Agenda

Keynotes | Hands-on Labs | Networking

September 1-3 2026

Full agenda will be announced in May

Training Day
September 1st
Conference Day 1
September 2nd
Conference Day 2
September 3rd

1

7:00 AM
Registration
TUE 7:00 AM - 8:30 AM

2

8:30 AM
Morning
Artifactory & Xray Automation Masterclass: Terraform & Advanced Orchestration
Erik Adelson | Senior Solution Engineer
Alex Shumilov | Professional Services Architect https://sessionize.com/image/bbe8-400o400o1-TDh85EksYsYY56yA5eEEJm.jpg Alex is a Solution Architect with over two decades of IT experience, specializing in cloud modernization and AI-driven application portfolio analysis. He has a proven track record of helping enterprises modernize legacy applications using methodologies like 12-factor app and Domain-Driven Design, and is an expert in designing and deploying cloud-native applications with microservices architectures. Passionate about leveraging cloud and AI technologies to drive efficiency and cost savings.
Jordan Levy | Senior Technical Success Manager https://sessionize.com/image/1716-400o400o1-pG9HYaZ4CR7r8KN6brgLg1.png Jordan Levy is a Senior Technical Success Manager passionate about partnering with enterprise customers to drive DevOps and DevSecOps scalability. By working directly with engineering teams, Jordan helps organizations confidently adopt advanced lifecycle automation using Terraform, the JFrog CLI, and GraphQL. Jordan focuses on empowering customers to enforce centralized security, automate AI tool governance, and eliminate manual friction from their day-to-day CI/CD pipelines.
TUE 8:30 AM - 12:00 PM
Intermediate
Add to calendar
    2026-09-01T08:30:00+0000
    2026-09-01T12:00:00+0000
    09/01/2026 8:30 am
    09/01/2026 12:00 pm
    Artifactory & Xray Automation Masterclass: Terraform & Advanced Orchestration
    Advanced Lifecycle Automation using Terraform, JFrog MCP Server , and One Model GraphQL. Course Objective: This session focuses on building a high-performance automation frameworks using Terraform and the JFrog CLI, enabling DevOps teams to orchestrate complex Project environments and AI workflows with zero manual friction. What You Will Learn: - Scalable Project Management: Implementing JFrog Projects to automate resource isolation, quota management, and delegated administration for growing organizations. - The Terraform Blueprint: Master the JFrog Terraform Provider to provision repositories, security policies, and user permissions as a repeatable service. - Governing AI with MCP: Configuring the MCP (Model Context Protocol) Registry to automate the discovery and security of AI agents and tool servers. - Advanced Querying & Auth: How to leverage One Model GraphQL Authentication to perform high-performance, cross-product queries—getting deep insights into artifact metadata and security evidence through a single, secure endpoint. Who Should Sign Up: - DevOps Engineers & SREs who want and need to move away from "ticket-based" work and implement a fully automated, self-service platform. - Platform Architects designing the infrastructure for multi-team scalability and centralized security enforcement. - System Administrators looking to integrate advanced GraphQL-based reporting and AI tool governance into their CI/CD pipelines. Walk away with the knowledge to build production-ready Terraform automation frameworks that eliminate manual friction points in project environments and AI workflows.
    3
    americas
  • Apple
  • Google
  • Outlook
  • Outlook.com
  • Yahoo
Advanced Lifecycle Automation using Terraform, JFrog MCP Server , and One Model GraphQL. Course Objective: This session focuses on building a high-performance automation frameworks using Terraform and the JFrog CLI, enabling DevOps teams to orchestrate complex Project environments and AI workflows with zero manual friction. What You Will Learn: - Scalable Project Management: Implementing JFrog Projects to automate resource isolation, quota management, and delegated administration for growing organizations. - The Terraform Blueprint: Master the JFrog Terraform Provider to provision repositories, security policies, and user permissions as a repeatable service. - Governing AI with MCP: Configuring the MCP (Model Context Protocol) Registry to automate the discovery and security of AI agents and tool servers. - Advanced Querying & Auth: How to leverage One Model GraphQL Authentication to perform high-performance, cross-product queries—getting deep insights into artifact metadata and security evidence through a single, secure endpoint. Who Should Sign Up: - DevOps Engineers & SREs who want and need to move away from "ticket-based" work and implement a fully automated, self-service platform. - Platform Architects designing the infrastructure for multi-team scalability and centralized security enforcement. - System Administrators looking to integrate advanced GraphQL-based reporting and AI tool governance into their CI/CD pipelines. Walk away with the knowledge to build production-ready Terraform automation frameworks that eliminate manual friction points in project environments and AI workflows.

