel
Developer Advocate
A software developer with rich experience spanning over 12 years. For the past 7.5 years, I have been a valuable member of the JFrog team, a prominent tech company. Over the years, I progressed through the organization and eventually found my place within the Infrastructure group.
I have a genuine passion for technology, which has been a guiding force throughout my 12-year career. My work at JFrog has included significant contributions to the development of the JFrog Platform.
My journey is a testament to my dedication and the opportunities that the tech industry offers to those who are eager to learn and grow. As a speaker, I am excited to share my experiences and insights with others in the tech community.
The JFrog AI Journey: From ‘jf how’ to Secure Remote MCP
The JFrog AI Journey: From ‘jf how’ to Secure Remote MCP
Salon A
Join Yonatan on a journey through JFrog’s AI evolution, from the humble beginnings of the ‘jf how’ CLI command, built to answer simple questions, to today’s powerful and secure remote MCP server. He’ll explore the milestones, challenges, and breakthroughs that brought AI deeper into JFrog’s products, from integrating with GitHub Copilot to enabling contextual ‘Ask AI’ features, and now delivering secure, real-time remote actions directly in your development environment. The session will conclude with a live demo of a full MCP remote installation. No worries, it only takes a few minutes, and you’ll be ready to go.
Join Yonatan on a journey through JFrog’s AI evolution, from the humble beginnings of the ‘jf how’ CLI command, built to answer simple questions, to today’s powerful and secure remote MCP server. He’ll explore the milestones, challenges, and breakthroughs that brought AI deeper into JFrog’s products, from integrating with GitHub Copilot to enabling contextual ‘Ask AI’ features, and now delivering secure, real-time remote actions directly in your development environment. The session will conclude with a live demo of a full MCP remote installation. No worries, it only takes a few minutes, and you’ll be ready to go.
20
1:30 PM
automation
1:30 PM
automation
Charles Crowder
Senior Engineering Manager
Charles Crowder is a Senior Engineering Manager at Cisco on Splunk's SDLC Infrastructure team, and has been with Splunk for 6 years working both as an IC delivering cloud infrastructure, and now as a leader within SDLC.
When not at work, he enjoys family time with his daughter and hobbies like 3D printing, photography, and mountain biking.
Artifactory self-hosted Observability with OpenTelemetry & Splunk O11y
Artifactory self-hosted Observability with OpenTelemetry & Splunk O11y
Salon K
Learn how the Splunk team provides Observability for their Artifactory & X-Ray infrastructure using OpenTelemtry, Splunk, and Splunk O11y Cloud to:
- Emit metrics and integrations to Splunk 011y Cloud
- Define detectors, dashboards, and alerts in Splunk O11y Cloud via Terraform
- Emit logs to Splunk Cloud / Enterprise via OpenTelemetry collector or Splunk UF
- Overview of data sources, reports, & dashboards
Learn how the Splunk team provides Observability for their Artifactory & X-Ray infrastructure using OpenTelemtry, Splunk, and Splunk O11y Cloud to:
- Emit metrics and integrations to Splunk 011y Cloud
- Define detectors, dashboards, and alerts in Splunk O11y Cloud via Terraform
- Emit logs to Splunk Cloud / Enterprise via OpenTelemetry collector or Splunk UF
- Overview of data sources, reports, & dashboards
21
1:30 PM
1:30 PM
Jeremy Adams
Head of Ecosystem
Jeremy is a senior leader with both a technical and a strategic streak. Passionate about people and entrepreneurship, integration and automation. Through technical/business roles at Dagger, GitHub, Twistlock, and Puppet, Jeremy has both zoomed in and zoomed out a lot, acquiring an appreciation for the details and an ever-broader sense of the big architectural picture.
Zero to Hero: Self-Healing CI/CD with JFrog, Dagger, and AI Agents
Zero to Hero: Self-Healing CI/CD with JFrog, Dagger, and AI Agents
Salon J
What if your CI/CD pipelines could fix themselves? What if they understood why a deployment failed, rolled back safely, and then proposed the correct fix? Join us for a hands-on technical session showcasing how JFrog Artifactory, Dagger’s portable pipelines, and an LLM-powered AI agent combine to create an intelligent, adaptive platform for shipping software fast, safely, and globally.
We’ll walk through a live scenario such as:
- An app build fails in CI.
- An AI agent (backed by a local LLM) inspects the failure, correlates logs, build metadata, and deployment artifacts.
- It proposes a fix in code (using Dagger Functions), regenerates the pipeline on the fly, and pushes the corrected artifact to JFrog.
You’ll leave with a blueprint for building your own self-healing pipeline systems using the best of artifact management, containerized pipeline portability, and developer-first AI.
What if your CI/CD pipelines could fix themselves? What if they understood why a deployment failed, rolled back safely, and then proposed the correct fix? Join us for a hands-on technical session showcasing how JFrog Artifactory, Dagger’s portable pipelines, and an LLM-powered AI agent combine to create an intelligent, adaptive platform for shipping software fast, safely, and globally.
We’ll walk through a live scenario such as:
- An app build fails in CI.
- An AI agent (backed by a local LLM) inspects the failure, correlates logs, build metadata, and deployment artifacts.
- It proposes a fix in code (using Dagger Functions), regenerates the pipeline on the fly, and pushes the corrected artifact to JFrog.
You’ll leave with a blueprint for building your own self-healing pipeline systems using the best of artifact management, containerized pipeline portability, and developer-first AI.
22
1:30 PM
AI/ML
1:30 PM
AI/ML
Mohammad Saheer Padinharayil
Manager | AI & Cloud Security Enthusiast
AI security and cloud-native pipeline expert with about a decade of experience in building scalable, secure ML platforms. Currently leading Payment Integrity and Automation efforts at CVS Health with a focus on ML governance and infrastructure. Frequent speaker on GCP, AI/ML and enterprise-scale MLOps.
Securing AI Models and ML Pipelines: Best Practices and Pitfalls to Avoid
Securing AI Models and ML Pipelines: Best Practices and Pitfalls to Avoid
Salon H
As machine learning becomes integral to modern applications, the attack surface for AI systems is rapidly expanding. From data poisoning and model inversion to supply chain vulnerabilities in ML pipelines, the risks are real—and often overlooked.
In this session, we'll explore key challenges in securing the AI lifecycle. You’ll learn how adversaries exploit weaknesses in model training, deployment, and inference stages—and how to counter them with practical strategies.
We’ll walk through:
-Threat modeling for ML pipelines
-Secure model training and deployment using ML tools
-Proven strategies for securing data inputs, model artifacts, and dependencies
-CI/CD best practices for AI/ML, including policy enforcement and SBOMs
-Real-world case studies of AI system compromises—and what we can learn from them
This talk will give you the actionable insight to evaluate and secure your own AI initiatives, ensuring trust and compliance in an era where AI is not just an asset, but a potential liability.
As machine learning becomes integral to modern applications, the attack surface for AI systems is rapidly expanding. From data poisoning and model inversion to supply chain vulnerabilities in ML pipelines, the risks are real—and often overlooked.
In this session, we'll explore key challenges in securing the AI lifecycle. You’ll learn how adversaries exploit weaknesses in model training, deployment, and inference stages—and how to counter them with practical strategies.
We’ll walk through:
-Threat modeling for ML pipelines
-Secure model training and deployment using ML tools
-Proven strategies for securing data inputs, model artifacts, and dependencies
-CI/CD best practices for AI/ML, including policy enforcement and SBOMs
-Real-world case studies of AI system compromises—and what we can learn from them
This talk will give you the actionable insight to evaluate and secure your own AI initiatives, ensuring trust and compliance in an era where AI is not just an asset, but a potential liability.
23
2:10 PM
2:10 PM
Break
The swamp
24
2:30 PM
2:30 PM
Paul Davis
Field CISO
Paul Davis is a distinguished IT security leader with over 20 years of experience shaping secure solutions for organizations worldwide. His career highlights include serving as CISO for a Fortune 10 company, CSO for critical infrastructure sectors, Director of Security Operations at a major stock exchange, and head of a global incident response team.
In his role as Field CISO at JFrog, Paul draws on this extensive expertise to help organizations strengthen their software supply chains and implement end-to-end security. His background encompasses systems engineering, program management, software development, and operations. Paul has successfully launched software companies, developed innovative solutions, and delivered transformative services for global enterprises
Compliant SDLC Without Compromise: Navigating Regulations & Beyond with JFrog, Compliance: The Holy Grail
Compliance: The Holy Grail
Salon A
In this session, we’ll explore why compliance remains one of the most elusive challenges in modern software supply chains and what’s finally evolving.
