Agenda

Hands-on Training | Keynotes | Breakout Sessions | Networking
October 20-22, 2026
Training Day
October 20th
Conference Day 1
October 21st
Conference Day 2
October 22nd

1

8:00 AM
Registration & Breakfast
TUE 8:00 AM - 9:00 AM

2

9:00 AM
Morning
Artifactory & Xray Automation Masterclass: Terraform & Advanced Orchestration
David Robin | Senior Solution Engineer
Tom Paz | Solution Engineer
TUE 9:00 AM - 12:30 PM
Intermediate
Add to calendar
    2026-10-20T09:00:00+0000
    2026-10-20T12:30:00+0000
    10/20/2026 9:00 am
    10/20/2026 12:30 pm
    Artifactory & Xray Automation Masterclass: Terraform & Advanced Orchestration
    Advanced Lifecycle Automation using Terraform, JFrog MCP Server, and One Model GraphQL. This session focuses on building a high-performance automation frameworks using Terraform and the JFrog CLI, enabling DevOps teams to orchestrate complex Project environments and AI workflows with zero manual friction. What You Will Learn: - Scalable Project Management: Implementing JFrog Projects to automate resource isolation, quota management, and delegated administration for growing organizations. - The Terraform Blueprint: Master the JFrog Terraform Provider to provision repositories, security policies, and user permissions as a repeatable service. - Governing AI with MCP: Configuring the MCP (Model Context Protocol) Registry to automate the discovery and security of AI agents and tool servers. - Advanced Querying & Auth: How to leverage One Model GraphQL Authentication to perform high-performance, cross-product queries - getting deep insights into artifact metadata and security evidence through a single, secure endpoint. Who Should Sign Up: - DevOps Engineers & SREs who want and need to move away from "ticket-based" work and implement a fully automated, self-service platform. - Platform Architects designing the infrastructure for multi-team scalability and centralized security enforcement. - System Administrators looking to integrate advanced GraphQL-based reporting and AI tool governance into their CI/CD pipelines.
    3
    americas
  • Apple
  • Google
  • Outlook
  • Outlook.com
  • Yahoo
Advanced Lifecycle Automation using Terraform, JFrog MCP Server, and One Model GraphQL. This session focuses on building a high-performance automation frameworks using Terraform and the JFrog CLI, enabling DevOps teams to orchestrate complex Project environments and AI workflows with zero manual friction. What You Will Learn: - Scalable Project Management: Implementing JFrog Projects to automate resource isolation, quota management, and delegated administration for growing organizations. - The Terraform Blueprint: Master the JFrog Terraform Provider to provision repositories, security policies, and user permissions as a repeatable service. - Governing AI with MCP: Configuring the MCP (Model Context Protocol) Registry to automate the discovery and security of AI agents and tool servers. - Advanced Querying & Auth: How to leverage One Model GraphQL Authentication to perform high-performance, cross-product queries - getting deep insights into artifact metadata and security evidence through a single, secure endpoint. Who Should Sign Up: - DevOps Engineers & SREs who want and need to move away from "ticket-based" work and implement a fully automated, self-service platform. - Platform Architects designing the infrastructure for multi-team scalability and centralized security enforcement. - System Administrators looking to integrate advanced GraphQL-based reporting and AI tool governance into their CI/CD pipelines.

