AGENDA

The Annual DevOps, DevSecOps, MLOps User Conference

Plan your schedule for swampUP 2025 and reserve your spot before sessions reach capacity!

September 8-10, 2025

Day 1
September 9th
Day 2
September 10th

0

7:30 AM
7:30 AM
Registration
Vintner's Dining Room

1

8:30 AM
Add to calendar
speaker image
8:30 AM
Ronny Belenitsky Director of Product Ronny is a Product Director at JFrog, where he leads strategic initiatives across DevSecOps and SDLC innovation. With a strong background in cloud-native technologies and application lifecycle management, Ronny plays a key role in shaping products that empower enterprise engineering teams to build and release software more quickly and securely. Prior to JFrog, Ronny was the VP of Product at Titan, where he scaled product organizations, launched market-leading solutions, and drove enterprise adoption globally. He brings over 15 years of experience in building impactful software products, combining technical depth with strategic vision. Secure & Streamline Your Software Supply Chain with JFrog, Trusted Builds with GitHub and JFrog, Strengthening SDLC Integrity, Step by Step
Secure & Streamline Your Software Supply Chain with JFrog
Salon A
Effective Release Lifecycle Management is key to ensuring secure, traceable, and efficient software delivery. Join us for this workshop with hand-on practice to learn how JFrog’s platform can help you automate workflows, improve collaboration, and ensure security and compliance throughout your software supply chain. Key Skills you can Expect to Learn: • Tracking and managing software artifacts throughout the lifecycle • Automating release processes with CI/CD pipeline integration • Implementing immutable releases and ensuring security compliance • Enhancing team collaboration for smoother software delivery • Exclusive Preview of JFrog’s upcoming product features Who Should Attend? • DevOps & Software Engineers • Release Managers & QA Professionals • Security Engineers & CISOs • Technology Leaders (CTOs, CIOs) Don’t miss out on transforming your software delivery process. Sign up today!
Effective Release Lifecycle Management is key to ensuring secure, traceable, and efficient software delivery. Join us for this workshop with hand-on practice to learn how JFrog’s platform can help you automate workflows, improve collaboration, and ensure security and compliance throughout your software supply chain. Key Skills you can Expect to Learn: • Tracking and managing software artifacts throughout the lifecycle • Automating release processes with CI/CD pipeline integration • Implementing immutable releases and ensuring security compliance • Enhancing team collaboration for smoother software delivery • Exclusive Preview of JFrog’s upcoming product features Who Should Attend? • DevOps & Software Engineers • Release Managers & QA Professionals • Security Engineers & CISOs • Technology Leaders (CTOs, CIOs) Don’t miss out on transforming your software delivery process. Sign up today!

2

8:30 AM
Add to calendar
8:30 AM
From Code to Runtime: Protecting Your Software Supply Chain
Salon B
Managing your software supply chain from code inception to runtime deployment is crucial for security, compliance, and efficiency. This workshop will guide you through best practices to serve as the gatekeeper of your supply chain, embedding security, automating processes, and ensuring compliance throughout the SDLC. Key Skills Learned: • Understand the essentials of securing your software supply chain. • Identify and mitigate common risks and vulnerabilities in the supply chain. • Integrate security practices throughout your SDLC (e.g., code review, dependency management, artifact scanning). • Leverage JFrog tools like Xray and JFrog Advanced Security for secure artifact management. • Automate security and compliance checks, and streamline deployment. • Implement real-time monitoring and incident response strategies. Who Should Attend? • Software Developers and Engineers • DevOps Professionals • Security Engineers • Project Managers & Team Leaders Take control of your software supply chain - secure, streamline, and safeguard the journey from code to runtime.
Managing your software supply chain from code inception to runtime deployment is crucial for security, compliance, and efficiency. This workshop will guide you through best practices to serve as the gatekeeper of your supply chain, embedding security, automating processes, and ensuring compliance throughout the SDLC. Key Skills Learned: • Understand the essentials of securing your software supply chain. • Identify and mitigate common risks and vulnerabilities in the supply chain. • Integrate security practices throughout your SDLC (e.g., code review, dependency management, artifact scanning). • Leverage JFrog tools like Xray and JFrog Advanced Security for secure artifact management. • Automate security and compliance checks, and streamline deployment. • Implement real-time monitoring and incident response strategies. Who Should Attend? • Software Developers and Engineers • DevOps Professionals • Security Engineers • Project Managers & Team Leaders Take control of your software supply chain - secure, streamline, and safeguard the journey from code to runtime.