You’ll learn the most common compliance requirements, why tracking them across fast-moving DevSecOps environments is so complex, and why legacy approaches often fall short.
We’ll share practical strategies from SBOM generation to automated evidence collection that help meet compliance goals without slowing down innovation.
We’ll also look ahead to what's next: continuous compliance posture monitoring, integrated trust signals, and how embedding security into the SDLC can eliminate the need for reactive patching to help you build secure, compliant software from the start.
In this session, we’ll explore why compliance remains one of the most elusive challenges in modern software supply chains and what’s finally evolving.
You’ll learn the most common compliance requirements, why tracking them across fast-moving DevSecOps environments is so complex, and why legacy approaches often fall short.
We’ll share practical strategies from SBOM generation to automated evidence collection that help meet compliance goals without slowing down innovation.
We’ll also look ahead to what's next: continuous compliance posture monitoring, integrated trust signals, and how embedding security into the SDLC can eliminate the need for reactive patching to help you build secure, compliant software from the start.
25
2:30 PM
2:30 PM
Krishna Nadiminti
Developer Experience Leader
Krishna Nadiminti leads Developer Experience at NVIDIA, focusing on improving developer productivity and application lifecycle efficiency. She is an award-winning leader recognized across the tech industry for her contributions to engineering excellence and innovation.
Enterprise-Scale Artifact Management for Modern AI/ML
Ulili Nhaga
Principal Architect at NVIDIA
Ulili Nhaga is a Principal Cloud Application Architect at Amazon Web Services (AWS) in San Diego, California and an AWS re:Invent 2021 Speaker. He helps customers migrate, modernize, architect, and build highly scalable cloud-native applications on AWS. Outside of work, Ulili loves playing soccer, running, cycling, Brazilian BBQ, and enjoying time on the beach.
Enterprise-Scale Artifact Management for Modern AI/ML
Enterprise-Scale Artifact Management for Modern AI/ML
Salon K
As enterprise AI adoption accelerates, artifact management evolves from simple asset storage to a strategic enabler powering modern AI/ML pipelines. Organizations now face massive binaries, unpredictable CI/CD workloads, rapid model iteration, and GPU-accelerated development all requiring a scalable, resilient artifact management strategy.
This session shares proven DevOps patterns and lessons from real-world transformations, offering a blueprint for building cloud-native, hyper-scale artifact platforms that meet the demands of industrial-scale AI.
Key Industry Takeaways and Practices:
- Scaling for Hyper-Growth
- Metrics-Driven SRE: Observability for Reliability
- Best Practices for AI Artifact Management
- Operationalizing AI Model Supply Chains at Scale
The session will also highlight how advanced artifact platforms such as managing NVIDIA AI modules within JFrog streamline enterprise GPU workloads and accelerate trusted AI outcomes.
As enterprise AI adoption accelerates, artifact management evolves from simple asset storage to a strategic enabler powering modern AI/ML pipelines. Organizations now face massive binaries, unpredictable CI/CD workloads, rapid model iteration, and GPU-accelerated development all requiring a scalable, resilient artifact management strategy.
This session shares proven DevOps patterns and lessons from real-world transformations, offering a blueprint for building cloud-native, hyper-scale artifact platforms that meet the demands of industrial-scale AI.
Key Industry Takeaways and Practices:
- Scaling for Hyper-Growth
- Metrics-Driven SRE: Observability for Reliability
- Best Practices for AI Artifact Management
- Operationalizing AI Model Supply Chains at Scale
The session will also highlight how advanced artifact platforms such as managing NVIDIA AI modules within JFrog streamline enterprise GPU workloads and accelerate trusted AI outcomes.
26
2:30 PM
2:30 PM
Ronny Belenitsky
Director of Product
Ronny is a Product Director at JFrog, where he leads strategic initiatives across DevSecOps and SDLC innovation. With a strong background in cloud-native technologies and application lifecycle management, Ronny plays a key role in shaping products that empower enterprise engineering teams to build and release software more quickly and securely.
Prior to JFrog, Ronny was the VP of Product at Titan, where he scaled product organizations, launched market-leading solutions, and drove enterprise adoption globally. He brings over 15 years of experience in building impactful software products, combining technical depth with strategic vision.
Trusted Builds with GitHub and JFrog, Strengthening SDLC Integrity, Step by Step
Kristina Heidinger
Senior Product Manager, Supply Chain Security
Tina is a Senior Product Manager at GitHub. She leads strategic initiatives across build integrity, SDLC security, and secure developer and DevOps workflows. Tina plays a key role in developing products that empower customers to adopt security best practices, such as SLSA provenance, and enforce security policies with minimal disruption to developer workflows. Her work enables organizations to strengthen their security posture while maintaining the agility and efficiency that modern software development demands.
Reimagining Trust in Software Releases: A New Approach to Supply Chain Integrity, Trusted Builds with GitHub and JFrog
Trusted Builds with GitHub and JFrog
Salon J
In this session, we’ll show you how GitHub and JFrog seamlessly integrate to attest and strengthen build processes, with a holistic, end-to-end software lifecycle approach. Leveraging tools such as GitHub Artifact Attestations, JFrog Evidence Collection, and GitHub Dependabot, we’ll demonstrate how to manage the lifecycle of an attestation across the SDLC from code commit to deployment, helping establish build provenance for GRC and Security workstreams. We’ll also show how the two platforms streamline and integrate DevOps and security workflows for improved developer experience.
In this session, we’ll show you how GitHub and JFrog seamlessly integrate to attest and strengthen build processes, with a holistic, end-to-end software lifecycle approach. Leveraging tools such as GitHub Artifact Attestations, JFrog Evidence Collection, and GitHub Dependabot, we’ll demonstrate how to manage the lifecycle of an attestation across the SDLC from code commit to deployment, helping establish build provenance for GRC and Security workstreams. We’ll also show how the two platforms streamline and integrate DevOps and security workflows for improved developer experience.
27
2:30 PM
2:30 PM
Ricardo Aravena
Cloud Infrastructure Lead
Ricardo is making daily impactful contributions as an AI Infrastructure Lead at Snowflake. He's passionate about open source in various roles, such as co-chairing the CNCF TAG-Runtime and leading the Cloud Native AI Working Group. With over 25 years of experience in the tech industry and a diverse professional background, he has held various roles at major companies such as Rakuten, Cisco, and VMware, as well as startups like Branch Metrics, Coupa, HyTrust, Exablox, and SnapLogic. His most recent role at Truera involved automating cloud infrastructure for a large-scale AI/ML Observability solution.
From Pipelines to Production: Cloud Native AI Gets Real
From Pipelines to Production: Cloud Native AI Gets Real
Salon H
Since last year's swampUP, the Cloud Native AI ecosystem has evolved significantly. With ongoing innovation in open source models, orchestration, model registries, and observability tools, DevOps teams are now better equipped to reliably and quickly move AI applications from experiment to production.
This talk will dive into the latest work from the CNCF Cloud Native AI Working Group, which has been mapping out the reference architectures, challenges, and opportunities at the intersection of MLOps, DevOps, Security and cloud native tooling. We'll showcase the most recent advancements across the model lifecycle—covering artifact management, inference serving, workload orchestration, and lineage tracking—through a lens of practical, real-world implementation.
Attendees will leave with a blueprint for building scalable, reproducible, secure AI platforms using cloud-native practices, including open-source components. We'll also explore where the ecosystem is heading next, from AI gateway patterns to cluster-level scheduling for GPUs.
Since last year's swampUP, the Cloud Native AI ecosystem has evolved significantly. With ongoing innovation in open source models, orchestration, model registries, and observability tools, DevOps teams are now better equipped to reliably and quickly move AI applications from experiment to production.
This talk will dive into the latest work from the CNCF Cloud Native AI Working Group, which has been mapping out the reference architectures, challenges, and opportunities at the intersection of MLOps, DevOps, Security and cloud native tooling. We'll showcase the most recent advancements across the model lifecycle—covering artifact management, inference serving, workload orchestration, and lineage tracking—through a lens of practical, real-world implementation.
Attendees will leave with a blueprint for building scalable, reproducible, secure AI platforms using cloud-native practices, including open-source components. We'll also explore where the ecosystem is heading next, from AI gateway patterns to cluster-level scheduling for GPUs.