3

Morning
JFrog Security Full Shift: Leveraging JFrog Curation for Automated Remediation
Selva Sabapathy | Strategic Solution Architect https://sessionize.com/image/6927-400o400o1-pqAs4vSdQgT4LUrngkbpSy.png With over two decades of experience in distributed enterprise software and DevOps architectures in the payments industry, Selva progressively gained deep expertise to master the complexities of developing highly available, secure software products. Selva serves as a trusted advisor at JFrog, partnering with strategic customers to guide their DevSecOps excellence journeys. In this capacity, he leverages a wealth of SDLC best practices to help organizations optimize their delivery pipelines and enhance their security posture. His role as a strategic consultant effectively bridges the gap between complex technical requirements and streamlined operational execution. A fifth-year instructor for swampUP Training, Selva holds both a Bachelor’s and a Master’s degree in Computer Science.
Kushal Madireddy | Senior Solutions Engineer https://sessionize.com/image/f9da-400o400o1-RmigPrz1yWwDtam5gJ2VbP.jpg Before joining JFrog in 2022, Kushal was a Software Architect with Product Owner experience for more than a decade. Having played pivotal roles in establishing best practices using JFrog Platform, he brings in a unique perspective to help customers unlock the true potential of Dev-Sec-ML Ops within their organization. He’s a conference speaker, home DIYer (Austin, TX native), gadget enthusiast and enjoys automating things with the push of a button.
Dylan Moses | Solution Architect https://sessionize.com/image/29db-400o400o1-fgdeA9QCM4N1ezmfTAU9mQ.jpg Dylan Moses is a Solutions Architect at JFrog, helping organizations secure and optimize their software supply chains. With a background spanning cloud architecture and cybersecurity — including certifications in AWS Solutions Architecture and Certified Ethical Hacker — he brings hands-on expertise across the JFrog platform. A Virginia Tech graduate, Dylan is passionate about helping engineering teams ship software faster without compromising security.
TUE 8:30 AM - 12:00 PM
Intermediate
Add to calendar
    2026-09-01T08:30:00+0000
    2026-09-01T12:00:00+0000
    09/01/2026 8:30 am
    09/01/2026 12:00 pm
    JFrog Security Full Shift: Leveraging JFrog Curation for Automated Remediation
    Combine JFrog Curation with local SAST (via MCP), Frogbot, and Snippet Detection to bridge the gap between policy enforcement and seamless violation fixes. Course Objective: Learn to deploy a "Developer-First" security strategy that blocks malicious packages before they hit your cache and uses AI-powered agents to detect plagiarized code in real-time. Bridge the gap between Security and Development by stopping threats at the front door and automating fixes directly in the SCM. What You Will Learn - JFrog Curation: How to proactively block malicious or non-compliant open-source packages at the point of download. - IDE & Git Integration: How to use Frogbot to scan Pull Requests and provide instant feedback to developers before code is merged. - Developer-Centric SAST: Identify "exposed secrets" and security flaws in proprietary code during the initial coding stage and apply agentic remidiation - with MCP. - Early Remediation: Utilize JFrog’s contextual analysis to fix the most critical issues early, saving time upstream and reducing downstream friction. Who Should Sign Up: - AppSec Engineers looking to move from reactive scanning to proactive, automated policy enforcement at the entry point. - Developers using AI-assisted coding tools who want to catch and fix vulnerabilities, secrets, and license risks directly in their IDE or PR. - DevOps Leaders tasked with reducing MTTR (Mean Time to Remediation) by automating the "autofix" lifecycle for vulnerable packages. Create Developer-First security strategies that stop malicious packages before they hit your cache, and see how to utilize AI-powered agents to detect plagiarized code in real-time.
    3
    americas
  • Apple
  • Google
  • Outlook
  • Outlook.com
  • Yahoo
Combine JFrog Curation with local SAST (via MCP), Frogbot, and Snippet Detection to bridge the gap between policy enforcement and seamless violation fixes. Course Objective: Learn to deploy a "Developer-First" security strategy that blocks malicious packages before they hit your cache and uses AI-powered agents to detect plagiarized code in real-time. Bridge the gap between Security and Development by stopping threats at the front door and automating fixes directly in the SCM. What You Will Learn - JFrog Curation: How to proactively block malicious or non-compliant open-source packages at the point of download. - IDE & Git Integration: How to use Frogbot to scan Pull Requests and provide instant feedback to developers before code is merged. - Developer-Centric SAST: Identify "exposed secrets" and security flaws in proprietary code during the initial coding stage and apply agentic remidiation - with MCP. - Early Remediation: Utilize JFrog’s contextual analysis to fix the most critical issues early, saving time upstream and reducing downstream friction. Who Should Sign Up: - AppSec Engineers looking to move from reactive scanning to proactive, automated policy enforcement at the entry point. - Developers using AI-assisted coding tools who want to catch and fix vulnerabilities, secrets, and license risks directly in their IDE or PR. - DevOps Leaders tasked with reducing MTTR (Mean Time to Remediation) by automating the "autofix" lifecycle for vulnerable packages. Create Developer-First security strategies that stop malicious packages before they hit your cache, and see how to utilize AI-powered agents to detect plagiarized code in real-time.