3

8:30 AM
Add to calendar
8:30 AM
JFrog Artifactory Foundations: Optimize & Secure Your Software Pipeline
Salon K
Development teams struggle with securing artifacts, automating complex workflows, and maintaining compliance across various stages of the software development lifecycle (SDLC). This workshop addresses those challenges by showing you how to effectively use JFrog tools - Artifactory and Xray - to streamline and secure your SSC, making it easier to automate processes, identify vulnerabilities, and integrate security from start to finish. Key Skills Learned: • Use JFrog tools to manage, secure, and automate your software supply chain. • Set up and manage repositories and automate CI/CD pipelines efficiently. • Implement security best practices across your software lifecycle. Who Should Attend? • DevOps Engineers looking to integrate security into their workflows. • Security Engineers focused on strengthening their software supply chain. • Software Engineers interested in automating and securing their delivery pipelines. Join us to improve your DevSecOps practices and secure your software supply chain from start to finish.
Development teams struggle with securing artifacts, automating complex workflows, and maintaining compliance across various stages of the software development lifecycle (SDLC). This workshop addresses those challenges by showing you how to effectively use JFrog tools - Artifactory and Xray - to streamline and secure your SSC, making it easier to automate processes, identify vulnerabilities, and integrate security from start to finish. Key Skills Learned: • Use JFrog tools to manage, secure, and automate your software supply chain. • Set up and manage repositories and automate CI/CD pipelines efficiently. • Implement security best practices across your software lifecycle. Who Should Attend? • DevOps Engineers looking to integrate security into their workflows. • Security Engineers focused on strengthening their software supply chain. • Software Engineers interested in automating and securing their delivery pipelines. Join us to improve your DevSecOps practices and secure your software supply chain from start to finish.

4

8:30 AM
Add to calendar
8:30 AM
Mastering Scalable Architectures for Global Enterprises with JFrog
Salon J
As enterprises scale their operations globally, creating architectures that are resilient, available, and adaptable to hybrid and multi-cloud environments becomes critical. This workshop dives into designing scalable, enterprise-level SDLC architectures, leveraging JFrog tools to meet the complex needs of modern digital ecosystems. You’ll gain hands-on experience in addressing performance, redundancy, and global collaboration challenges while ensuring operational efficiency. Key Skills Learned: • Articulate the key components and benefits of an enterprise-scale architecture for your organization. • Implement scalable solutions that enhance reliability and resilience across multi-cloud environments. • Select and design deployment topologies that meet enterprise-specific requirements. • Anticipate and address potential operational, security, and compliance challenges. • Create a blueprint that supports operational continuity and global collaboration. Who Should Attend: • DevOps and IT Architects. • Principal and Senior Engineers. • Systems Administrators. • Network Engineers. • IT Decision-Makers. Start architecting for the future of enterprise-scale success!
As enterprises scale their operations globally, creating architectures that are resilient, available, and adaptable to hybrid and multi-cloud environments becomes critical. This workshop dives into designing scalable, enterprise-level SDLC architectures, leveraging JFrog tools to meet the complex needs of modern digital ecosystems. You’ll gain hands-on experience in addressing performance, redundancy, and global collaboration challenges while ensuring operational efficiency. Key Skills Learned: • Articulate the key components and benefits of an enterprise-scale architecture for your organization. • Implement scalable solutions that enhance reliability and resilience across multi-cloud environments. • Select and design deployment topologies that meet enterprise-specific requirements. • Anticipate and address potential operational, security, and compliance challenges. • Create a blueprint that supports operational continuity and global collaboration. Who Should Attend: • DevOps and IT Architects. • Principal and Senior Engineers. • Systems Administrators. • Network Engineers. • IT Decision-Makers. Start architecting for the future of enterprise-scale success!