3

Morning
JFrog Security Full Shift: Leveraging JFrog Curation for Automated Remediation
Mark Whitby | Solution Architect
Micky Gorelick | Technical Instructor
TUE 9:00 AM - 12:30 PM
Intermediate
Add to calendar
    2026-10-20T09:00:00+0000
    2026-10-20T12:30:00+0000
    10/20/2026 9:00 am
    10/20/2026 12:30 pm
    JFrog Security Full Shift: Leveraging JFrog Curation for Automated Remediation
    Combine JFrog Curation with local SAST (via MCP), Frogbot, and Snippet Detection to bridge the gap between policy enforcement and seamless violation fixes. Course Objective: Learn to deploy a "Developer-First" security strategy that blocks malicious packages before they hit your cache and uses AI-powered agents to detect plagiarized code in real-time. Bridge the gap between Security and Development by stopping threats at the front door and automating fixes directly in the SCM. What You Will Learn - JFrog Curation: How to proactively block malicious or non-compliant open-source packages at the point of download. - IDE & Git Integration: How to use Frogbot to scan Pull Requests and provide instant feedback to developers before code is merged. - Developer-Centric SAST: Identify "exposed secrets" and security flaws in proprietary code during the initial coding stage and apply agentic remidiation - with MCP. - Early Remediation: Utilize JFrog’s contextual analysis to fix the most critical issues early, saving time upstream and reducing downstream friction. Who Should Sign Up: - AppSec Engineers looking to move from reactive scanning to proactive, automated policy enforcement at the entry point. - Developers using AI-assisted coding tools who want to catch and fix vulnerabilities, secrets, and license risks directly in their IDE or PR. - DevOps Leaders tasked with reducing MTTR (Mean Time to Remediation) by automating the "autofix" lifecycle for vulnerable packages.
    3
    americas
  • Apple
  • Google
  • Outlook
  • Outlook.com
  • Yahoo
Combine JFrog Curation with local SAST (via MCP), Frogbot, and Snippet Detection to bridge the gap between policy enforcement and seamless violation fixes. Course Objective: Learn to deploy a "Developer-First" security strategy that blocks malicious packages before they hit your cache and uses AI-powered agents to detect plagiarized code in real-time. Bridge the gap between Security and Development by stopping threats at the front door and automating fixes directly in the SCM. What You Will Learn - JFrog Curation: How to proactively block malicious or non-compliant open-source packages at the point of download. - IDE & Git Integration: How to use Frogbot to scan Pull Requests and provide instant feedback to developers before code is merged. - Developer-Centric SAST: Identify "exposed secrets" and security flaws in proprietary code during the initial coding stage and apply agentic remidiation - with MCP. - Early Remediation: Utilize JFrog’s contextual analysis to fix the most critical issues early, saving time upstream and reducing downstream friction. Who Should Sign Up: - AppSec Engineers looking to move from reactive scanning to proactive, automated policy enforcement at the entry point. - Developers using AI-assisted coding tools who want to catch and fix vulnerabilities, secrets, and license risks directly in their IDE or PR. - DevOps Leaders tasked with reducing MTTR (Mean Time to Remediation) by automating the "autofix" lifecycle for vulnerable packages.

4

Morning
JFrog AI Masterclass: Governance & Security in the Agentic SDLC
Pavel Klushin | Senior Solution Engineering, JFrog ML
Yalin Arie | Solution Engineering
TUE 9:00 AM - 12:30 PM
Advanced
Add to calendar
    2026-10-20T09:00:00+0000
    2026-10-20T12:30:00+0000
    10/20/2026 9:00 am
    10/20/2026 12:30 pm
    JFrog AI Masterclass: Governance & Security in the Agentic SDLC
    Optimizing Management, Security, and Governance for every AI asset in the Agentic Workflows. This course provides a deep dive into the industry's most complete AI registry solution. Learn how to transform your agentic supply chain by establishing a single system of record for centralized governance. We will guide you from discovering hidden Shadow AI blind spots to building a trusted, unified organizational hub for managing ML models, MCP servers, and more. What You Will Learn: - Building a Unified AI Architecture: Discover how to use the JFrog AI Catalog as your centralized "Single Source of Truth" for AI Assets including Models, External Model APIs, MCPs and more - Proactive Security & Scanning: Leverage JFrog’s advanced security features to detect Shadow AI usage, block malicious models, surface critical vulnerabilities (CVEs), and enforce strict license compliance - Full-Spectrum AI Governance: Learn how to discover, curate, and "Allow List" approved AI assets using automated, enterprise-grade policy enforcement to stop non-compliant AI Assets at the gate - Secure Agentic Workflows: Master the management of MCP servers to safely bridge AI assistants (like Cursor and Claude) with your private enterprise data - without compromising security or bypassing governance. Who Should Sign Up: - DevSecOps Engineers tasked with applying the same "Binary-First" approach to AI Agents as they do to traditional software artifacts. - Software Engineers who want to safely integrate AI coding assistants (like Cursor) into their workflows using a single-line configuration to connect with vetted internal tools and MCP servers.. - DevOps Engineers designing the infrastructure to support secure, and scalable AI workflows.
    3
    americas
  • Apple
  • Google
  • Outlook
  • Outlook.com
  • Yahoo
Optimizing Management, Security, and Governance for every AI asset in the Agentic Workflows. This course provides a deep dive into the industry's most complete AI registry solution. Learn how to transform your agentic supply chain by establishing a single system of record for centralized governance. We will guide you from discovering hidden Shadow AI blind spots to building a trusted, unified organizational hub for managing ML models, MCP servers, and more. What You Will Learn: - Building a Unified AI Architecture: Discover how to use the JFrog AI Catalog as your centralized "Single Source of Truth" for AI Assets including Models, External Model APIs, MCPs and more - Proactive Security & Scanning: Leverage JFrog’s advanced security features to detect Shadow AI usage, block malicious models, surface critical vulnerabilities (CVEs), and enforce strict license compliance - Full-Spectrum AI Governance: Learn how to discover, curate, and "Allow List" approved AI assets using automated, enterprise-grade policy enforcement to stop non-compliant AI Assets at the gate - Secure Agentic Workflows: Master the management of MCP servers to safely bridge AI assistants (like Cursor and Claude) with your private enterprise data - without compromising security or bypassing governance. Who Should Sign Up: - DevSecOps Engineers tasked with applying the same "Binary-First" approach to AI Agents as they do to traditional software artifacts. - Software Engineers who want to safely integrate AI coding assistants (like Cursor) into their workflows using a single-line configuration to connect with vetted internal tools and MCP servers.. - DevOps Engineers designing the infrastructure to support secure, and scalable AI workflows.

