Agenda

Hands-on Training | Keynotes | Breakout Sessions | Networking
October 20-22, 2026
Full agenda will be announced in June
Training Day
October 20th
Conference Day 1
October 21st
Conference Day 2
October 22nd

1

8:00 AM
Registration & Breakfast
TUE 8:00 AM - 9:00 AM

2

9:00 AM
Morning
JFrog Security Full Shift: Leveraging JFrog Curation for Automated Remediation
Mark Whitby | Solution Architect | JFrog
Micky Gorelick | Technical Instructor | JFrog
TUE 9:00 AM - 12:30 PM
Intermediate
Add to calendar
Combine JFrog Curation with local SAST (via MCP), Frogbot, and Snippet Detection to bridge the gap between policy enforcement and seamless violation fixes. Course Objective: Learn to deploy a "Developer-First" security strategy that blocks malicious packages before they hit your cache and uses AI-powered agents to detect plagiarized code in real-time. Bridge the gap between Security and Development by stopping threats at the front door and automating fixes directly in the SCM. What You Will Learn - JFrog Curation: How to proactively block malicious or non-compliant open-source packages at the point of download. - IDE & Git Integration: How to use Frogbot to scan Pull Requests and provide instant feedback to developers before code is merged. - Developer-Centric SAST: Identify "exposed secrets" and security flaws in proprietary code during the initial coding stage and apply agentic remidiation - with MCP. - Early Remediation: Utilize JFrog’s contextual analysis to fix the most critical issues early, saving time upstream and reducing downstream friction. Who Should Sign Up: - AppSec Engineers looking to move from reactive scanning to proactive, automated policy enforcement at the entry point. - Developers using AI-assisted coding tools who want to catch and fix vulnerabilities, secrets, and license risks directly in their IDE or PR. - DevOps Leaders tasked with reducing MTTR (Mean Time to Remediation) by automating the "autofix" lifecycle for vulnerable packages.

3

Morning
JFrog AI Masterclass: Governance & Security in the Agentic SDLC
Pavel Klushin | Senior Solution Engineering | JFrog
Yalin Arie | Solution Engineering | JFrog
TUE 9:00 AM - 12:30 PM
Advanced
Add to calendar
Optimizing Management, Security, and Governance for every AI asset in the Agentic Workflows. This course provides a deep dive into the industry's most complete AI registry solution. Learn how to transform your agentic supply chain by establishing a single system of record for centralized governance. We will guide you from discovering hidden Shadow AI blind spots to building a trusted, unified organizational hub for managing ML models, MCP servers, and more. What You Will Learn: - Building a Unified AI Architecture: Discover how to use the JFrog AI Catalog as your centralized "Single Source of Truth" for AI Assets including Models, External Model APIs, MCPs and more - Proactive Security & Scanning: Leverage JFrog’s advanced security features to detect Shadow AI usage, block malicious models, surface critical vulnerabilities (CVEs), and enforce strict license compliance - Full-Spectrum AI Governance: Learn how to discover, curate, and "Allow List" approved AI assets using automated, enterprise-grade policy enforcement to stop non-compliant AI Assets at the gate - Secure Agentic Workflows: Master the management of MCP servers to safely bridge AI assistants (like Cursor and Claude) with your private enterprise data - without compromising security or bypassing governance. Who Should Sign Up: - DevSecOps Engineers tasked with applying the same "Binary-First" approach to AI Agents as they do to traditional software artifacts. - Software Engineers who want to safely integrate AI coding assistants (like Cursor) into their workflows using a single-line configuration to connect with vetted internal tools and MCP servers.. - DevOps Engineers designing the infrastructure to support secure, and scalable AI workflows.