5

8:30 AM
Add to calendar
8:30 AM
GitHub Actions for JFrog: Streamlining Workflows and Enhancing Security
Salon H
This workshop provides a comprehensive exploration of integrating the Jfrog Platform with GitHub to optimize your software development lifecycle. Through hands-on exercises, participants will learn how to leverage GitHub Actions to automate workflows and connect them seamlessly with JFrog for efficient artifact management, CI/CD, and security. The session will cover essential practices for secure authentication, build information management, and vulnerability scanning, demonstrating how these integrations streamline development processes and enhance collaboration. Key Skills Learned: - OIDC Authentication: understand and implement OpenID Connect (OIDC) for secure authentication between GitHub and JFrog. - GitHub Actions Automation: learn to automate CI/CD workflows using GitHub Actions and integrate them with the JFrog platform. - JFrog Advanced Security Integration: discover how to integrate JFrog Advanced Security with GitHub Advanced Security for comprehensive vulnerability scanning and remediation. - Source Code Scanning: bulk Installation across multiple repositories. Who Should Attend: - Software Developers & Engineers - DevOps Professionals - Security Engineers - Team Leaders & Project Managers Enhance your software development process by integrating JFrog and GitHub to automate workflows, improve security, and streamline artifact management.
This workshop provides a comprehensive exploration of integrating the Jfrog Platform with GitHub to optimize your software development lifecycle. Through hands-on exercises, participants will learn how to leverage GitHub Actions to automate workflows and connect them seamlessly with JFrog for efficient artifact management, CI/CD, and security. The session will cover essential practices for secure authentication, build information management, and vulnerability scanning, demonstrating how these integrations streamline development processes and enhance collaboration. Key Skills Learned: - OIDC Authentication: understand and implement OpenID Connect (OIDC) for secure authentication between GitHub and JFrog. - GitHub Actions Automation: learn to automate CI/CD workflows using GitHub Actions and integrate them with the JFrog platform. - JFrog Advanced Security Integration: discover how to integrate JFrog Advanced Security with GitHub Advanced Security for comprehensive vulnerability scanning and remediation. - Source Code Scanning: bulk Installation across multiple repositories. Who Should Attend: - Software Developers & Engineers - DevOps Professionals - Security Engineers - Team Leaders & Project Managers Enhance your software development process by integrating JFrog and GitHub to automate workflows, improve security, and streamline artifact management.

6

12:00 PM
12:00 PM
Training Day Lunch
Vintner's Dining Room

7

1:00 PM
Add to calendar
1:00 PM
Foundations of DevSecOps: Avoiding Software Supply Chain Attacks
Salon K
With software supply chain attacks on the rise, security risks have never been more critical. This hands-on workshop focuses on JFrog’s security tools - from shift left to shift right - and how to integrate them into your DevSecOps strategy. We’ll explore how to secure your software supply chain, reduce vulnerabilities, and automate key workflows, ensuring your artifacts and dependencies are safe throughout the development lifecycle. Key Skills Learned: • Understand how JFrog tools from Curation to Xray and Advanced security can accelerate your DevSecOps goals. • Use JFrog security scan capabilities and Developer-Focused Security. • Gain hands-on experience in configuring repositories, scanning for vulnerabilities, and automating delivery pipelines. • Implement best practices to secure your software supply chain, reducing the risk of vulnerabilities and improving compliance. • How to shift security left by embedding security measures early in your SDLC. Who Should Attend: • Engineers working across SDLC phases - Development, Automation, DevOps, and SRE. • Security Engineers focused on securing the software supply chain with the JFrog platform. Join us to deepen your DevSecOps knowledge and enhance your organization’s security posture with JFrog’s trusted tools. Sign Up Today!
With software supply chain attacks on the rise, security risks have never been more critical. This hands-on workshop focuses on JFrog’s security tools - from shift left to shift right - and how to integrate them into your DevSecOps strategy. We’ll explore how to secure your software supply chain, reduce vulnerabilities, and automate key workflows, ensuring your artifacts and dependencies are safe throughout the development lifecycle. Key Skills Learned: • Understand how JFrog tools from Curation to Xray and Advanced security can accelerate your DevSecOps goals. • Use JFrog security scan capabilities and Developer-Focused Security. • Gain hands-on experience in configuring repositories, scanning for vulnerabilities, and automating delivery pipelines. • Implement best practices to secure your software supply chain, reducing the risk of vulnerabilities and improving compliance. • How to shift security left by embedding security measures early in your SDLC. Who Should Attend: • Engineers working across SDLC phases - Development, Automation, DevOps, and SRE. • Security Engineers focused on securing the software supply chain with the JFrog platform. Join us to deepen your DevSecOps knowledge and enhance your organization’s security posture with JFrog’s trusted tools. Sign Up Today!