5

Full Day
JFrog at Global Scale: Architecting to Make the Complex Simple
Guy Yuval-Baharav | Solution Architect
Yonatan Brand | Professional Services Engineer
TUE 9:00 AM - 5:00 PM
Intermediate
Add to calendar
    2026-10-20T09:00:00+0000
    2026-10-20T17:00:00+0000
    10/20/2026 9:00 am
    10/20/2026 5:00 pm
    JFrog at Global Scale: Architecting to Make the Complex Simple
    Optimizing the Software Supply Chain Workflow, Multi-Site Sync, and Automated Policy Enforcement. This full-day course covers follow the evolution of an organization. Learn to architect a unified platform that integrates disparate sites or teams, synchronizes artifacts globally, and enforces a "Trusted Release" lifecycle that evolves with the business at any scale. This will be a comprehensive deep dive into the latest JFrog Platform and capabilities. What You Will Learn: - Global Integration (Scale & Storage Optimization): How to implement Federated Repositories and JFrog Bridge for bi-directional synchronization and Advanced Retention Policies. - Proactive Security & Remediation: Deploying JFrog Curation to block malicious packages at the perimeter and Frogbot for automated, developer-centric vulnerability patching within the SCM. - Contextual Security & AI Governance: Utilizing Xray for runtime vulnerability prioritization and centralization the AI lifecycle via the JFrog AI Catalog to secure model usage and agentic workflows. - AppTrust & The Trusted Release: How to master evidence-based governance using GraphQL and automated security gates to ensure only compliant, signed binaries reach production. Who Should Sign Up: - Platform Architects tasked with designing an end-to-end, "Secure-by-Design" software delivery pipeline. - DevOps Leaders looking to standardize their global toolchain and eliminate fragmented "security silos". - Security & Compliance Officers who need to implement automated, evidence-based governance across the entire software lifecycle.
    8
    americas
  • Apple
  • Google
  • Outlook
  • Outlook.com
  • Yahoo
Optimizing the Software Supply Chain Workflow, Multi-Site Sync, and Automated Policy Enforcement. This full-day course covers follow the evolution of an organization. Learn to architect a unified platform that integrates disparate sites or teams, synchronizes artifacts globally, and enforces a "Trusted Release" lifecycle that evolves with the business at any scale. This will be a comprehensive deep dive into the latest JFrog Platform and capabilities. What You Will Learn: - Global Integration (Scale & Storage Optimization): How to implement Federated Repositories and JFrog Bridge for bi-directional synchronization and Advanced Retention Policies. - Proactive Security & Remediation: Deploying JFrog Curation to block malicious packages at the perimeter and Frogbot for automated, developer-centric vulnerability patching within the SCM. - Contextual Security & AI Governance: Utilizing Xray for runtime vulnerability prioritization and centralization the AI lifecycle via the JFrog AI Catalog to secure model usage and agentic workflows. - AppTrust & The Trusted Release: How to master evidence-based governance using GraphQL and automated security gates to ensure only compliant, signed binaries reach production. Who Should Sign Up: - Platform Architects tasked with designing an end-to-end, "Secure-by-Design" software delivery pipeline. - DevOps Leaders looking to standardize their global toolchain and eliminate fragmented "security silos". - Security & Compliance Officers who need to implement automated, evidence-based governance across the entire software lifecycle.