4

Full Day
JFrog at Global Scale: Architecting to Make the Complex Simple
Guy Yuval-Baharav | Solution Architect | JFrog
Yonatan Brand | Professional Services Engineer | JFrog
TUE 9:00 AM - 5:00 PM
Intermediate
Add to calendar
Optimizing the Software Supply Chain Workflow, Multi-Site Sync, and Automated Policy Enforcement. This full-day course covers follow the evolution of an organization. Learn to architect a unified platform that integrates disparate sites or teams, synchronizes artifacts globally, and enforces a "Trusted Release" lifecycle that evolves with the business at any scale. This will be a comprehensive deep dive into the latest JFrog Platform and capabilities. What You Will Learn: - Global Integration (Scale & Storage Optimization): How to implement Federated Repositories and JFrog Bridge for bi-directional synchronization and Advanced Retention Policies. - Proactive Security & Remediation: Deploying JFrog Curation to block malicious packages at the perimeter and Frogbot for automated, developer-centric vulnerability patching within the SCM. - Contextual Security & AI Governance: Utilizing Xray for runtime vulnerability prioritization and centralization the AI lifecycle via the JFrog AI Catalog to secure model usage and agentic workflows. - AppTrust & The Trusted Release: How to master evidence-based governance using GraphQL and automated security gates to ensure only compliant, signed binaries reach production. Who Should Sign Up: - Platform Architects tasked with designing an end-to-end, "Secure-by-Design" software delivery pipeline. - DevOps Leaders looking to standardize their global toolchain and eliminate fragmented "security silos". - Security & Compliance Officers who need to implement automated, evidence-based governance across the entire software lifecycle.

5

Morning
Artifactory & Xray Automation Masterclass: Terraform & Advanced Orchestration
David Robin | Senior Solution Engineer | JFrog
Tom Paz | Solution Engineer | JFrog
TUE 9:00 AM - 12:30 PM
Intermediate
Add to calendar
Advanced Lifecycle Automation using Terraform, JFrog MCP Server, and One Model GraphQL. This session focuses on building a high-performance automation frameworks using Terraform and the JFrog CLI, enabling DevOps teams to orchestrate complex Project environments and AI workflows with zero manual friction. What You Will Learn: - Scalable Project Management: Implementing JFrog Projects to automate resource isolation, quota management, and delegated administration for growing organizations. - The Terraform Blueprint: Master the JFrog Terraform Provider to provision repositories, security policies, and user permissions as a repeatable service. - Governing AI with MCP: Configuring the MCP (Model Context Protocol) Registry to automate the discovery and security of AI agents and tool servers. - Advanced Querying & Auth: How to leverage One Model GraphQL Authentication to perform high-performance, cross-product queries - getting deep insights into artifact metadata and security evidence through a single, secure endpoint. Who Should Sign Up: - DevOps Engineers & SREs who want and need to move away from "ticket-based" work and implement a fully automated, self-service platform. - Platform Architects designing the infrastructure for multi-team scalability and centralized security enforcement. - System Administrators looking to integrate advanced GraphQL-based reporting and AI tool governance into their CI/CD pipelines.

6

12:30 PM
Lunch
TUE 12:30 PM - 1:30 PM

7

1:30 PM
Afternoon
Operationalizing Xray & Advanced Security: Embedding Continuous Security Across Your Artifact Lifecy
Fabien Louis | Professional Services Architect | JFrog
Ohad Zamir | Senior Solution Engineer | JFrog
TUE 1:30 PM - 5:00 PM
Advanced
Add to calendar
Transforming Threat Intelligence into Actionable Insights via the Security Dashboard This course focuses on the Build and Runtime phases, ensuring that no artifact- no matter how it was created—moves to production without deep inspection and policy validation. You will be able to implement automated, continuous security guardrails across the entire software lifecycle. What You Will Learn - Continuous Scanning: Automating Xray scans within CI/CD pipelines (Jenkins, GitHub Actions, etc.) to intercept compromised builds. - Vulnerability Prioritization: Use Advanced Security to determine if a vulnerable component is actually reachable in your specific runtime environment. - Compliance & Auditability: Utilizing Audit Events for Xray to ensure compliance accountability for all security actions. Who Should Sign Up: - DevOps Engineers responsible for building and maintaining secure automated pipelines. - Security Engineers designing the end-to-end governance for the complete Software Supply Chain. - Compliance Officers who need to ensure every production release has