8

1:00 PM
Add to calendar
speaker image
1:00 PM
Pavel Klushin Senior Manager, Solution Engineering Pavel Klushin is an ML expert with over ten years of expertise in cloud engineering. His work focuses on integrating AI with cloud infrastructures, enhancing performance and driving innovation across various industries. MLOps in Action: From Experimentation to Production, Delivering AI You Can Trust
MLOps in Action: From Experimentation to Production
Salon J
Integrating machine learning with DevOps practices is essential for organizations to stay competitive. This hands-on workshop will introduce you to JFrog ML and its capabilities, empowering data scientists and DevOps teams to seamlessly manage the end-to-end machine learning lifecycle. Learn to securely build, deploy, and maintain machine learning models with JFrog’s powerful platform, while enhancing collaboration between data scientists and DevOps teams. Key Skills Learned: • Seamlessly manage the full ML lifecycle, from experimentation to production, on a single platform. • Track, compare, and version model experiments for optimized decision-making. • Leverage JFrog Advanced Security features to scan models for vulnerabilities and ensure compliance. • Automate training, validation, and deployment processes for faster, more reliable ML results. • Collaborate effectively between data science and DevOps teams to accelerate model development and deployment. Who Should Attend: • Data Scientists. • DevOps Engineers. • IT Professionals & Project Managers. Don’t miss the chance to take your machine learning deployments to the next level. JFrog ML can transform your MLOps processes for greater speed, security, and efficiency.
Integrating machine learning with DevOps practices is essential for organizations to stay competitive. This hands-on workshop will introduce you to JFrog ML and its capabilities, empowering data scientists and DevOps teams to seamlessly manage the end-to-end machine learning lifecycle. Learn to securely build, deploy, and maintain machine learning models with JFrog’s powerful platform, while enhancing collaboration between data scientists and DevOps teams. Key Skills Learned: • Seamlessly manage the full ML lifecycle, from experimentation to production, on a single platform. • Track, compare, and version model experiments for optimized decision-making. • Leverage JFrog Advanced Security features to scan models for vulnerabilities and ensure compliance. • Automate training, validation, and deployment processes for faster, more reliable ML results. • Collaborate effectively between data science and DevOps teams to accelerate model development and deployment. Who Should Attend: • Data Scientists. • DevOps Engineers. • IT Professionals & Project Managers. Don’t miss the chance to take your machine learning deployments to the next level. JFrog ML can transform your MLOps processes for greater speed, security, and efficiency.

9

1:00 PM
Add to calendar
1:00 PM
Compliant SDLC Without Compromise: Navigating Regulations & Beyond with JFrog
Salon H
Maintaining compliance is no longer optional — it’s essential. This workshop guides you through the complexities of compliance regulations while ensuring the security and integrity of your software supply chain. Attendees will explore how JFrog tools, including JFrog Artifactory and JFrog Xray, enable organizations to not only meet regulatory requirements but also establish a culture of compliance excellence. Through hands-on experience, you’ll learn best practices for implementing compliance frameworks within your DevSecOps processes, automate compliance checks, and ensure rigorous security standards are met across the SDLC. Key Skills Learned: • Understand the key compliance requirements relevant to software development and deployment, including: NIST, SLSA, DORA, SOX and more • Use JFrog Artifactory and JFrog Xray to manage open-source and proprietary artifacts while ensuring compliance. • Automate compliance processes with JFrog CLI, REST APIs, and AQL to streamline workflows and reduce human errors. • Implement proactive compliance strategies and integrate security measures early in the SDLC. • Foster a culture of compliance excellence and improve collaboration across security, compliance, and development teams. • Monitor and report compliance status using JFrog tools for ongoing compliance verification. Don’t miss out on learning how JFrog can elevate your compliance strategy.
Maintaining compliance is no longer optional — it’s essential. This workshop guides you through the complexities of compliance regulations while ensuring the security and integrity of your software supply chain. Attendees will explore how JFrog tools, including JFrog Artifactory and JFrog Xray, enable organizations to not only meet regulatory requirements but also establish a culture of compliance excellence. Through hands-on experience, you’ll learn best practices for implementing compliance frameworks within your DevSecOps processes, automate compliance checks, and ensure rigorous security standards are met across the SDLC. Key Skills Learned: • Understand the key compliance requirements relevant to software development and deployment, including: NIST, SLSA, DORA, SOX and more • Use JFrog Artifactory and JFrog Xray to manage open-source and proprietary artifacts while ensuring compliance. • Automate compliance processes with JFrog CLI, REST APIs, and AQL to streamline workflows and reduce human errors. • Implement proactive compliance strategies and integrate security measures early in the SDLC. • Foster a culture of compliance excellence and improve collaboration across security, compliance, and development teams. • Monitor and report compliance status using JFrog tools for ongoing compliance verification. Don’t miss out on learning how JFrog can elevate your compliance strategy.