4

Morning
JFrog AI Masterclass: Governance & Security in the Agentic SDLC
Patrick Russell | Support Training Manager
Anantha Kalusivalingam | Solution Architect
Pavel Klushin | Senior Manager of Solution Engineering @JFrog https://sessionize.com/image/d89a-400o400o1-7cCD9rHx52pNASrhm67LW8.jpg Pavel Klushin is an ML expert with over ten years of expertise in cloud engineering. His work focuses on integrating AI with cloud infrastructures, enhancing performance and driving innovation across various industries.
TUE 8:30 AM - 12:00 PM
Advanced
Add to calendar
    2026-09-01T08:30:00+0000
    2026-09-01T12:00:00+0000
    09/01/2026 8:30 am
    09/01/2026 12:00 pm
    JFrog AI Masterclass: Governance & Security in the Agentic SDLC
    Optimizing Management, Security, and Governance for every AI asset in the Agentic Workflows. Course Objective: This course provides a deep dive into the industry's most complete AI registry solution. Learn how to transform your agentic supply chain by establishing a single system of record for centralized governance . We will guide you from discovering hidden Shadow AI blind spots to building a trusted, unified organizational hub for managing ML models, MCP servers, and more What You Will Learn: - Building a Unified AI Architecture: Discover how to use the JFrog AI Catalog as your centralized "Single Source of Truth" for AI Assets including Models, External Model APIs, MCPs and more - Proactive Security & Scanning: Leverage JFrog’s advanced security features to detect Shadow AI usage, block malicious models, surface critical vulnerabilities (CVEs), and enforce strict license compliance - Full-Spectrum AI Governance: Learn how to discover, curate, and "Allow List" approved AI assets using automated, enterprise-grade policy enforcement to stop non-compliant AI Assets at the gate - Secure Agentic Workflows: Master the management of MCP servers to safely bridge AI assistants (like Cursor and Claude) with your private enterprise data - without compromising security or bypassing governance Who Should Sign Up: - DevSecOps Engineers tasked with applying the same "Binary-First" approach to AI Agents as they do to traditional software artifacts. - Software Engineers who want to safely integrate AI coding assistants (like Cursor) into their workflows using a single-line configuration to connect with vetted internal tools and MCP servers.. - DevOps Engineers designing the infrastructure to support secure, and scalable AI workflows. Take control of your agentic software supply chain with the industry's most complete AI registry solution. Learn to uncover Shadow AI blind spots to build a trusted, unified hub for governing AI models, MCP servers, and more.
    3
    americas
  • Apple
  • Google
  • Outlook
  • Outlook.com
  • Yahoo
Optimizing Management, Security, and Governance for every AI asset in the Agentic Workflows. Course Objective: This course provides a deep dive into the industry's most complete AI registry solution. Learn how to transform your agentic supply chain by establishing a single system of record for centralized governance . We will guide you from discovering hidden Shadow AI blind spots to building a trusted, unified organizational hub for managing ML models, MCP servers, and more What You Will Learn: - Building a Unified AI Architecture: Discover how to use the JFrog AI Catalog as your centralized "Single Source of Truth" for AI Assets including Models, External Model APIs, MCPs and more - Proactive Security & Scanning: Leverage JFrog’s advanced security features to detect Shadow AI usage, block malicious models, surface critical vulnerabilities (CVEs), and enforce strict license compliance - Full-Spectrum AI Governance: Learn how to discover, curate, and "Allow List" approved AI assets using automated, enterprise-grade policy enforcement to stop non-compliant AI Assets at the gate - Secure Agentic Workflows: Master the management of MCP servers to safely bridge AI assistants (like Cursor and Claude) with your private enterprise data - without compromising security or bypassing governance Who Should Sign Up: - DevSecOps Engineers tasked with applying the same "Binary-First" approach to AI Agents as they do to traditional software artifacts. - Software Engineers who want to safely integrate AI coding assistants (like Cursor) into their workflows using a single-line configuration to connect with vetted internal tools and MCP servers.. - DevOps Engineers designing the infrastructure to support secure, and scalable AI workflows. Take control of your agentic software supply chain with the industry's most complete AI registry solution. Learn to uncover Shadow AI blind spots to build a trusted, unified hub for governing AI models, MCP servers, and more.