28
3:15 PM
3:15 PM
Break
The swamp
29
3:30 PM
cloud
3:30 PM
cloud
Jiong Liu
Cloud security wizard
Jiong Liu leads the product marketing team for Wiz, working closely with customers to securely accelerate their cloud journeys. Prior to that, Jiong led the GTM strategy and product marketing team for Okta's customer identity products and Business Value practice. Jiong holds bachelor’s degrees in Economics and Interdisciplinary Studies from the University of California, Berkeley, and an MBA from the University of Pennsylvania, Wharton School.
Strengthen Your SDLC Security Loop with JFrog and Wiz
Strengthen Your SDLC Security Loop with JFrog and Wiz
Salon A
Security teams often struggle to connect artifact vulnerabilities detected in development with runtime exposure and real-world risks. In this session, learn how the Wiz and JFrog bi-directional integration allows joint customers to bridge this gap. Wiz enriches vulnerabilities with exploitability and reachability insights from JFrog, while JFrog leverages Wiz’s runtime context to prioritize remediation. Discover how this joint approach empowers DevSecOps teams with end-to-end visibility and faster, more effective vulnerability management.
Security teams often struggle to connect artifact vulnerabilities detected in development with runtime exposure and real-world risks. In this session, learn how the Wiz and JFrog bi-directional integration allows joint customers to bridge this gap. Wiz enriches vulnerabilities with exploitability and reachability insights from JFrog, while JFrog leverages Wiz’s runtime context to prioritize remediation. Discover how this joint approach empowers DevSecOps teams with end-to-end visibility and faster, more effective vulnerability management.
30
3:30 PM
devsecops
3:30 PM
devsecops
Luis Caro Campos
Conan| R&D Team Lead
Luis is an Electronics and Computer Engineer, currently working a R&D Team Lead in the Conan Team at JFrog. He started his journey with C++ in university doing research in the field of Computer Vision. Since 2015 he has been based in the UK and has worked in the field of 3D Scanning, and more recently in the field of Robotics (Autonomous Driving) at Oxbotica, before joining the Conan team at JFrog in 2022.
Over the years, Luis has become concerned with the problem of enabling C++ Software Development at scale, working on the tooling and processes that enable large teams of C++ developers to focus on writing code.
Conan 2: security features for enterprise-grade C++ projects
Conan 2: security features for enterprise-grade C++ projects
Salon K
Memory safety issues have long been a common cause of security vulnerabilities, to the point where government agencies are recommending moving away from languages like C and C++ for new product development. However, while “memory safe” languages exist - the same agencies acknowledge that software will have to interface with components written in C and C++ for a long time, and recommend that software vendors have a memory safety roadmap.
Key items of a memory safety roadmap include keeping proper track of external dependencies, a transparency plan (vendors and customers should know which dependencies are included in each product), and a plan to react to disclosed CVEs (Common Vulnerabilities and Exposures).
The recent ISO C++ developer survey highlights how dependencies are still integrated as part of projects and not properly traced. This talk will cover how C++ developers can leverage Conan to properly track dependencies, and how it integrates with JFrog’s Security offerings to help developers in fulfilling their contractual and regulatory obligations.
Features covered: Software Bill of Materials, Audit dependencies (report CVE vulnerabilities, powered by JFrog Advanced Security), package signing and JFrog Xray integration via Artifactory.
Memory safety issues have long been a common cause of security vulnerabilities, to the point where government agencies are recommending moving away from languages like C and C++ for new product development. However, while “memory safe” languages exist - the same agencies acknowledge that software will have to interface with components written in C and C++ for a long time, and recommend that software vendors have a memory safety roadmap.
Key items of a memory safety roadmap include keeping proper track of external dependencies, a transparency plan (vendors and customers should know which dependencies are included in each product), and a plan to react to disclosed CVEs (Common Vulnerabilities and Exposures).
The recent ISO C++ developer survey highlights how dependencies are still integrated as part of projects and not properly traced. This talk will cover how C++ developers can leverage Conan to properly track dependencies, and how it integrates with JFrog’s Security offerings to help developers in fulfilling their contractual and regulatory obligations.
Features covered: Software Bill of Materials, Audit dependencies (report CVE vulnerabilities, powered by JFrog Advanced Security), package signing and JFrog Xray integration via Artifactory.
31
3:30 PM
automation
3:30 PM
automation
Hariharan Ragothaman
Software Engineer
Hariharan Ragothaman is a Software Engineer at AMD, leading server validation for AI and GPU platforms. Prior to this, he served as a Lead Software Engineer - System Design and Architecture (Manager) at athenahealth where he designed and developed 'Unified Deployment Pipeline' to integrate multiple tech stacks, enhancing service visibility and improving release and product quality. His work in commercializing the macro-service hybrid cloud (Amazon EKS, AWS Local Zones, and AWS Outposts) was a major step towards modernizing the athenaOne platform. At Bose, he developed scalable firmware for wireless audio products and led AVS/GVA integrations. He received his Masters degree at Northeastern University, Boston.
Unified DevSecOps Pipelines: Accelerating Secure Deployments with NLP & JFrog Xray
Unified DevSecOps Pipelines: Accelerating Secure Deployments with NLP & JFrog Xray
Salon J
In today’s application security landscape, navigating complex deployment environments often feels like facing an onslaught of cyber adversaries. Much like Batman’s trusty utility belt— equipping the perfect gadget for every challenge— integrating robust security into your SDLC transforms your pipeline into a resilient defense against vulnerabilities and breaches.
This talk deep dives into a comprehensive case study where we revolutionized our security posture. On one hand, we applied an innovative strategy to unify all our deployments to a 'Unified Deployment Model' based on Elastic Kubernetes Service (EKS), while on the other by integrating JFrog Xray into each stage of our Software Development Lifecycle (SDLC). Through this integration, our team uncovered about 100K previously undetected security violations that our traditional fragmented approach had overlooked.
In large codebases with services across mobile and front-end, lack of standardization and common tooling causes operational burdens. Teams often build custom deployment flows, leading to two major issues: no consistent “shift-left” feedback loop, and no unified security posture or compliance. This fragmentation hampers visibility into DORA metrics due to divergent pipelines and tech stacks.
Here, we'll explore approaches for architecting a 'Unified Deployment Pipeline' that accelerates developer velocity and productivity while enforcing robust security governance across the SDLC with integrated logging, tracing, and metrics. Additionally, by automating SBOM generation, our strategy delivers an organization-wide impact—enhancing transparency, compliance, and overall risk mitigation. This architecture also provides central observability of progress and aggregates metrics to monitor the health and maturity of deployments. Additionally, we will also investigate how the “build once, deploy many times” paradigm aligns with the proposed architecture.
In today’s application security landscape, navigating complex deployment environments often feels like facing an onslaught of cyber adversaries. Much like Batman’s trusty utility belt— equipping the perfect gadget for every challenge— integrating robust security into your SDLC transforms your pipeline into a resilient defense against vulnerabilities and breaches.
This talk deep dives into a comprehensive case study where we revolutionized our security posture. On one hand, we applied an innovative strategy to unify all our deployments to a 'Unified Deployment Model' based on Elastic Kubernetes Service (EKS), while on the other by integrating JFrog Xray into each stage of our Software Development Lifecycle (SDLC). Through this integration, our team uncovered about 100K previously undetected security violations that our traditional fragmented approach had overlooked.
In large codebases with services across mobile and front-end, lack of standardization and common tooling causes operational burdens. Teams often build custom deployment flows, leading to two major issues: no consistent “shift-left” feedback loop, and no unified security posture or compliance. This fragmentation hampers visibility into DORA metrics due to divergent pipelines and tech stacks.
Here, we'll explore approaches for architecting a 'Unified Deployment Pipeline' that accelerates developer velocity and productivity while enforcing robust security governance across the SDLC with integrated logging, tracing, and metrics. Additionally, by automating SBOM generation, our strategy delivers an organization-wide impact—enhancing transparency, compliance, and overall risk mitigation. This architecture also provides central observability of progress and aggregates metrics to monitor the health and maturity of deployments. Additionally, we will also investigate how the “build once, deploy many times” paradigm aligns with the proposed architecture.
32
3:30 PM
cloud
3:30 PM
cloud
Stephen Chin
VP of Developer Relations
Stephen Chin is VP of Developer Relations at Neo4j, member of the Open AI Alliance, and author of several titles with O'Reilly, Apress, and McGraw Hill. He has keynoted numerous conferences around the world including AI DevSummit, Devoxx, DevNexus, JNation, Shift, JavaOne, Joker, swampUP, and Open Source India. Stephen is an avid motorcyclist who has done evangelism tours in Europe, Japan, and Brazil, interviewing developers in their natural habitat. When he is not traveling, he enjoys teaching kids how to do AI, embedded, and robot programming together with his daughters.