10

4:30 PM
4:30 PM
Welcome Reception
Vintner's Dining Room

11

7:30 AM
7:30 AM
Registration
Meritage Building - Lobby

12

7:45 AM
7:45 AM
Breakfast
Vintner's Dining Room

13

9:00 AM
Add to calendar
9:00 AM
Shlomi Ben Haim Co-Founder and CEO
Shlomi is Co-Founder and CEO of JFrog, creators of the universal DevOps platform.
He brings over 20 years of experience in building profitable, high-growth information technology companies.
Prior to JFrog, Shlomi was the CEO of AlphaCSP (acquired in 2005 by MalamTeam) and a Major in the Israeli Air Force.
Shlomi holds an MS from Clark University (Massachusetts, USA) and a BA from Ben-Gurion University (Israel).

The Quantum Shift – Rethink Software Supply Chain

alongside

Tariq Shaukat CEO of Sonar
Tariq Shaukat is CEO of Sonar, the leading provider of code quality and code security solutions, and is a member of Sonar’s Board of Directors. Tariq has extensive experience in growing and scaling private and public companies across many domains, including cloud computing, social media, travel, and entertainment.The Quantum Shift – Rethink Software Supply Chain

,

Justin Boitano VP of Enterprise AI at NvidiaJustin Boitano, VP of Enterprise AI at NVIDIA, where he leads enterprise AI software and cybersecurity software development kit offerings that power modern data centers through full-stack accelerated computing. Since joining NVIDIA in 2008, Justin has led multiple business areas at the company, including product innovation and strategic partnerships across the cybersecurity ecosystem.The Quantum Shift – Rethink Software Supply Chain

and

Rahul Tripathi, GVP & GM, ITSM BU at ServiceNow. Rahul Tripathi leads ServiceNow’s flagship IT Service Management business, driving innovation with AI to modernize enterprise IT operations. With over 25 years in cloud, SaaS, and infrastructure, he’s held leadership roles at Skytap, Nutanix, HPE, and Cisco. At swampUP, Rahul will share how AI-powered ITSM is accelerating DevSecOps outcomes, aligning development, security, and operations teams at scale.The Quantum Shift – Rethink Software Supply Chain
The Quantum Shift - Rethink Software Supply Chain
Meritage Ballroom

14

9:45 AM
Add to calendar
9:45 AM
Yoav Landman Co-Founder and CTO Co-Founder and CTO of JFrog, Yoav is the visionary behind Artifactory, the universal artifact repository manager. Prior to founding JFrog, he spent over a decade as a senior consultant specializing in Distributed Computing and Enterprise Build Systems and held several senior technical roles in global organizations. Yoav holds a master’s degree in computing from RMIT University and a Bachelor of Laws (LL.B) from the University of Haifa. AI-Driven DevOps Unleashed: The Future Starts Here
AI-Driven DevOps Unleashed: The Future Starts Here
Meritage Ballroom
The future of DevOps is being transformed with autonomous agents. As the world begins to focus on agentic-driven release management, we will soon experience agents driving crucial processes such as building, securing, and deploying packages alongside automated policy enforcement. These agents are not working in silos - they will (and are) communicating with one another, enabling real-time visibility and management of secure pipelines. In this landmark technical keynote, we will reveal how JFrog is empowering teams to implement this modern approach to agentic software delivery - with minimal manual intervention, and with enhanced security – all in a streamlined release process without losing control!
The future of DevOps is being transformed with autonomous agents. As the world begins to focus on agentic-driven release management, we will soon experience agents driving crucial processes such as building, securing, and deploying packages alongside automated policy enforcement. These agents are not working in silos - they will (and are) communicating with one another, enabling real-time visibility and management of secure pipelines. In this landmark technical keynote, we will reveal how JFrog is empowering teams to implement this modern approach to agentic software delivery - with minimal manual intervention, and with enhanced security – all in a streamlined release process without losing control!