5

Full Day
JFrog at Global Scale: Architecting to Make the Complex Simple
Marcelo Litovsky | Strategic Solution Architect
Chaitanya Govande | Senior DevOps Solution Engineer
TUE 8:30 AM - 3:20 PM
Intermediate
Add to calendar
    2026-09-01T08:30:00+0000
    2026-09-01T15:20:00+0000
    09/01/2026 8:30 am
    09/01/2026 3:20 pm
    JFrog at Global Scale: Architecting to Make the Complex Simple
    Optimizing the Software Supply Chain Workflow, Multi-Site Sync, and Automated Policy Enforcement. Course Objective: This full-day course covers follow the evolution of an organization. Learn to architect a unified platform that integrates disparate sites or teams, synchronizes artifacts globally, and enforces a "Trusted Release" lifecycle that evolves with the business at any scale. This will be a comprehensive deep dive into the latest JFrog Platform and capabilities. What You Will Learn: - Global Integration (Scale & Storage Optimization): How to implement Federated Repositories and JFrog Bridge for bi-directional synchronization and Advanced Retention Policies. - Proactive Security & Remediation: Deploying JFrog Curation to block malicious packages at the perimeter and Frogbot for automated, developer-centric vulnerability patching within the SCM. - Contextual Security & AI Governance: Utilizing Xray for runtime vulnerability prioritization and centralization the AI lifecycle via the JFrog AI Catalog to secure model usage and agentic workflows. - AppTrust & The Trusted Release: How to master evidence-based governance using GraphQL and automated security gates to ensure only compliant, signed binaries reach production. Who Should Sign Up: - Platform Architects tasked with designing an end-to-end, "Secure-by-Design" software delivery pipeline. - DevOps Leaders looking to standardize their global toolchain and eliminate fragmented "security silos." - Security & Compliance Officers who need to implement automated, evidence-based governance across the entire software lifecycle. Utilize the latest JFrog Platform capabilities to architect a unified environment that integrates disparate sites and teams, synchronizes artifacts globally, and enforces a Trusted Release lifecycle.
    6
    americas
  • Apple
  • Google
  • Outlook
  • Outlook.com
  • Yahoo
Optimizing the Software Supply Chain Workflow, Multi-Site Sync, and Automated Policy Enforcement. Course Objective: This full-day course covers follow the evolution of an organization. Learn to architect a unified platform that integrates disparate sites or teams, synchronizes artifacts globally, and enforces a "Trusted Release" lifecycle that evolves with the business at any scale. This will be a comprehensive deep dive into the latest JFrog Platform and capabilities. What You Will Learn: - Global Integration (Scale & Storage Optimization): How to implement Federated Repositories and JFrog Bridge for bi-directional synchronization and Advanced Retention Policies. - Proactive Security & Remediation: Deploying JFrog Curation to block malicious packages at the perimeter and Frogbot for automated, developer-centric vulnerability patching within the SCM. - Contextual Security & AI Governance: Utilizing Xray for runtime vulnerability prioritization and centralization the AI lifecycle via the JFrog AI Catalog to secure model usage and agentic workflows. - AppTrust & The Trusted Release: How to master evidence-based governance using GraphQL and automated security gates to ensure only compliant, signed binaries reach production. Who Should Sign Up: - Platform Architects tasked with designing an end-to-end, "Secure-by-Design" software delivery pipeline. - DevOps Leaders looking to standardize their global toolchain and eliminate fragmented "security silos." - Security & Compliance Officers who need to implement automated, evidence-based governance across the entire software lifecycle. Utilize the latest JFrog Platform capabilities to architect a unified environment that integrates disparate sites and teams, synchronizes artifacts globally, and enforces a Trusted Release lifecycle.