8

Afternoon
AppTrust Essentials: Get CRA and SLSA Ready - Mastering DevGovOps & Supply Chain Integrity
Tal Etinger | Senior Strategic Solution Architect | JFrog
Eli Kopelevitch | Professional Services Architect | JFrog
TUE 1:30 PM - 5:00 PM
Intermediate
Add to calendar
Driving Compliant Releases with Evidence-Based Controls, Rego Policies, and ServiceNow Integration. We will focus on the transition from reactive security to proactive, automated governance. This course provides the technical blueprint for using JFrog AppTrust as the orchestration layer for "Trusted Releases," binding technical security metadata to business-ready compliance evidence that satisfies NIST and CRA mandates. What You Will Learn: - Identity & provenance (SLSA): Using build attestations to cryptographically prove the origin and integrity of every artifact in your supply chain. - Mastering the SBOM lifecycle: Generating, managing, and exporting enriched Software Bill of Materials (SBOMs) to meet global regulatory transparency requirements (RCA). - Automated trust policies: Setting the "Minimum Bar" for your organization using policy as code to automate complex approval logic and security gates. - ServiceNow ITSM integration: Automating the bridge between DevOps and IT operations by triggering ServiceNow change requests and status updates based on real-time security evidence and AppTrust gates.

9

Afternoon
JFrog Enterprise and Multi-Site Synchronization
Carmine Acanfora | Solution Architect | JFrog
Eldad Assis | Principal DevOps Architect, CTO Office | JFrog
TUE 1:30 PM - 5:00 PM
Intermediate
Add to calendar
Optimizing Global Artifact Distribution and Bi-Directional Sync for Low-Latency Development. This session focuses on how you can eliminate downtime and synchronization lag by mastering Federated Repositories and multi-site replication strategies. The session will provide a technical blueprint for building a resilient, high-availability JFrog environment that spans multiple regions and sites. What You Will Learn: - High Availability (HA) Clusters: How to tune multi-node environments for zero-downtime load balancing. - Multi-Site Synchronization: Implementing bi-directional, real-time sync via Federated Repositories to ensure a "Single Source of Truth" across international sites and locations. - Federated Curation: How to enforce unified security policies across global sites so every region can block malicious packages simultaneously. - Disaster Recovery (DR): How to architect redundant systems and failover protocols to protect mission-critical binaries and deployments. Who Should Sign Up: - Security Architects & Compliance Officers who are responsible for defining and enforcing software governance that meets strict NIST/CRA regulatory standards. - DevOps & Platform Leads looking to implement standardized "Trust" workflows that integrate seamlessly with existing ServiceNow approval processes. - System Administrators and technical leads responsible for ensuring the JFrog infrastructure supports automated trust checks and compliant artifact delivery without manual bottlenecks.

10

8:00 AM
Registration & Breakfast
WED 8:00 AM - 9:00 AM
Hop in, grab your badge, and fuel up. Coffee’s hot, breakfast is served, and the day is ready to take off.

11

9:00 AM
Keynote
Morning Keynotes
WED 9:00 AM - 1:00 PM
All Levels
Add to calendar
Leap into the future of trusted software and AI with JFrog’s founders as they unpack how AI is reshaping the software supply chain. Watch as autonomous agents move from assistants to builders by writing code, resolving dependencies, and producing binaries at machine speed. Join us to see how the rules of trust are being rewritten!

12

1:00 PM
Lunch
WED 1:00 PM - 2:00 PM
Take a breather, grab a bite, and make a few new connections.