15

10:15 AM
Add to calendar
10:15 AM
Yuval Fernbach VP, MLOps Yuval Fernbach is VP and CTO of MLOps at JFrog, where he leads the integration of a fully managed ML platform following JFrog’s acquisition of Qwak, which he co-founded. With deep expertise in AI and infrastructure, Yuval helps teams streamline the entire ML lifecycle, from data prep to deployment, bridging the worlds of MLOps and DevOps for secure, scalable AI delivery. Trusted AI at Scale: Secure Governance and Scalable Management for Your AI Models
Trusted AI at Scale: Secure Governance and Scalable Management for Your AI Models
Meritage Ballroom
As AI becomes an indispensable part of modern software applications, managing machine learning models with the same rigor as code and binaries is essential. Yet most organizations still treat models as ad-hoc assets: scattered, untracked, and inconsistently governed, creating potentially serious risks around security, compliance, and operational trust. Reminding us of yesterday’s OSS package gold rush, today’s ML/AI Models can originate from many sources: custom-built, open-source, and third-party APIs, each with different risks, ownership boundaries, and lifecycle considerations. In this session, we’ll explore these emerging challenges, and show how advancements in JFrog ML and platform technologies are helping solve them. By treating every type of model as a first-class software artifact, you’ll learn how to integrate model management into your existing DevSecOps pipeline, enable trust by providing visibility, traceability, and evidence-based policy enforcement, and bring the same governance and trust to AI that you already rely on for your software supply chain. It’s time to take back control of AI!
As AI becomes an indispensable part of modern software applications, managing machine learning models with the same rigor as code and binaries is essential. Yet most organizations still treat models as ad-hoc assets: scattered, untracked, and inconsistently governed, creating potentially serious risks around security, compliance, and operational trust. Reminding us of yesterday’s OSS package gold rush, today’s ML/AI Models can originate from many sources: custom-built, open-source, and third-party APIs, each with different risks, ownership boundaries, and lifecycle considerations. In this session, we’ll explore these emerging challenges, and show how advancements in JFrog ML and platform technologies are helping solve them. By treating every type of model as a first-class software artifact, you’ll learn how to integrate model management into your existing DevSecOps pipeline, enable trust by providing visibility, traceability, and evidence-based policy enforcement, and bring the same governance and trust to AI that you already rely on for your software supply chain. It’s time to take back control of AI!

16

10:45 AM
10:45 AM
Coffee Break
Meritage Ballroom

17

11:00 AM
Add to calendar
11:00 AM
Eyal Dyment VP, Security Eyal Dyment leads Security at JFrog, where he is responsible for driving the company’s security product strategy and innovation across the software supply chain. With a deep background in AI, machine learning, and data-driven product development, Eyal brings a unique blend of technical expertise and business acumen to the evolving DevSecOps landscape. Reimagining Trust in Software Releases: A New Approach to Supply Chain Integrity
Yossi Shaul SVP, DevOps Yossi Shaul is the Senior Vice President of DevOps Core at JFrog, where he leads the development of the company's core DevOps platform. With a career spanning over two decades in software engineering and leadership, Yossi has been instrumental in shaping JFrog's comprehensive solutions that integrate DevOps, DevSecOps, and MLOps practices. Reimagining Trust in Software Releases: A New Approach to Supply Chain Integrity
Anand Ahire Head of Product Management - ITSM and DevOps Anand Ahire leads the Product Management organization for IT Service Management and DevOps at ServiceNow. In this role, he shapes and delivers the strategic roadmap for ServiceNow’s DevOps and Value Stream Management (VSM) offerings, empowering enterprises to accelerate release velocity while maintaining rigorous governance. With over 20 years of experience in technology, Anand has dedicated his career to developing market-leading solutions for developers and IT teams. Prior to ServiceNow, he was Vice President and General Manager at Electric Cloud (acquired by CloudBees) and held product leadership positions at BMC Software, driving innovation and growth across multiple product lines. Reimagining Trust in Software Releases: A New Approach to Supply Chain Integrity
Kristina Heidinger Senior Product Manager, Supply Chain Security Tina is a Senior Product Manager at GitHub. She leads strategic initiatives across build integrity, SDLC security, and secure developer and DevOps workflows. Tina plays a key role in developing products that empower customers to adopt security best practices, such as SLSA provenance, and enforce security policies with minimal disruption to developer workflows. Her work enables organizations to strengthen their security posture while maintaining the agility and efficiency that modern software development demands. Reimagining Trust in Software Releases: A New Approach to Supply Chain Integrity, Trusted Builds with GitHub and JFrog
Reimagining Trust in Software Releases: A New Approach to Supply Chain Integrity
Meritage Ballroom
Only secure, verified, compliant software should reach production. Full stop. With increasing pressure on modern development teams to deliver across security and compliance requirements, a fully-secured, attestable pipeline demands complete visibility and control across the entire release lifecycle in a single solution. In this can’t-miss swampUP keynote session, we’ll look at new innovations across JFrog security and platform teams, as well as industry advancements that enable a not just connected, but fully-integrated and robust software supply chain security solution that meets the modern needs of a security-focused, EveryOps reality. Join us for an exclusive look at how this tectonic security shift reshapes what you thought you knew about application security and governance, helping you unlock new levels of confidence in every release.
Only secure, verified, compliant software should reach production. Full stop. With increasing pressure on modern development teams to deliver across security and compliance requirements, a fully-secured, attestable pipeline demands complete visibility and control across the entire release lifecycle in a single solution. In this can’t-miss swampUP keynote session, we’ll look at new innovations across JFrog security and platform teams, as well as industry advancements that enable a not just connected, but fully-integrated and robust software supply chain security solution that meets the modern needs of a security-focused, EveryOps reality. Join us for an exclusive look at how this tectonic security shift reshapes what you thought you knew about application security and governance, helping you unlock new levels of confidence in every release.