Efficient DevOps with Agentic GraphRAG
Efficient DevOps with Agentic GraphRAG
Salon H
AI models are getting tasked to do increasingly complex and industry specific tasks, where different retrieval approaches provide distinct advantages in accuracy, explainability, and cost to execute. GraphRAG retrieval models have become a powerful tool to solve domain-specific problems where answers require logical reasoning and correlation that can be aided by graph relationships and proximity algorithms. I will demonstrate how the agentic combination of RAG and GraphRAG retrieval patterns can improve analysis of dependency and security information to optimize a DevOps pipeline.
AI models are getting tasked to do increasingly complex and industry specific tasks, where different retrieval approaches provide distinct advantages in accuracy, explainability, and cost to execute. GraphRAG retrieval models have become a powerful tool to solve domain-specific problems where answers require logical reasoning and correlation that can be aided by graph relationships and proximity algorithms. I will demonstrate how the agentic combination of RAG and GraphRAG retrieval patterns can improve analysis of dependency and security information to optimize a DevOps pipeline.
33
4:15 PM
4:15 PM
Break
The swamp
34
4:35 PM
devops
4:35 PM
devops
Richard Clark
Senior Solutions Architect
Richard is a Senior Solutions Architect with JFrog. He is also an entrepreneur/inventor, having previously run a startup in the Internet of Things space, where he holds technology patents and has been a key member of several M&A startups. In his spare time, he enjoys cooking and traveling with his wife and two girls, working on projects with them in his garage-turned makerspace and is also an experienced winemaker.
From Vinyard to Version Control: The DevSecOps of Winemaking
From Vinyard to Version Control: The DevSecOps of Winemaking
Salon A
This talk will discuss the entire process of producing and delivering great wine from the ground up by selecting grapes to bottling, with close similarities to developing and deploying safe, secure & trusted releases in a Software Supply Chain. We will touch upon how to choose a reliable source for safe OSS libraries, CI, CD, SBOM recipes, evidence tracking, quality control, common pitfalls to avoid, packaging/distribution, and ultimately consumption of wine/software by the end user! If you love wine and DevSecOps don't miss this exciting session to learn more about the best practices for both!
This talk will discuss the entire process of producing and delivering great wine from the ground up by selecting grapes to bottling, with close similarities to developing and deploying safe, secure & trusted releases in a Software Supply Chain. We will touch upon how to choose a reliable source for safe OSS libraries, CI, CD, SBOM recipes, evidence tracking, quality control, common pitfalls to avoid, packaging/distribution, and ultimately consumption of wine/software by the end user! If you love wine and DevSecOps don't miss this exciting session to learn more about the best practices for both!
35
4:35 PM
cloud
4:35 PM
cloud
Aman Sardana
Senior Principal Application Architect
Aman Sardana is a technology professional in the financial services and payments domain. He is a hands-on technology leader, enabling business capabilities by implementing cutting-edge, modernized technology solutions. He is skilled in designing, developing, and implementing innovative financial technology solutions that drive business results and establish best-in-class operations.
Aman did his Masters in Information Technology from Northwestern University. This unique program straddles between the business and technical side of information technology, focusing on data mining, information security, enterprise architecture, statistics, innovation, marketing and finance.
Disaster- Proof Development: Embedding Resilience in Every Release
Vijay Kumar Soni
Expert Application Engineer
Vijay Soni is the Expert Architect & Engineer at Discover's business technology department. He architected and designed Discover's Open banking and Click to Pay ecommerce Digital Wallet Payments platforms. He is seasoned software engineer and passionate about solving complex emerging finance, digital payment, identity and payment product problems using secure, futureproof and innovative approach.
Vijay also led multiple EMVCo, eCommerce, Mobile SE/HCE Payments technology initiatives as lead architect and engineer.
Vijay has worked on large financial services & payments technology integration projects including Apple Pay, Google Pay, Samsung Pay, Click to Pay and FDX Open Banking integrations, Pay with Rewards, Contactless Mass Transit acceptance etc..
Disaster- Proof Development: Embedding Resilience in Every Release
Disaster- Proof Development: Embedding Resilience in Every Release
Salon K
Core platform systems support business-critical applications, and are expected to be available and highly responsive 24/7/365. As an example, financial institutions with legacy infrastructure are increasingly adopting hybrid cloud solutions to stay competitive, balance scalability, drive cost-efficiency, and achieve regulatory compliance. However, this shift introduces significant challenges related to system performance, security, and compliance. These challenges must be addressed with strategic mitigation measures.
In this talk, we’ll share insights, experiences, and innovative solutions to successfully navigate hybrid cloud challenges in the Financial Technology domain for core, backend processing systems, Open Banking, payment processing, etc. Attendees will gain practical strategies for securing hybrid environments and optimizing performance across distributed cloud ecosystems. These strategies can be applied to any industry vertical that operates critical infrastructure with hybrid cloud deployments.
Key Takeaways:
- The importance of hybrid cloud in modern FinTech operations
- Hybrid cloud architecture and infrastructure best practices
- Data Management and Governance
- Security considerations and risk management in hybrid cloud environments
- Performance optimization strategies for financial workloads in hybrid cloud deployments
- Business Continuity, Disaster Recovery and resiliency of critical infrastructure
- Cost Management and FinOps
- Vendor Lock-In and Dependency
Core platform systems support business-critical applications, and are expected to be available and highly responsive 24/7/365. As an example, financial institutions with legacy infrastructure are increasingly adopting hybrid cloud solutions to stay competitive, balance scalability, drive cost-efficiency, and achieve regulatory compliance. However, this shift introduces significant challenges related to system performance, security, and compliance. These challenges must be addressed with strategic mitigation measures.
In this talk, we’ll share insights, experiences, and innovative solutions to successfully navigate hybrid cloud challenges in the Financial Technology domain for core, backend processing systems, Open Banking, payment processing, etc. Attendees will gain practical strategies for securing hybrid environments and optimizing performance across distributed cloud ecosystems. These strategies can be applied to any industry vertical that operates critical infrastructure with hybrid cloud deployments.
Key Takeaways:
- The importance of hybrid cloud in modern FinTech operations
- Hybrid cloud architecture and infrastructure best practices
- Data Management and Governance
- Security considerations and risk management in hybrid cloud environments
- Performance optimization strategies for financial workloads in hybrid cloud deployments
- Business Continuity, Disaster Recovery and resiliency of critical infrastructure
- Cost Management and FinOps
- Vendor Lock-In and Dependency
36
4:35 PM
automation
4:35 PM
automation
Brett Smith
Software Architect
Software Architect/Engineer/Developer with 25+ years of experience.
Specialties: Event Driven Automation, Continuous Integration/Delivery/Testing/Deployment, Supply Chain Security
Expertise: Linux, packaging, and tool design.
Currently Engineering and Securing the Supply Chain with Event Driven CI/CD gitOps Pipeline Architectures that leverage Kafka, Go,
and Python running in Containers on Kubernetes and SBOMs.
Platform Engineering: Herding the Electric Sheep & Some Frogs
Platform Engineering: Herding the Electric Sheep & Some Frogs
Salon J
A talk about platform engineering, DevOps, DevSecOps, sprawl, chaos, bad decisions, compliance, and security. Why engineer an Internal Developer Platform when I have DevOps? DevOps works fine when you are a 20 person start-up, but it often doesn't scale to enterprise-level development efforts. When you have 3,000 developers with different needs and you are responsible for EO compliance and security, a modular self-service platform is a good choice to build. In this talk, I cover the challenges we have faced in a 3,000-developer enterprise, and how we are working to address them. I also cover how we are working on automating, integration, and scaling the creation of our internal developer platform. We talk about the tools we are using including JFrog products like Artifactory, Curation, Xray, and Advanced Security. I also talk about how we are leveraging SBOMs, SLSA, and other tools to help build out a secure and compliant platform.