13

2:00 PM
Session
Securing the Software Supply Chain Without Compromising Developer Experience - DevSecOps Journey
Praveen kumar Pudota | DevEx Lead, Platform Engineering | Husqvarna Group https://cdn.sessionize.com/image/afea-400o400o1-LCfHFNayVzPgdr5dd6tVYN.jpg Praveen is a DevEx Lead within platform engineering at Husqvarna Group, focused on improving developer experience and enabling secure software delivery at scale. He works across engineering and security teams to standardize tooling and drive DevSecOps practices. Currently, Praveen is leading efforts to evaluate JFrog Advanced Security (JAS) and Curation, focusing on balancing strong security controls with a seamless developer experience in enterprise environments.
Ata ul Jamil | Security Architect (Software Supply Chain Security) | Husqvarna Group https://cdn.sessionize.com/image/8053-400o400o1-fh2WiQ1AZRwK1ynct2fadM.jpg Ata ul Jamil is a security and engineering leader with over a decade of experience helping organizations build security practices that actually stick. His background spans cloud and application security, DevSecOps, and secure delivery across industries ranging from finance and energy to healthcare and aviation. Ata holds a Master's degree in Computer Science, several security certifications, and has always worked closest to the seam between engineering and security, where the real friction lives. He cares about making security something teams understand and own, not something imposed on them.
WED 2:00 PM - 2:45 PM
All Levels
Add to calendar
Software supply chain attacks are no longer theoretical. From dependency confusion to malicious packages slipping through undetected, the threat is real, active, and growing. Most organizations know they need to act, but the moment security starts slowing developers down, it stops being adopted. This tension is exactly what Husqvarna Group set out to solve. Husqvarna's engineering organization spans a broad, multi-platform ecosystem across multiple languages and stacks. At this scale, the challenges are familiar to many - security tooling that grows organically, visibility fragmented across multiple screens and systems, and no single end-to-end view of supply chain risk. Developer experience feels the pressure of context-switching, alert fatigue, and security processes that drift away from how engineers actually work. Add CRA and NIS2 obligations to the mix, and the case for a more coherent, integrated approach becomes hard to ignore. This session tells the story of how Husqvarna built a DevSecOps practice with one non-negotiable principle - security had to work with developers, not against them. That meant rethinking what shifting left actually looks like in practice and co-designing the workflow with engineering teams from day one, surfacing the right vulnerabilities in the right context, and distinguishing between what exists and what is actually applicable, so developers act on signal, not noise. You'll leave this session with - A clear picture of how JFrog Advanced Security and Curator can be applied in real enterprise use cases - Practical lessons on co-designing security workflows that work for both developers and security teams - An honest view of where the friction still lives and how we handled it - A sense of how getting supply chain security right also quietly takes care of a lot of what compliance asks for.

14

Session
SEB’s Technical Transformation: Securing the Supply Chain
Truc Vu Kuyper | Chief Product Owner | SEB https://cdn.sessionize.com/image/da94-400o400o1-SQ975xsCUs9Y4mPSnqVC9L.jpg Truc Vu Kuyper bridges the gap between complex technical ecosystems and executive-level business value. With 16+ years of experience, spanning deep software development roots to Chief Product Leadership, Truc specializes in scaling enterprise product portfolios within the highly regulated FinTech sector.
WED 2:00 PM - 2:45 PM
All Levels
Add to calendar
The growth of software supply chain security complexity and threats, especially with advanced AI models like Mythos and Fable, is driving a more urgent need for companies to fix vulnerabilities in their systems. In a big enterprise like SEB, the technical landscape is complex, with many technologies and tools in use and complex internal processes to meet regulations like DORA. This makes it even harder to cyber-secure the systems at speed. This session will focus on SEB's current software supply chain security journey - the challenges, what was done, what they want to do, and the outcomes they hope to achieve through initiatives such as JFrog Curation and other security solutions.