6

12:00 PM
Lunch
TUE 12:00 PM - 1:00 PM

7

1:00 PM
Afternoon
JFrog Enterprise and Multi-Site Synchronization
Rami Zilberstien | Head of Professional Services Architecture https://sessionize.com/image/780f-400o400o1-PxCwrHvx1Zz5kBJTiTGJTE.jpg Rami is currently leading the Professional Services Architects group globally at JFrog, a role he has held for the past two years. Before this, he served as a Solution Engineering Manager at JFrog for four years. With over 20 years of experience in engineering, consulting, training, and enterprise change management, Rami brings a wealth of knowledge and expertise to the tech industry. An appreciated speaker, Rami is passionate about sharing insights from his extensive career. In his spare time, he enjoys exploring topics such as history, economics, geo-politics, nature, and sports.
Guy Yuval-Baharav | Solution Architect https://sessionize.com/image/73da-400o400o1-Xv2kweZ32Z6CHxQvNMURmp.jpg My role as solutions Architect at JFrog has been instrumental in accelerating the delivery of secure and reliable software solutions. With a focus on Secure development, MLOps and Agentic development, I've empowered teams to integrate security into the full lifecycle of application development, ensuring faster and trusted releases. In collaboration with cross-functional teams, I've led the adoption of CI/CD processes, fostering a culture of continuous improvement and deployment. My approach to selecting and implementing cutting-edge technologies has streamlined operations and fortified the architecture of new solutions. Committed to excellence, I continually drive the evolution of our practices, keeping us at the forefront of the industry.
Yarden Gitta | Product Manager https://sessionize.com/image/0cdd-400o400o1-PFhTRLEUBfYoUBdmv3Vo2E.jpg Yarden is a Product Manager in JFrog Platform Services Core, where he transforms complex technical challenges into scalable solutions. Previously a Technical Success Manager at JFrog, he partnered with enterprises to optimize their DevOps environments, focusing on driving customer adoption through hands-on support and solving critical pain points. He brings a unique perspective to the platform, combining technical expertise with a deep understanding of customer needs to build mission-critical products that empower global engineering teams.
TUE 1:00 PM - 4:30 PM
Intermediate
Add to calendar
    2026-09-01T13:00:00+0000
    2026-09-01T16:30:00+0000
    09/01/2026 1:00 pm
    09/01/2026 4:30 pm
    JFrog Enterprise and Multi-Site Synchronization
    Optimizing Global Artifact Distribution and Bi-Directional Sync for Low-Latency Development. Course Objective: This session focuses on how you can eliminate downtime and synchronization lag by mastering Federated Repositories and multi-site replication strategies. The session will provide a technical blueprint for building a resilient, high-availability JFrog environment that spans multiple regions and sites. What You Will Learn: - High Availability (HA) Clusters: How to tune multi-node environments for zero-downtime load balancing. - Multi-Site Synchronization: Implementing bi-directional, real-time sync via Federated Repositories to ensure a "Single Source of Truth" across international sites and locations. - Federated Curation: How to enforce unified security policies across global sites so every region can block malicious packages simultaneously. - Disaster Recovery (DR): How to architect redundant systems and failover protocols to protect mission-critical binaries and deployments. Who Should Sign Up: - Infrastructure Architects responsible for designing global, multi-region software distribution networks. - Senior DevOps Engineers tasked with maintaining 99.99% availability for enterprise-scale JFrog deployments. - IT Operations Leads looking to streamline global collaboration and ensure data consistency across international sites. Leave this session with your own blueprint for a resilient, high-availability JFrog environment, built on Federated Repositories and multi-site replication.
    3
    americas
  • Apple
  • Google
  • Outlook
  • Outlook.com
  • Yahoo
Optimizing Global Artifact Distribution and Bi-Directional Sync for Low-Latency Development. Course Objective: This session focuses on how you can eliminate downtime and synchronization lag by mastering Federated Repositories and multi-site replication strategies. The session will provide a technical blueprint for building a resilient, high-availability JFrog environment that spans multiple regions and sites. What You Will Learn: - High Availability (HA) Clusters: How to tune multi-node environments for zero-downtime load balancing. - Multi-Site Synchronization: Implementing bi-directional, real-time sync via Federated Repositories to ensure a "Single Source of Truth" across international sites and locations. - Federated Curation: How to enforce unified security policies across global sites so every region can block malicious packages simultaneously. - Disaster Recovery (DR): How to architect redundant systems and failover protocols to protect mission-critical binaries and deployments. Who Should Sign Up: - Infrastructure Architects responsible for designing global, multi-region software distribution networks. - Senior DevOps Engineers tasked with maintaining 99.99% availability for enterprise-scale JFrog deployments. - IT Operations Leads looking to streamline global collaboration and ensure data consistency across international sites. Leave this session with your own blueprint for a resilient, high-availability JFrog environment, built on Federated Repositories and multi-site replication.