A talk about platform engineering, DevOps, DevSecOps, sprawl, chaos, bad decisions, compliance, and security. Why engineer an Internal Developer Platform when I have DevOps? DevOps works fine when you are a 20 person start-up, but it often doesn't scale to enterprise-level development efforts. When you have 3,000 developers with different needs and you are responsible for EO compliance and security, a modular self-service platform is a good choice to build. In this talk, I cover the challenges we have faced in a 3,000-developer enterprise, and how we are working to address them. I also cover how we are working on automating, integration, and scaling the creation of our internal developer platform. We talk about the tools we are using including JFrog products like Artifactory, Curation, Xray, and Advanced Security. I also talk about how we are leveraging SBOMs, SLSA, and other tools to help build out a secure and compliant platform.
37
4:35 PM
automation
4:35 PM
automation
Ciro Greco
Founder and CEO
Ciro Greco - founder and CEO at Bauplan, a serverless computing platform for complex data workloads. Developers can write complex, multi-language data pipelines with zero environment management and infrastructure configuration and the same instantaneous feedback loop as running code locally.
Formerly, he was the founder of Tooso, an NLP startup based in San Francisco. Tooso was acquired by Coveo in 2019 and Ciro was in the management team that brought Coveo to IPO in 2021.
In a previous life he got a PhD in Neuroscience at Milan-Bicocca, a postdoctoral fellowship at Ghent University and he was visiting scientist at MIT.
The End of Manual DataOps: Git for Data and the Automation of AI Infrastructure
The End of Manual DataOps: Git for Data and the Automation of AI Infrastructure
Salon H
One area where we believe AI agents will be crucial is DevOps automation.
Data and ML workloads have been historically very hard to automate reliably because of their inherent complexity, and because traditional data platforms require specialized expertise and manual oversight.
This talk argues that the future of DataOps is built around code-first abstractions and fully-programmable data platforms that meet the needs of DevOps teams: full replicability, easy automation and transparent security.
We will present very specific real-world examples on how Recommender and RAG systems running in production can become more reliable by abstracting infrastructure complexities behind familiar Python concepts like functions, packages, tables, and version control.
One area where we believe AI agents will be crucial is DevOps automation.
Data and ML workloads have been historically very hard to automate reliably because of their inherent complexity, and because traditional data platforms require specialized expertise and manual oversight.
This talk argues that the future of DataOps is built around code-first abstractions and fully-programmable data platforms that meet the needs of DevOps teams: full replicability, easy automation and transparent security.
We will present very specific real-world examples on how Recommender and RAG systems running in production can become more reliable by abstracting infrastructure complexities behind familiar Python concepts like functions, packages, tables, and version control.
38
5:30 PM
5:30 PM
Booth Crawl | Happy Hour
Meritage Building - Terrace
39
7:20 PM
7:20 PM
Gala Dinner: Featuring Celebrity Cellist Tina Guo
Meritage Lawn
40
10:00 PM
10:00 PM
Post Gala Open Bar
Crush lounge
41
7:30 AM
7:30 AM
Registration
Meritage Building - Lobby
42
7:45 AM
7:45 AM
Breakfast
Vintner's Dining Room
43
9:00 AM
9:00 AM
Jens Eckels
VP of Product Marketing
Keynote Kickoff
Keynote Kickoff
Meritage Ballroom
Day 2 of swampUP drives practical application of EveryOps’ quantum shift across our industry.
Join us, as we sharpen our minds for a day of learning and collaboration.
Day 2 of swampUP drives practical application of EveryOps’ quantum shift across our industry.
Join us, as we sharpen our minds for a day of learning and collaboration.
44
9:20 AM
9:20 AM
Stealth Mode Session
Meritage Building - Lobby
Some conference talks are simply too impactful, too important, too forward-looking to expose all the details far in advance. Stay tuned for more info on this exciting session that everyone will be buzzing about - just not yet!
Some conference talks are simply too impactful, too important, too forward-looking to expose all the details far in advance. Stay tuned for more info on this exciting session that everyone will be buzzing about - just not yet!
45
10:05 AM
10:05 AM
Coffee Break
Meritage Building - Terrace
46
10:30 AM
10:30 AM
Demetrios Brinkmann
Founder of MLOps Community
Demetrios founded the largest community dealing with productionizing AI and ML models. In April 2020 he fell into leading the MLOps community (more than 75k
ML practitioners come together to learn and share experiences) which aims to bring clarity around the operational side of Machine Learning.
Since diving into the nitty gritty of Machine Learning he has felt a strong calling to explore the ethical issues surrounding the new tech he covers. In his free time he can be found building stone stackings in the woods
with his daughters
Ensuring Reliable Evaluation Systems for Your ML
Ensuring Reliable Evaluation Systems for Your ML
Meritage Ballroom
Standard benchmarks often fall short and can be misleading. Leaderboards can erode trust in model claims, as they rarely address specific, real-world needs. In this talk, Demetrios Brinkmann will detail how MLOps engineers and developers can build and continuously update their own evaluation systems to create a strong competitive advantage. He’ll cover how to build a reliable “golden dataset,” optimize data collection, labeling, and utilize the right tools to ensure evaluations truly reflect their intended use case.
Standard benchmarks often fall short and can be misleading. Leaderboards can erode trust in model claims, as they rarely address specific, real-world needs. In this talk, Demetrios Brinkmann will detail how MLOps engineers and developers can build and continuously update their own evaluation systems to create a strong competitive advantage. He’ll cover how to build a reliable “golden dataset,” optimize data collection, labeling, and utilize the right tools to ensure evaluations truly reflect their intended use case.
47
11:20 AM
11:20 AM
EXPO Hall
Meritage Ballroom
Join us to explore all the swampUP sponsors at the Expo Hall!
This dedicated time gives you the chance to engage with exhibitors, discover innovative products and services, and network with industry leaders. Experience interactive displays and informative demos showcasing the latest advancements in DevOps, SecOps, AI and ML.
Join us to explore all the swampUP sponsors at the Expo Hall!
This dedicated time gives you the chance to engage with exhibitors, discover innovative products and services, and network with industry leaders. Experience interactive displays and informative demos showcasing the latest advancements in DevOps, SecOps, AI and ML.
48
12:10 PM
12:10 PM
Lunch
Vintner's Dining Room
49
1:20 PM
1:20 PM
Gal Zilberman
Senior Product Manager
2022 - now: Senior Product Manager, JFrog
2021-2022: R&D team leader, Orbit Communication Systems
2018-2021: System engineer, Orbit Communication Systems
2014-2018: Student position, Intel
2005-2014: Naval combat officer, IDF
From digital dust to digital trust: JFrog’s Smart Retention
Kunal Mazumdar
Tech Lead
Kunal Mazumdar is a seasoned software professional specializing in full-stack web solutions and scaling web applications. With expertise across DevOps, Aviation, and Developer Experience, he brings a unique blend of technical depth and industry insights.
He has contributed to enterprise and commercial SaaS applications, leveraging Java, JavaScript, Go, and Python. His DevOps expertise helps streamline workflows, automate deployments, and enhance software reliability.
Beyond tech, Kunal is a passionate singer who finds harmony in both music and software architecture. His talks are engaging, practical, and packed with real-world insights, making complex topics accessible to developers and architects.
From digital dust to digital trust: JFrog’s Smart Retention
From digital dust to digital trust: JFrog’s Smart Retention
Salon A
Learn how JFrog’s Retention Policies — Cleanup and Archival — help optimize storage, reduce costs, and ensure compliance without compromising developer productivity. This session will cover best practices for managing dev and production artifacts, automating cleanup and archival, and aligning storage strategies with business goals. Walk away with actionable insights to implement smarter, more efficient retention policies.
Learn how JFrog’s Retention Policies — Cleanup and Archival — help optimize storage, reduce costs, and ensure compliance without compromising developer productivity. This session will cover best practices for managing dev and production artifacts, automating cleanup and archival, and aligning storage strategies with business goals. Walk away with actionable insights to implement smarter, more efficient retention policies.
50
1:20 PM
jfrog artifactory
1:20 PM
jfrog artifactory
Nireesh Thiruveedula
Lead Software Engineer
I am a Lead Software Engineer and Artifactory administrator at CapitalOne with 18 years of experience in developing enterprise solutions in the Financial Tech and Insurance domains. I hold a patent for a Business-to-Enterprise application developed for StateFarm Insurance, showcasing my innovative approach and technical expertise. My role involves designing and managing scalable solutions, ensuring robust artifact governance.
Outside of work, I enjoy cycling, which keeps me energized and focused. Originally from the southern part of India, I bring a diverse perspective to problem-solving and team collaboration.