15

2:45 PM
Session
The Vulnerability Tsunami: Securing the Software Supply Chain at Scale
Dave Turner | Engineering Lead | Nationwide Building Society Dave Turner is an engineering lead in the CICD platform team at Nationwide Building Society, where he has worked since 2020. His previous roles include engineering lead in the public cloud toolchain team at JP Morgan and engineering lead in the CitiDeveloper team at Citibank. Prior to that, Dave worked as a senior software development consultant at Avanade. With a strong background in software development and a passion for innovation, Dave has successfully led various high-profile projects and continues to drive technological advancements in his current role.
WED 2:45 PM - 3:30 PM
All Levels
Add to calendar
Over the past year, Nationwide moved beyond building a multi-cloud JFrog platform to solving a harder problem: operating a secure, compliant, and scalable software supply chain in the face of rapidly expanding threat volumes. In this session, we'll discuss how Nationwide delivered a comprehensive supply chain security roadmap across a large regulated financial services organization. This includes token automation, hardened container images, Xray-based vulnerability management enforcement, artifact curation, and a fully evidence-driven approach to provenance, SBOMs, and signing. The session will cover the rollout of JFrog Xray enforcement at scale, with centralized reporting, alerting, and managed dispensations, and the introduction of Curation as a secure-by-default control plane to protect the organization from malicious and vulnerable open source dependencies at the perimeter. A key theme throughout is moving from visibility to enforcement. Nationwide uses JFrog Build Info as the authoritative record of build-time truth, binding together dependencies, provenance, scans, and attestations into enforceable policy decisions. At the same time, they are evolving SBOMs from static artifacts into operational control points, embedded into build pipelines, evidence services, and release governance. Finally, this session will address the emerging challenge facing all organizations: the “tsunami" of vulnerabilities driven by AI-assisted development and increasingly complex dependency ecosystems. This is forcing a fundamental rethink in patching strategies, prioritization, and change management. We’ll share how the company is adapting its platform, processes, and operating model to cope with this shift at scale.

16

Session
Achieving Scalable Security: Vanderlande’s Enterprise Journey to SaaS
Nrusinha Prasad Mahapatra | Senior Specialist | Vanderlande https://cdn.sessionize.com/image/279a-400o400o1-fdDisySWo9hfV2mNm7vPG9.jpg Nrusinha Mahapatra is a senior specialist in DevSecOps at Vanderlande, where he is co-leading the migration of JFrog to SaaS. He has 13 years of experience in the DevSecOps space across organizations including Vanderlande, ASML, ARM, Optum, and Verizon. Throughout his career, he has championed DevOps and cloud adoption, tooling migrations, and CI/CD transformation, helping engineering teams improve delivery speed, quality and security.
Nico Paffen | IT Architect ALM Services | Vanderlande (Veghel, The Netherlands) https://cdn.sessionize.com/image/d6b3-400o400o1-VGjLcKEig3FkydzbNNzE7g.jpg Nico Paffen has been an IT Architect for 14 years in Vanderlande's IT ALM services team, leading the adoption of JFrog Artifactory into SAAS, among other enterprise tools. He has prior experience with large-scale enterprises like Philips Healthcare. Nico is based in Waalre, the Netherlands, is married, and has two children.
WED 2:45 PM - 3:30 PM
All Levels
Add to calendar
Vanderlande, a global leader in logistics process automation for airports, warehousing, and parcel, has evolved from a traditional manufacturing powerhouse into a software-driven intelligent logistics solutions provider. This transformation created the need for a modern, secure, and scalable software supply chain. Before their migration, Vanderlande operated three self-hosted JFrog instances across Veghel, Dortmund, and Quebec. This model created operational challenges around VM-based scaling, manual Xray operations, application upgrades, limited access segregation, shared internal accounts, and incomplete adoption of advanced security capabilities such as JFrog Curation and Xray. To support ISO-aligned security goals across 100+ global teams, we moved toward JFrog Artifactory SaaS and redesigned our operating model. This session shares how Vanderlande migrated from a repo-stage model to a project-based governance model aligned with agile release trains. The company implemented SSO and AD-based access control, project-level ownership, service account standards, and regional JPD considerations for global performance. A major focus of the journey was scaling advanced security. Vanderlande rolled out JFrog Curation and Xray policies across teams with different SDLC maturity levels and many legacy applications. Full-scale enablement surfaced thousands of legacy references, curation blocks, and Xray violations. Rather than relying on a big-bang blocking approach, they adopted a phased model using dry-run, notifications, waivers, ignore rules, and JIRA-based remediation. They also promoted shift-left practices using JFrog CLI, Curation audit, build scans, Frogbot, and release bundle workflows. To manage the SaaS era, Vanderlande built custom Grafana dashboards using JFrog APIs for data transfer, storage hotspots, repository usage, and account privilege audits. These dashboards helped track monthly transfer volumes, optimize storage and retention, and identify over-privileged or incorrectly configured service accounts.