6

12:30 PM
Lunch
TUE 12:30 PM - 1:30 PM

7

1:30 PM
Afternoon
JFrog Enterprise and Multi-Site Synchronization
Galit Nadler | Solution Architect
Carmine Acanfora | Solution Architect
TUE 1:30 PM - 5:00 PM
Intermediate
Add to calendar
    2026-10-20T13:30:00+0000
    2026-10-20T17:00:00+0000
    10/20/2026 1:30 pm
    10/20/2026 5:00 pm
    JFrog Enterprise and Multi-Site Synchronization
    Optimizing Global Artifact Distribution and Bi-Directional Sync for Low-Latency Development. This session focuses on how you can eliminate downtime and synchronization lag by mastering Federated Repositories and multi-site replication strategies. The session will provide a technical blueprint for building a resilient, high-availability JFrog environment that spans multiple regions and sites. What You Will Learn: - High Availability (HA) Clusters: How to tune multi-node environments for zero-downtime load balancing. - Multi-Site Synchronization: Implementing bi-directional, real-time sync via Federated Repositories to ensure a "Single Source of Truth" across international sites and locations. - Federated Curation: How to enforce unified security policies across global sites so every region can block malicious packages simultaneously. - Disaster Recovery (DR): How to architect redundant systems and failover protocols to protect mission-critical binaries and deployments. Who Should Sign Up: - Security Architects & Compliance Officers who are responsible for defining and enforcing software governance that meets strict NIST/CRA regulatory standards. - DevOps & Platform Leads looking to implement standardized "Trust" workflows that integrate seamlessly with existing ServiceNow approval processes. - System Administrators and technical leads responsible for ensuring the JFrog infrastructure supports automated trust checks and compliant artifact delivery without manual bottlenecks.
    3
    americas
  • Apple
  • Google
  • Outlook
  • Outlook.com
  • Yahoo
Optimizing Global Artifact Distribution and Bi-Directional Sync for Low-Latency Development. This session focuses on how you can eliminate downtime and synchronization lag by mastering Federated Repositories and multi-site replication strategies. The session will provide a technical blueprint for building a resilient, high-availability JFrog environment that spans multiple regions and sites. What You Will Learn: - High Availability (HA) Clusters: How to tune multi-node environments for zero-downtime load balancing. - Multi-Site Synchronization: Implementing bi-directional, real-time sync via Federated Repositories to ensure a "Single Source of Truth" across international sites and locations. - Federated Curation: How to enforce unified security policies across global sites so every region can block malicious packages simultaneously. - Disaster Recovery (DR): How to architect redundant systems and failover protocols to protect mission-critical binaries and deployments. Who Should Sign Up: - Security Architects & Compliance Officers who are responsible for defining and enforcing software governance that meets strict NIST/CRA regulatory standards. - DevOps & Platform Leads looking to implement standardized "Trust" workflows that integrate seamlessly with existing ServiceNow approval processes. - System Administrators and technical leads responsible for ensuring the JFrog infrastructure supports automated trust checks and compliant artifact delivery without manual bottlenecks.

8

Afternoon
Operationalizing Xray & Advanced Security: Embedding Continuous Security Across Your Artifact Lifecy
Hamza Zaoui | Strategic Solutions Architect, Field CTO
Fabien Louis | Professional Services Architect
TUE 1:30 PM - 5:00 PM
Advanced
Add to calendar
    2026-10-20T13:30:00+0000
    2026-10-20T17:00:00+0000
    10/20/2026 1:30 pm
    10/20/2026 5:00 pm
    Operationalizing Xray & Advanced Security: Embedding Continuous Security Across Your Artifact Lifecy
    Transforming Threat Intelligence into Actionable Insights via the Security Dashboard This course focuses on the Build and Runtime phases, ensuring that no artifact- no matter how it was created—moves to production without deep inspection and policy validation. You will be able to implement automated, continuous security guardrails across the entire software lifecycle. What You Will Learn - Continuous Scanning: Automating Xray scans within CI/CD pipelines (Jenkins, GitHub Actions, etc.) to intercept compromised builds. - Vulnerability Prioritization: Use Advanced Security to determine if a vulnerable component is actually reachable in your specific runtime environment. - Compliance & Auditability: Utilizing Audit Events for Xray to ensure compliance accountability for all security actions. Who Should Sign Up: - DevOps Engineers responsible for building and maintaining secure automated pipelines. - Security Engineers designing the end-to-end governance for the complete Software Supply Chain. - Compliance Officers who need to ensure every production release has
    3
    americas
  • Apple
  • Google
  • Outlook
  • Outlook.com
  • Yahoo
Transforming Threat Intelligence into Actionable Insights via the Security Dashboard This course focuses on the Build and Runtime phases, ensuring that no artifact- no matter how it was created—moves to production without deep inspection and policy validation. You will be able to implement automated, continuous security guardrails across the entire software lifecycle. What You Will Learn - Continuous Scanning: Automating Xray scans within CI/CD pipelines (Jenkins, GitHub Actions, etc.) to intercept compromised builds. - Vulnerability Prioritization: Use Advanced Security to determine if a vulnerable component is actually reachable in your specific runtime environment. - Compliance & Auditability: Utilizing Audit Events for Xray to ensure compliance accountability for all security actions. Who Should Sign Up: - DevOps Engineers responsible for building and maintaining secure automated pipelines. - Security Engineers designing the end-to-end governance for the complete Software Supply Chain. - Compliance Officers who need to ensure every production release has