The Artifact Avengers: Governance to the Rescue
The Artifact Avengers: Governance to the Rescue
Salon K
Enterprise-level, well-structured and efficient artifact governance frameworks can ensure seamless onboarding, security, compliance and lifecycle management - all via Artifactory. This architecture enables application teams to interact with artifacts while reinforcing security and ease of operations.
Key aspects of governance:
Effective team onboarding: this workflow simplifies the process by creating dedicated repositories for each application, ensuring the teams have well-defined space to store and manage their artifacts.
Tailor-made access controls: implemented effectively, allows teams to securely manage their artifacts and maintain role based access.
Security: remains top priority, with authentication enforced for all uploads/downloads and eliminating anonymous access and ensuring that only authorized users and services interact with Artifactory.
Auditing artifacts: tracking the movement of artifacts across all stages of deployment through a structured promotion process with vulnerability detection from test environments through production with traceability and compliance.
Maintain optimized repository structures: by archiving stale artifacts through automated batch process, prevent repository bloat and improve storage efficiency.
This end-to-end artifact governance structure is made possible by harnessing the power of JFrog APIs, enabling automation and operational efficiency at scale.
Enterprise-level, well-structured and efficient artifact governance frameworks can ensure seamless onboarding, security, compliance and lifecycle management - all via Artifactory. This architecture enables application teams to interact with artifacts while reinforcing security and ease of operations.
Key aspects of governance:
Effective team onboarding: this workflow simplifies the process by creating dedicated repositories for each application, ensuring the teams have well-defined space to store and manage their artifacts.
Tailor-made access controls: implemented effectively, allows teams to securely manage their artifacts and maintain role based access.
Security: remains top priority, with authentication enforced for all uploads/downloads and eliminating anonymous access and ensuring that only authorized users and services interact with Artifactory.
Auditing artifacts: tracking the movement of artifacts across all stages of deployment through a structured promotion process with vulnerability detection from test environments through production with traceability and compliance.
Maintain optimized repository structures: by archiving stale artifacts through automated batch process, prevent repository bloat and improve storage efficiency.
This end-to-end artifact governance structure is made possible by harnessing the power of JFrog APIs, enabling automation and operational efficiency at scale.
51
1:20 PM
automation
1:20 PM
automation
Vishal Raina
Engineering Manager, Developer Velocity & Tooling
Vishal Raina is an engineering manager at Adobe, leading the Developer Velocity & Tooling team. With over 20 years of experience in platform engineering and developer productivity, he has led large-scale initiatives across GitHub, Jenkins, Artifactory, and CircleCI. Vishal specializes in scaling DevOps platforms and delivering impactful migrations that boost performance and reliability.
Zero Downtime, Maximum Impact: Migrating Artifactory Database at Scale
Kevin Patterson
Senior SCM Engineer, Engineering Productivity Tools and Applications
Once heavily focused on infrastructure, his current interests are now in Software Configuration Management (SCM) and DevOps.
Zero Downtime, Maximum Impact: Migrating Artifactory Database at Scale
Rahul Srivastava
Lead SRE
Rahul Srivastava is a Lead Senior Site Reliability Engineer at Adobe, where he has been driving critical initiatives to enhance the end-to-end resiliency of large-scale, distributed systems deployed across multiple regions and cloud environments since 2019. A core part of his work includes operating and scaling JFrog Artifactory services in a multi-cloud, multi-region infrastructure.
With over two decades of experience in software engineering and infrastructure reliability, Rahul Srivastav holds an M.S. in Software Management from Carnegie Mellon University and a B.Tech in Computer Science from the Institute of Engineering & Technology, India. He is also a certified Project Management Professional (PMP) recognized by the Project Management Institute.
Zero Downtime, Maximum Impact: Migrating Artifactory Database at Scale
Zero Downtime, Maximum Impact: Migrating Artifactory Database at Scale
Salon J
How do you migrate a mission-critical Artifactory database with zero downtime—while supporting thousands of developers? Join adobe's Vishal Raina, Kevin Patterson and Rahul Srivastava as they share their real-world experience executing a seamless migration from MySQL to PostgreSQL in a high-scale, multi-geo enterprise environment.
You'll get a behind-the-scenes view into the planning, tooling, and validation strategy that enabled a risk-free migration. We’ll cover how the team identified legacy system limitations, aligned cross-functional stakeholders, and executed the cutover with precision—all without impacting developer velocity. You'll also hear practical lessons learned on operational resilience, automation, observability, and post-migration optimization.
Whether you're preparing for your own DB migration or modernizing your artifact infrastructure, this session will equip you with actionable insights to reduce risk, improve reliability, and elevate the developer experience.
How do you migrate a mission-critical Artifactory database with zero downtime—while supporting thousands of developers? Join adobe's Vishal Raina, Kevin Patterson and Rahul Srivastava as they share their real-world experience executing a seamless migration from MySQL to PostgreSQL in a high-scale, multi-geo enterprise environment.
You'll get a behind-the-scenes view into the planning, tooling, and validation strategy that enabled a risk-free migration. We’ll cover how the team identified legacy system limitations, aligned cross-functional stakeholders, and executed the cutover with precision—all without impacting developer velocity. You'll also hear practical lessons learned on operational resilience, automation, observability, and post-migration optimization.
Whether you're preparing for your own DB migration or modernizing your artifact infrastructure, this session will equip you with actionable insights to reduce risk, improve reliability, and elevate the developer experience.
52
1:20 PM
automation
1:20 PM
automation
Dave Ahr
Staff Sales Engineer
Dave is a seasoned technology leader with deep expertise in cloud-native application engineering, full-stack development, IT automation, and zero trust security. As a Staff Sales Engineer at Coder, he advises clients of all sizes, driving developer experience improvements, cloud transformations, and DevOps best practices. Previously, he led key initiatives at VMware, contributing to Tanzu and IT automation solutions. Dave has designed secure, scalable, and automated environments across industries like finance, non-profit, and academia. A lifelong learner, he holds a BS in Computer Science from Texas State University and regularly shares insights through workshops and conferences.
AI in Legacy App Modernization: Three Strategies to Ensure Success
AI in Legacy App Modernization: Three Strategies to Ensure Success
Salon H
With great power comes great responsibility—and yes, coding agents can backfire if they’re not thoughtfully deployed. Instead of boosting productivity, they can frustrate developers, slow down progress, and even diminish your competitive edge.
Join Dave Ahr, as he unpacks three essential strategies organizations should embrace when scaling agentic coding agents enterprise-wide. Drawing from firsthand lessons and internal experiments—where agents effectively resolved nearly half the tasks we threw at them—we’ll share real-world scenarios showcasing engineering work AI agents excelled at. We’ll also highlight where they fell short, detailing what went wrong and what we’d do differently next time.
You’ll walk away understanding:
*How realistic expectations ensure AI boosts rather than hinders productivity.
*Why effective human-agent collaboration is critical for developer satisfaction and innovation.
*How clear governance frameworks can prevent technical debt and keep productivity flowing.
Learn from our experiences and ensure your organization’s deployment of AI coding agents empowers your developers, ignites innovation, and solidifies your market leadership.
With great power comes great responsibility—and yes, coding agents can backfire if they’re not thoughtfully deployed. Instead of boosting productivity, they can frustrate developers, slow down progress, and even diminish your competitive edge.
Join Dave Ahr, as he unpacks three essential strategies organizations should embrace when scaling agentic coding agents enterprise-wide. Drawing from firsthand lessons and internal experiments—where agents effectively resolved nearly half the tasks we threw at them—we’ll share real-world scenarios showcasing engineering work AI agents excelled at. We’ll also highlight where they fell short, detailing what went wrong and what we’d do differently next time.
You’ll walk away understanding:
*How realistic expectations ensure AI boosts rather than hinders productivity.
*Why effective human-agent collaboration is critical for developer satisfaction and innovation.
*How clear governance frameworks can prevent technical debt and keep productivity flowing.
Learn from our experiences and ensure your organization’s deployment of AI coding agents empowers your developers, ignites innovation, and solidifies your market leadership.
53
2:00 PM
2:00 PM
Break
The swamp
54
2:20 PM
devops
2:20 PM
devops
Ronny Belenitsky
Director of Product
Ronny is a Product Director at JFrog, where he leads strategic initiatives across DevSecOps and SDLC innovation. With a strong background in cloud-native technologies and application lifecycle management, Ronny plays a key role in shaping products that empower enterprise engineering teams to build and release software more quickly and securely.
Prior to JFrog, Ronny was the VP of Product at Titan, where he scaled product organizations, launched market-leading solutions, and drove enterprise adoption globally. He brings over 15 years of experience in building impactful software products, combining technical depth with strategic vision.