8

Afternoon
Operationalizing Advanced Security: Embedding Continuous Security Across Your Artifact Lifecycle
Maharshi Patel | Solution Architect
Aaron Croissette | Professional Services DevOps Senior Engineer
Gowtham Neerukonda | Solutions Architect https://sessionize.com/image/c66c-400o400o1-U2G7hKZVNWyy8FbuuzcL8W.png Gowtham is a Solution Architect with vast experience in system architecture & design, solution brainstorming, and whiteboarding in the areas of DevOps, CI/CD workflows, artifact & SDLC management, cloud migrations, software supply chain management, and DevSecOps best practices. He has been helping JFrog customers since 2019 with deep-dive evaluations, large-scale multi-region and multi-cloud enterprise deployments, and integrations for enhancing developer experience. He is well-versed in building technical & business champions and turning tactical customers into strategic partners.
TUE 1:00 PM - 4:30 PM
Advanced
Add to calendar
    2026-09-01T13:00:00+0000
    2026-09-01T16:30:00+0000
    09/01/2026 1:00 pm
    09/01/2026 4:30 pm
    Operationalizing Advanced Security: Embedding Continuous Security Across Your Artifact Lifecycle
    Transforming Threat Intelligence into Actionable Insights via the Security Dashboard. Course Objective: This course focuses on the Build and Runtime phases, ensuring that no artifact—no matter how it was created—moves to production without deep inspection and policy validation. You will be able to implement automated, continuous security guardrails across the entire software lifecycle. What You Will Learn - Continuous Scanning: Automating Xray scans within CI/CD pipelines (Jenkins, GitHub Actions, etc.) to intercept compromised builds. - Vulnerability Prioritization: Use Advanced Security to determine if a vulnerable component is actually reachable in your specific runtime environment. - Compliance & Auditability: Utilizing Audit Events for Xray to ensure compliance accountability for all security actions. Who Should Sign Up: - DevOps Engineers responsible for building and maintaining secure automated pipelines. - Security Engineers designing the end-to-end governance for the complete Software Supply Chain. - Compliance Officers who need to ensure every production release has a clean bill of health. Implement automated security guardrails, ensuring every artifact, regardless of origin, is validated against policy before it reaches production.
    3
    americas
  • Apple
  • Google
  • Outlook
  • Outlook.com
  • Yahoo
Transforming Threat Intelligence into Actionable Insights via the Security Dashboard. Course Objective: This course focuses on the Build and Runtime phases, ensuring that no artifact—no matter how it was created—moves to production without deep inspection and policy validation. You will be able to implement automated, continuous security guardrails across the entire software lifecycle. What You Will Learn - Continuous Scanning: Automating Xray scans within CI/CD pipelines (Jenkins, GitHub Actions, etc.) to intercept compromised builds. - Vulnerability Prioritization: Use Advanced Security to determine if a vulnerable component is actually reachable in your specific runtime environment. - Compliance & Auditability: Utilizing Audit Events for Xray to ensure compliance accountability for all security actions. Who Should Sign Up: - DevOps Engineers responsible for building and maintaining secure automated pipelines. - Security Engineers designing the end-to-end governance for the complete Software Supply Chain. - Compliance Officers who need to ensure every production release has a clean bill of health. Implement automated security guardrails, ensuring every artifact, regardless of origin, is validated against policy before it reaches production.