18

12:00 PM
Add to calendar
12:00 PM
Asaf Karas CTO, SVP JFrog Security Asaf Karas is the Chief Technology Officer for Security at JFrog, where he leads the vision and development of advanced DevSecOps solutions that secure the software supply chain from code to runtime. With over two decades of experience, including 14 years in Israel’s Defense Forces and as co-founder of embedded security startup VDOO, Asaf brings deep expertise in vulnerability research and real-world threat mitigation. At JFrog, he has spearheaded innovations like JFrog Runtime for cloud-native security and partnered with Hugging Face to secure open-source ML models. A recognized thought leader, Asaf is passionate about bridging DevOps and security through intelligent, scalable tools. Frog-Proof Security: Streamlining The Sec In DevSecOps
Frog-Proof Security: Streamlining The Sec In DevSecOps
Meritage Ballroom
What’s in store for Software Supply Chain security in 2026? With the types of software entering organizations ever-changing, and the volume ever-increasing, DevSecOps teams are facing new, and complex questions at macro and micro levels: How can teams effectively control and curate what enters systems? How can remediation be accelerated, while ensuring accuracy? How will the rising use of AI impact our threat landscape and can DevOps and Security teams truly share ownership of this emerging reality without adding friction? While no one has a crystal ball, JFrog's leading-edge research and impactful real-world insights provide clarity. Join this session to gain critical foresight into the evolving and future software supply chain security challenges that will redefine how you operate. We will dissect recent, high-impact supply chain attacks to reveal malicious threats, and crucially, equip you with practical, implementable solutions for mitigating both current and emerging risks. In a world being built for humans and machines side-by-side, your attack surface is morphing daily. Join this session to explore groundbreaking capabilities and new, exciting approaches that smoothly put the “Sec” back in DevSecOps.
What’s in store for Software Supply Chain security in 2026? With the types of software entering organizations ever-changing, and the volume ever-increasing, DevSecOps teams are facing new, and complex questions at macro and micro levels: How can teams effectively control and curate what enters systems? How can remediation be accelerated, while ensuring accuracy? How will the rising use of AI impact our threat landscape and can DevOps and Security teams truly share ownership of this emerging reality without adding friction? While no one has a crystal ball, JFrog's leading-edge research and impactful real-world insights provide clarity. Join this session to gain critical foresight into the evolving and future software supply chain security challenges that will redefine how you operate. We will dissect recent, high-impact supply chain attacks to reveal malicious threats, and crucially, equip you with practical, implementable solutions for mitigating both current and emerging risks. In a world being built for humans and machines side-by-side, your attack surface is morphing daily. Join this session to explore groundbreaking capabilities and new, exciting approaches that smoothly put the “Sec” back in DevSecOps.