Trusted Builds with GitHub and JFrog, Strengthening SDLC Integrity, Step by Step
Strengthening SDLC Integrity, Step by Step
Salon A
In our discussions with customers, we identified a critical challenge in the Software Development Lifecycle (SDLC): package signing often occurs after the package build, altering the package’s SHA in the middle of the process.
While organizations aim to ensure that artifacts pushed to production have a fully signed and verifiable provenance from development to deployment, this intermediate modification disrupts the integrity of the build step and beyond.
Customers recognize the value of immutable release bundles and a robust provenance posture. However, transitioning away from a process that modifies artifacts mid-SDLC for signing to an immutable workflow remains challenging.
This talk will explore how organizations can adopt a step-by-step approach to ensure consistency and predictability across SDLC maturity stages, while enabling the addition of trusted and signed evidence at every stage; a way to enable security, traceability, and compliance without compromising integrity.
In our discussions with customers, we identified a critical challenge in the Software Development Lifecycle (SDLC): package signing often occurs after the package build, altering the package’s SHA in the middle of the process.
While organizations aim to ensure that artifacts pushed to production have a fully signed and verifiable provenance from development to deployment, this intermediate modification disrupts the integrity of the build step and beyond.
Customers recognize the value of immutable release bundles and a robust provenance posture. However, transitioning away from a process that modifies artifacts mid-SDLC for signing to an immutable workflow remains challenging.
This talk will explore how organizations can adopt a step-by-step approach to ensure consistency and predictability across SDLC maturity stages, while enabling the addition of trusted and signed evidence at every stage; a way to enable security, traceability, and compliance without compromising integrity.
55
2:20 PM
continuous delivery
2:20 PM
continuous delivery
Erin Kouri
Engineering Manager
An accomplished software engineering leader based in Austin, Texas, currently serving as Engineering Manager at Sonar. With more than a decade of experience, Erin specializes in guiding backend development and helping teams build innovative code-quality and security solutions
Erin blends technical expertise with strategic vision. At Sonar, she shapes high-performing backend teams, mentors’ engineers, and oversees the development of robust, scalable services that empower developers and organizations to elevate code quality.
Jens Eckels - JFrog VP Communications
Jens is a proud tech marketeer with a love for developers and development communities. His usual habitat is near a small desk, smithing words to the sound of his ever-humming laptop fan.
Seven habits of highly effective AI coding
Seven habits of highly effective AI coding
Salon K
AI coding has quickly moved from novelty to necessity, reshaping software development. But this rapid integration has unveiled a significant "engineering productivity paradox": while AI generates massive code volumes (e.g., over 30% of new code at Google), real velocity gains lag due to review bottlenecks.
In this session, [name and title] will share the seven 'habits' that organizations should adopt for highly effective AI coding. With the power of these best practices, you can help to ensure your code remains secure, maintainable, and that tech debt remains under control.
AI coding has quickly moved from novelty to necessity, reshaping software development. But this rapid integration has unveiled a significant "engineering productivity paradox": while AI generates massive code volumes (e.g., over 30% of new code at Google), real velocity gains lag due to review bottlenecks.
In this session, [name and title] will share the seven 'habits' that organizations should adopt for highly effective AI coding. With the power of these best practices, you can help to ensure your code remains secure, maintainable, and that tech debt remains under control.
56
2:20 PM
automation
2:20 PM
automation
Haggai Philip Zagury
DevOps Group & Tech Lead
25+ years if experience as an IT Systems Engineer.
I lectured in various conferences in Israel and abroad.
Bootstrapped my career as a systems administrator in a small StartUp, and a few years later learned about my passion to learn & teach ;) ,
My Day job was running production for a small ISP running various sub-systems, which quickly grew in demand, my journey continued when I joined Tikal ~16 years ago as a Configuration Manager and grew from there into the DevOps field.
I'm not the traditional geek 😉 I am very passionate about what I do ♾️.
HagZag
Farm to Table Software Delivery: DevOps to Platform Engineering
Farm to Table Software Delivery: DevOps to Platform Engineering
Salon J
The way we build, deliver, and operate software has undergone a massive transformation over the past decade. What started as a DevOps-centric approach—focused on automation, CI/CD, and infrastructure as code—has now evolved into a Platform Engineering paradigm. This shift prioritizes self-service, developer experience, and scalable platform abstractions to enable high-velocity software delivery. In this session, we will explore how organizations are modernizing their software delivery pipelines, infrastructure, and operational models to drive agility, efficiency, and reliability.
Drawing from real-world experience as a DevOps consultant and platform engineer, I will take attendees through the journey of software delivery evolution—from early configuration management days to the current Platform Engineering movement. We will discuss the critical role of self-service platforms in empowering developers while ensuring governance, security, and operational excellence at scale.
The way we build, deliver, and operate software has undergone a massive transformation over the past decade. What started as a DevOps-centric approach—focused on automation, CI/CD, and infrastructure as code—has now evolved into a Platform Engineering paradigm. This shift prioritizes self-service, developer experience, and scalable platform abstractions to enable high-velocity software delivery. In this session, we will explore how organizations are modernizing their software delivery pipelines, infrastructure, and operational models to drive agility, efficiency, and reliability.
Drawing from real-world experience as a DevOps consultant and platform engineer, I will take attendees through the journey of software delivery evolution—from early configuration management days to the current Platform Engineering movement. We will discuss the critical role of self-service platforms in empowering developers while ensuring governance, security, and operational excellence at scale.
57
2:20 PM
2:20 PM
Gaurav Saxena
Director of Engineering
Gaurav Saxena is an engineering leader in the field of platform and cloud engineering with over 20 years of experience in the software industry. His technical expertise includes Stream-based architectures, Kubernetes, Service Mesh, and Observability.
Resiliency by Design: Internal Platforms' Contributions to Cloud Stability
Resiliency by Design: Internal Platforms' Contributions to Cloud Stability
Salon H
In today's complex enterprise environments, building and maintaining resilient data streaming platforms requires a strategic approach that empowers developers while ensuring security and operational efficiency. This presentation explores how Internal Developer Platforms (IDPs) can streamline development workflows, enhance application portability, and fortify your software supply chain, including the use of CNCF projects.
We'll delve into:
Internal Developer Platforms (IDPs): Understanding the core principles of IDPs and how they enable self-service infrastructure, reduce cognitive load for developers, and promote consistent development practices.
Open Application Model (OAM): Leveraging OAM to define applications in a platform-agnostic way, separating application logic from infrastructure concerns. This promotes portability and simplifies management across diverse environments.
Crossplane: Using Crossplane to extend your Kubernetes cluster and manage infrastructure resources (databases, message queues, etc.) directly from within your IDP, enabling a unified control plane for both applications and infrastructure.
A key focus will be on building a hardened software supply chain:
Melange, Apko, and Wolfi: Building minimal, secure container images using these next-generation tools. We'll discuss the benefits of reduced attack surface and improved image scanning results.
Sigstore Project (Cosign, Fulcio, Rekor): Ensuring the integrity and authenticity of container images through signing and attestation. We'll demonstrate how to use Sigstore to sign images built from managed CI pipelines and push to jFrog Artifactory securely.
Kubernetes Admission Control: Implementing KubeWarden, a Kubernetes admission controller, to enforce policies and verify image signatures before deployment, preventing the execution of untrusted code.
Workload Attestation using SPIFFE: Using SPIFFE for workload attestations.
In today's complex enterprise environments, building and maintaining resilient data streaming platforms requires a strategic approach that empowers developers while ensuring security and operational efficiency. This presentation explores how Internal Developer Platforms (IDPs) can streamline development workflows, enhance application portability, and fortify your software supply chain, including the use of CNCF projects.
We'll delve into:
Internal Developer Platforms (IDPs): Understanding the core principles of IDPs and how they enable self-service infrastructure, reduce cognitive load for developers, and promote consistent development practices.
Open Application Model (OAM): Leveraging OAM to define applications in a platform-agnostic way, separating application logic from infrastructure concerns. This promotes portability and simplifies management across diverse environments.
Crossplane: Using Crossplane to extend your Kubernetes cluster and manage infrastructure resources (databases, message queues, etc.) directly from within your IDP, enabling a unified control plane for both applications and infrastructure.
A key focus will be on building a hardened software supply chain:
Melange, Apko, and Wolfi: Building minimal, secure container images using these next-generation tools. We'll discuss the benefits of reduced attack surface and improved image scanning results.