9

Afternoon
AppTrust Essentials: Get NIST & SLSA Ready: Mastering DevGovOps & Supply Chain Integrity
Tom Johander | Strategic Solution Architect
Paul Davis | Field CISO https://sessionize.com/image/c0e5-400o400o1-WFGNeCUmnubJt4VBJMkh6r.jpg Paul Davis is a distinguished IT security leader with over 20 years of experience shaping secure solutions for organizations worldwide. His career highlights include serving as CISO for a Fortune 10 company, CSO for critical infrastructure sectors, Director of Security Operations at a major stock exchange, and head of a global incident response team. In his role as Field CISO at JFrog, Paul draws on this extensive expertise to help organizations strengthen their software supply chains and implement end-to-end security. His background encompasses systems engineering, program management, software development, and operations. Paul has successfully launched software companies, developed innovative solutions, and delivered transformative services for global enterprises
Chris Whateley | Professional Services DevOps Architect https://sessionize.com/image/4f4f-400o400o1-LaaRZNWBNeNzMUyr6X7zJ1.jpg Chris is a DevOps Architect in the JFrog professional services group. With over 20 years of experience in the space, he brings experience from all sides of the DevSecOps practice having come up through the ranks as a developer/architect in a range of industries from software, semiconductor, finance, medical to telco. Chris is passionate about DevSecOps and automation in general, appreciating simple elegant solutions to complex technical problems. In his spare time, travel, food, the outdoors and the ocean compete with family for some cycles.
TUE 1:00 PM - 4:30 PM
Intermediate
Add to calendar
    2026-09-01T13:00:00+0000
    2026-09-01T16:30:00+0000
    09/01/2026 1:00 pm
    09/01/2026 4:30 pm
    AppTrust Essentials: Get NIST & SLSA Ready: Mastering DevGovOps & Supply Chain Integrity
    Driving Compliant Releases with Evidence-Based Controls, Rego Policies, and ServiceNow Integration. Course Objective: Transition from reactive security to proactive, automated governance. This course provides the technical blueprint for using JFrog AppTrust as the orchestration layer for "Trusted Releases," binding technical security metadata to business-ready compliance evidence that satisfies NIST and CRA mandates. What You Will Learn: - Identity & Provenance (SLSA): Using build attestations to cryptographically prove the origin and integrity of every artifact in your supply chain. - Mastering the SBOM Lifecycle: Generating, managing, and exporting enriched Software Bill of Materials (SBOMs) to meet global regulatory transparency requirements (NIST). - Automated Trust Policies: Setting the "Minimum Bar" for your organization using Policy as Code to automate complex approval logic and security gates. - ServiceNow ITSM Integration: Automating the bridge between DevOps and IT Operations by triggering ServiceNow Change Requests and status updates based on real-time security evidence and AppTrust gates. Who Should Sign Up: - Security Architects & Compliance Officers who are responsible for defining and enforcing software governance that meets strict NIST/CRA regulatory standards. - DevOps & Platform Leads looking to implement standardized "Trust" workflows that integrate seamlessly with existing ServiceNow approval processes. - System Administrators and technical leads responsible for ensuring the JFrog infrastructure supports automated trust checks and compliant artifact delivery without manual bottlenecks. Architect a technical blueprint for using JFrog AppTrust as your orchestration layer, that binds security metadata to compliance evidence, that satisfies NIST, CRA & other mandates, for trusted releases.
    3
    americas
  • Apple
  • Google
  • Outlook
  • Outlook.com
  • Yahoo
Driving Compliant Releases with Evidence-Based Controls, Rego Policies, and ServiceNow Integration. Course Objective: Transition from reactive security to proactive, automated governance. This course provides the technical blueprint for using JFrog AppTrust as the orchestration layer for "Trusted Releases," binding technical security metadata to business-ready compliance evidence that satisfies NIST and CRA mandates. What You Will Learn: - Identity & Provenance (SLSA): Using build attestations to cryptographically prove the origin and integrity of every artifact in your supply chain. - Mastering the SBOM Lifecycle: Generating, managing, and exporting enriched Software Bill of Materials (SBOMs) to meet global regulatory transparency requirements (NIST). - Automated Trust Policies: Setting the "Minimum Bar" for your organization using Policy as Code to automate complex approval logic and security gates. - ServiceNow ITSM Integration: Automating the bridge between DevOps and IT Operations by triggering ServiceNow Change Requests and status updates based on real-time security evidence and AppTrust gates. Who Should Sign Up: - Security Architects & Compliance Officers who are responsible for defining and enforcing software governance that meets strict NIST/CRA regulatory standards. - DevOps & Platform Leads looking to implement standardized "Trust" workflows that integrate seamlessly with existing ServiceNow approval processes. - System Administrators and technical leads responsible for ensuring the JFrog infrastructure supports automated trust checks and compliant artifact delivery without manual bottlenecks. Architect a technical blueprint for using JFrog AppTrust as your orchestration layer, that binds security metadata to compliance evidence, that satisfies NIST, CRA & other mandates, for trusted releases.