19

12:30 PM
12:30 PM
Lunch
Vintner's Dining Room

24

2:10 PM
2:10 PM
Break
The swamp

29

3:15 PM
3:15 PM
Break
The swamp

34

4:15 PM
4:15 PM
Break
The swamp

39

5:30 PM
5:30 PM
Booth Crawl | Happy Hour
Meritage Building - Terrace

40

7:20 PM
7:20 PM
Gala Dinner: Featuring Celebrity Cellist Tina Guo
Meritage Lawn

41

10:00 PM
10:00 PM
Post Gala Open Bar
Crush lounge

42

7:30 AM
7:30 AM
Registration
Meritage Building - Lobby

43

7:45 AM
7:45 AM
Breakfast
Vintner's Dining Room

44

9:00 AM
Add to calendar
9:00 AM
Jens Eckels VP of Product Marketing Keynote Kickoff
Keynote Kickoff
Meritage Ballroom
Day 2 of swampUP drives practical application of EveryOps’ quantum shift across our industry. Join us, as we sharpen our minds for a day of learning and collaboration.
Day 2 of swampUP drives practical application of EveryOps’ quantum shift across our industry. Join us, as we sharpen our minds for a day of learning and collaboration.

45

9:20 AM
9:20 AM
Stealth Mode Session
Meritage Building - Lobby
Some conference talks are simply too impactful, too important, too forward-looking to expose all the details far in advance. Stay tuned for more info on this exciting session that everyone will be buzzing about - just not yet!
Some conference talks are simply too impactful, too important, too forward-looking to expose all the details far in advance. Stay tuned for more info on this exciting session that everyone will be buzzing about - just not yet!

46

10:05 AM
10:05 AM
Coffee Break
Meritage Building - Terrace

47

10:30 AM
Add to calendar
10:30 AM
Demetrios Brinkmann Founder of MLOps Community Demetrios founded the largest community dealing with productionizing AI and ML models. In April 2020 he fell into leading the MLOps community (more than 75k ML practitioners come together to learn and share experiences) which aims to bring clarity around the operational side of Machine Learning. Since diving into the nitty gritty of Machine Learning he has felt a strong calling to explore the ethical issues surrounding the new tech he covers. In his free time he can be found building stone stackings in the woods with his daughters Ensuring Reliable Evaluation Systems for Your ML
Ensuring Reliable Evaluation Systems for Your ML
Meritage Ballroom
Standard benchmarks often fall short and can be misleading. Leaderboards can erode trust in model claims, as they rarely address specific, real-world needs. In this talk, Demetrios Brinkmann will detail how MLOps engineers and developers can build and continuously update their own evaluation systems to create a strong competitive advantage. He’ll cover how to build a reliable “golden dataset,” optimize data collection, labeling, and utilize the right tools to ensure evaluations truly reflect their intended use case.
Standard benchmarks often fall short and can be misleading. Leaderboards can erode trust in model claims, as they rarely address specific, real-world needs. In this talk, Demetrios Brinkmann will detail how MLOps engineers and developers can build and continuously update their own evaluation systems to create a strong competitive advantage. He’ll cover how to build a reliable “golden dataset,” optimize data collection, labeling, and utilize the right tools to ensure evaluations truly reflect their intended use case.

48

11:20 AM
11:20 AM
EXPO Hall
Meritage Ballroom
Join us to explore all the swampUP sponsors at the Expo Hall! This dedicated time gives you the chance to engage with exhibitors, discover innovative products and services, and network with industry leaders. Experience interactive displays and informative demos showcasing the latest advancements in DevOps, SecOps, AI and ML.
Join us to explore all the swampUP sponsors at the Expo Hall! This dedicated time gives you the chance to engage with exhibitors, discover innovative products and services, and network with industry leaders. Experience interactive displays and informative demos showcasing the latest advancements in DevOps, SecOps, AI and ML.

49

12:10 PM
12:10 PM
Lunch
Vintner's Dining Room

54

2:00 PM
2:00 PM
Break
The swamp

59

3:00 PM
3:00 PM
Break
The swamp

62

3:20 PM
3:20 PM
Stealth Mode Session
Salon J
Some conference talks are simply too impactful, too important, too forward-looking to expose all the details far in advance. Stay tuned for more info on this exciting session that everyone will be buzzing about - just not yet!
Some conference talks are simply too impactful, too important, too forward-looking to expose all the details far in advance. Stay tuned for more info on this exciting session that everyone will be buzzing about - just not yet!

64

4:00 PM
4:00 PM
Show Closing at Expo
Meritage Building - Terrace
Best Speaker Award & Raffle Winner Announcements
Best Speaker Award & Raffle Winner Announcements
No matching sessions were found

Thank You!

Thank you for inquiring about sponsoring swampUP 2024. We’ll be in touch shortly!