Sigstore Project (Cosign, Fulcio, Rekor): Ensuring the integrity and authenticity of container images through signing and attestation. We'll demonstrate how to use Sigstore to sign images built from managed CI pipelines and push to jFrog Artifactory securely.
Kubernetes Admission Control: Implementing KubeWarden, a Kubernetes admission controller, to enforce policies and verify image signatures before deployment, preventing the execution of untrusted code.
Workload Attestation using SPIFFE: Using SPIFFE for workload attestations.
58
3:00 PM
3:00 PM
Break
The swamp
59
3:20 PM
3:20 PM
Pavel Klushin
Senior Manager, Solution Engineering
Pavel Klushin is an ML expert with over ten years of expertise in cloud engineering. His work focuses on integrating AI with cloud infrastructures, enhancing performance and driving innovation across various industries.
MLOps in Action: From Experimentation to Production, Delivering AI You Can Trust
Delivering AI You Can Trust
Salon A
Discover how JFrog enables seamless and secure adoption of both open-source and commercial AI models within the enterprise, enforcing organizational policies without slowing down your AI development velocity.
Discover how JFrog enables seamless and secure adoption of both open-source and commercial AI models within the enterprise, enforcing organizational policies without slowing down your AI development velocity.
60
3:20 PM
jfrog artifactory
3:20 PM
jfrog artifactory
Saumya Patra
Squad Leader, Artifact Management Platforms
Saumya Patra is an accomplished professional in the field of information technology, known for expertise in software development, DevOps, and cloud technologies. With a strong background in managing large-scale IT projects and implementing modern software delivery practices, Saumya has contributed to the success of various organisations by driving innovation and operational excellence. Recognised for leadership, technical acumen, and a commitment to continuous learning, Saumya Patra is dedicated to advancing technology solutions that deliver business value and foster team growth at Fidelity Investments.
Fidelity Scales with Artifactory: 15K Devs, 60M Artifacts, 2B Downloads
Naveen Kumar AV
Principal Cloud Engineer
Naveen Kumar is a Tech Lead at Fidelity Investments. With extensive experience in DevOps, Artifact management and software delivery pipelines, Naveen helps enable secure, efficient and reliable software delivery across the organisation. Passionate about automation and developer productivity, Naveen has driven several large-scale modernisation initiatives to support growing engineering needs.
Fidelity Scales with Artifactory: 15K Devs, 60M Artifacts, 2B Downloads
Fidelity Scales with Artifactory: 15K Devs, 60M Artifacts, 2B Downloads
Salon K
Managing over 60 million artifacts and handling 2 billion artifact downloads per month for around 15,000 developers is no small feat. In this session, we’ll share how JFrog Artifactory can be scaled to meet the growing demands of global developer teams. From streamlining onboarding with our self-service portal to ensuring security and compliance, we’ll walk you through the practical solutions that can be implemented. We’ll discuss ways to approach challenges like global latency with Edges and optimized storage with Cold Storage. We will showcase pipeline libraries that can be built to empower developers to seamlessly integrate artifact uploads, promotions, and cloud deployments into their CI/CD pipelines without writing complex scripts. Whether you’re just starting with Artifactory or looking to refine your setup, this session offers actionable insights and lessons learned from managing artifact workflows at enterprise scale.
Managing over 60 million artifacts and handling 2 billion artifact downloads per month for around 15,000 developers is no small feat. In this session, we’ll share how JFrog Artifactory can be scaled to meet the growing demands of global developer teams. From streamlining onboarding with our self-service portal to ensuring security and compliance, we’ll walk you through the practical solutions that can be implemented. We’ll discuss ways to approach challenges like global latency with Edges and optimized storage with Cold Storage. We will showcase pipeline libraries that can be built to empower developers to seamlessly integrate artifact uploads, promotions, and cloud deployments into their CI/CD pipelines without writing complex scripts. Whether you’re just starting with Artifactory or looking to refine your setup, this session offers actionable insights and lessons learned from managing artifact workflows at enterprise scale.
61
3:20 PM
automation
3:20 PM
automation
Jessica Butler
Software Engineer | Product Security
Jessica Butler is a Software Engineer on NVIDIA’s Product Security Tools team, where she builds and integrates enterprise security applications that strengthen developer workflows and enable scalable vulnerability management. She focuses on creating solutions that improve automation, integration, and usability for developers across NVIDIA.
Jessica has over 17 years of experience in software engineering and security and earned her MS in Computer Engineering from Washington University in St. Louis. Outside of work, she enjoys gardening, rehabbing her 100+ year-old urban home, and traveling with her 3 adventurous kids .
Embracing the Era of Transparency: Automating NVIDIA VEX for Scalable, Context-Aware Security
Kristina Joos
AI Enterprise Product Management
Kristina is a product manager at NVIDIA, working diligently to accelerate AI adoption in enterprises, focusing on open-source software security management. Prior to this, Kristina was a product manager for NVIDIA’s NGC catalog, facilitating SDK access for developers.
Embracing the Era of Transparency: Automating NVIDIA VEX for Scalable, Context-Aware Security
Embracing the Era of Transparency: Automating NVIDIA VEX for Scalable, Context-Aware Security
Salon J
AI adoption is accelerating, but with it comes the challenge of managing software vulnerabilities in a complex, fast-moving open source ecosystem. How can you cut through the noise and efficiently manage real risks? NVIDIA and JFrog are raising the bar for software supply chain security. By automatically integrating NVIDIA’s Vulnerability Exploitability eXchange (VEX) documents into the JFrog Platform, we provide actionable, machine-readable insights that empower you to focus on what matters. This partnership strengthens vulnerability management for AI software, giving organizations the context and confidence to securely deploy production‑grade AI solutions at scale.
In this session, we’ll show how NVIDIA and JFrog have implemented automated VEX workflows—then break down the steps and open standards you can use to bring the same capabilities into your own environment and processes. You’ll see a live demo of VEX documents being automatically ingested and displayed in the JFrog Platform, illustrating how these workflows streamline security operations and accelerate innovation in the AI era.
AI adoption is accelerating, but with it comes the challenge of managing software vulnerabilities in a complex, fast-moving open source ecosystem. How can you cut through the noise and efficiently manage real risks? NVIDIA and JFrog are raising the bar for software supply chain security. By automatically integrating NVIDIA’s Vulnerability Exploitability eXchange (VEX) documents into the JFrog Platform, we provide actionable, machine-readable insights that empower you to focus on what matters. This partnership strengthens vulnerability management for AI software, giving organizations the context and confidence to securely deploy production‑grade AI solutions at scale.
In this session, we’ll show how NVIDIA and JFrog have implemented automated VEX workflows—then break down the steps and open standards you can use to bring the same capabilities into your own environment and processes. You’ll see a live demo of VEX documents being automatically ingested and displayed in the JFrog Platform, illustrating how these workflows streamline security operations and accelerate innovation in the AI era.
62
3:20 PM
automation
3:20 PM
automation
Nicholas Shine
Principal Software Engineer
Nicholas Shine is a Principal Software Development Engineer at Cisco on Splunk's SDLC Infrastructure team, and has been with the team for 4 years innovating several critical components within our SDLC systems supporting engineering as a whole.
When not at work, he enjoys family time with his wife and two daughters and hobbies like homelab / automation, woodworking, and drone photography.
JFrog Artifactory Active/Active HA DR infrastructure Split-Horizon DNS for Public/Private Access
JFrog Artifactory Active/Active HA DR infrastructure Split-Horizon DNS for Public/Private Access
Salon H
Learn how to implement JFrog Artifactory & JFrog Xray as an active/active HA DR implementation (self-hosted in AWS) with a hybrid private/public access model via Split-Horizon DNS resolution.
- Split-Horizon DNS for public/private access
- DNS routing & resolution options
- IAC via Terraform & CI/CD
- Failover operations / upgrade strategy
- Access Federation / Mission Control
Learn how to implement JFrog Artifactory & JFrog Xray as an active/active HA DR implementation (self-hosted in AWS) with a hybrid private/public access model via Split-Horizon DNS resolution.
- Split-Horizon DNS for public/private access
- DNS routing & resolution options
- IAC via Terraform & CI/CD
- Failover operations / upgrade strategy
- Access Federation / Mission Control
63
4:00 PM
4:00 PM
Show Closing at Expo
Meritage Building - Terrace
Best Speaker Award & Raffle Winner Announcements
Best Speaker Award & Raffle Winner Announcements