10

4:30 PM
Welcome Reception
TUE 4:30 PM - 6:00 PM

11

7:30 AM
Registration & Breakfast
WED 7:30 AM - 9:00 AM
Hop in, grab your badge, and fuel up. Coffee’s hot, breakfast is served, and the day is ready to take off.

12

9:30 AM
Morning Keynotes
WED 9:30 AM - 12:30 PM
Leap into the future of trusted software and AI with JFrog’s founders as they unpack how AI is reshaping the software supply chain. As autonomous agents move from assistants to builders… writing code, resolving dependencies, and producing binaries at machine speed. Join us to see how the rules of trust are being rewritten.

13

12:30 PM
Lunch
WED 12:30 PM - 1:30 PM
Take a breather, grab a bite, and make a few new connections.

14

1:30 PM
Afternoon Breakout Sessions
WED 1:30 PM - 5:00 PM
With over 100 session submissions from our global community, swampUP 2026 delivers real-world insights across DevOps, security, and AI. These sessions focus on what it takes to build, secure, and scale a modern software supply chain, from evidence-based trust and AI security to developer experience and platform modernization. Whether you’re driving innovation, strengthening governance, or operationalizing AI at scale, you’ll walk away with practical strategies to master today’s software supply chain.

15

5:00 PM
Happy Hour
WED 5:00 PM - 7:00 PM
Time to unwind and celebrate. Great food, great vibes, and even better company.

16

7:00 PM
Swamp After Dark
WED 7:00 PM - 10:00 PM
Join us for a refined, immersive experience filled with conversation, celebration, and connection among industry leaders.

17

7:30 AM
Registration & Breakfast
THU 7:30 AM - 9:00 AM
Ease into the day… grab breakfast, reconnect with peers, and get ready for what’s next.

18

9:00 AM
Morning Keynotes
THU 9:00 AM - 12:00 PM
Start your day with fresh perspectives and bold ideas. See how teams are scaling trust across the software and AI supply chain.

19

12:00 PM
Lunch
THU 12:00 PM - 1:30 PM
Refuel, recharge, and reconnect before diving back in.

20

1:30 PM
Afternoon Breakout Sessions
THU 1:30 PM - 3:30 PM
Go deeper, get practical, and leave with insights you can put into action immediately… no fluff, just results.

21

4:00 PM
Closing & Awards
THU 4:00 PM - 4:30 PM
We’ll wrap things up with key takeaways and celebrate the builders, innovators, and teams setting the standard for trusted software in this new AI era.
No matching sessions were found

Thank You for Registering!

Looking forward to swamp with you
Close Window

Thank You!

Thank you for inquiring about sponsoring swampUP 2024. We’ll be in touch shortly!
Close Window