9

Afternoon
AppTrust Essentials: Get CRA & SLSA Ready - Mastering DevGovOps & Supply Chain Integrity
Tal Etinger | Senior Strategic Solution Architect
Eli Kopelevitch | Professional Services Architect
TUE 1:30 PM - 5:00 PM
Intermediate
Add to calendar
    2026-10-20T13:30:00+0000
    2026-10-20T17:00:00+0000
    10/20/2026 1:30 pm
    10/20/2026 5:00 pm
    AppTrust Essentials: Get CRA & SLSA Ready - Mastering DevGovOps & Supply Chain Integrity
    Driving Compliant Releases with Evidence-Based Controls, Rego Policies, and ServiceNow Integration. Transition from reactive security to proactive, automated governance. This course provides the technical blueprint for using JFrog AppTrust as the orchestration layer for "Trusted Releases," binding technical security metadata to business-ready compliance evidence that satisfies NIST and CRA mandates. What You Will Learn: - Identity & Provenance (SLSA): Using build attestations to cryptographically prove the origin and integrity of every artifact in your supply chain. - Mastering the SBOM Lifecycle: Generating, managing, and exporting enriched Software Bill of Materials (SBOMs) to meet global regulatory transparency requirements (RCA). - Automated Trust Policies: Setting the "Minimum Bar" for your organization using Policy as Code to automate complex approval logic and security gates. - ServiceNow ITSM Integration: Automating the bridge between DevOps and IT Operations by triggering ServiceNow Change Requests and status updates based on real-time security evidence and AppTrust gates. Who Should Sign Up: - Security Architects & Compliance Officers who are responsible for defining and enforcing software governance that meets strict NIST/CRA regulatory standards. - DevOps & Platform Leads looking to implement standardized "Trust" workflows that integrate seamlessly with existing ServiceNow approval processes. - System Administrators and technical leads responsible for ensuring the JFrog infrastructure supports automated trust checks and compliant artifact delivery without manual bottlenecks.
    3
    americas
  • Apple
  • Google
  • Outlook
  • Outlook.com
  • Yahoo
Driving Compliant Releases with Evidence-Based Controls, Rego Policies, and ServiceNow Integration. Transition from reactive security to proactive, automated governance. This course provides the technical blueprint for using JFrog AppTrust as the orchestration layer for "Trusted Releases," binding technical security metadata to business-ready compliance evidence that satisfies NIST and CRA mandates. What You Will Learn: - Identity & Provenance (SLSA): Using build attestations to cryptographically prove the origin and integrity of every artifact in your supply chain. - Mastering the SBOM Lifecycle: Generating, managing, and exporting enriched Software Bill of Materials (SBOMs) to meet global regulatory transparency requirements (RCA). - Automated Trust Policies: Setting the "Minimum Bar" for your organization using Policy as Code to automate complex approval logic and security gates. - ServiceNow ITSM Integration: Automating the bridge between DevOps and IT Operations by triggering ServiceNow Change Requests and status updates based on real-time security evidence and AppTrust gates. Who Should Sign Up: - Security Architects & Compliance Officers who are responsible for defining and enforcing software governance that meets strict NIST/CRA regulatory standards. - DevOps & Platform Leads looking to implement standardized "Trust" workflows that integrate seamlessly with existing ServiceNow approval processes. - System Administrators and technical leads responsible for ensuring the JFrog infrastructure supports automated trust checks and compliant artifact delivery without manual bottlenecks.
No matching sessions were found

Thank You for Registering!

Looking forward to swamp with you
Close Window

Thank You!

Thank you for inquiring about sponsoring swampUP 2024. We’ll be in touch shortly!
Close Window