17

3:35 PM
Coffee Break
WED 3:35 PM - 4:05 PM

18

4:05 PM
Session
From Prompt to Production: Making GenAI Code Enterprise-Ready with JFrog
Owen Delaney | Senior Chapter Lead | Admiral Insurance https://cdn.sessionize.com/image/2550-400o400o1-PXP51C3CAn2Zr1xG9wjuVF.jpg Owen leads platform engineering teams at Admiral, driving DevOps transformation through automation, enablement, and a product mindset. He’s passionate about building scalable platforms that empower teams and deliver real impact.
Wessley McInroy | Senior Chapter Lead | Admiral Insurance https://cdn.sessionize.com/image/d9d9-400o400o1-UzBUcFVSwTqkCW1hUswou8.jpg Wessley is a senior engineering manager at Admiral Insurance with over 18 years' experience in engineering within financial services.
WED 4:05 PM - 4:50 PM
All Levels
Add to calendar
GenAI is allowing the generation of new tools and code faster than ever. Very few organizations can ship it safely at scale. The real bottleneck is no longer writing code; it’s trusting it, securing it, and integrating it into a fully governed software supply chain. This session will share how Admiral moved beyond experimentation to operationalize GenAI usage across the SDLC using JFrog as the control plane for trust, traceability, and flow. We'll show how GenAI-generated tools and code can be made trustworthy from the earliest stages of delivery, before it ever enters a pipeline, across the full developer workflow: - From prompt to Skill, MCP context, prototype, and dependency choice through to commit, with visibility before code enters the pipeline - Supported by curated package registries, reusable Skills, agents, and prompts that encourage sharing, reduce cognitive load, and improve developer flow across teams - Continuously guided by JFrog Xray and Curation policies, then connected into CI/CD with less rework, clearer provenance, and smoother promotion when code is ready to release We will walk through a practical flow demonstrating how - Shifting left on DevEx when using GenAI enables both security and speed at scale - AI-generated code and its dependencies enter the SDLC, and where JFrog intersects that flow - JFrog XRay, Curation, and Artifactory enforce security, provenance, and policy - Platform engineering enables all this consistently across teams Critically, the session will focus on the human and business reality - Developers gain speed, but need guardrails to feel safe. - Organizations want innovation but can’t absorb unmanaged risk introduced by AI tooling and dependencies. - Platform teams must scale both without becoming the new bottleneck. We'll also discuss lessons learned from implementations at scale - what worked, what didn’t, and how to design a platform that allows GenAI to accelerate delivery without compromising trust.

19

Session
Release Lifecycle Management @ Alstom
Abhishek Kumar | Senior Solution Architect | Alstom Transport SA https://cdn.sessionize.com/image/9ac5-400o400o1-JcUhGtkRs7b2SfNfXMfzTB.jpg Abhishek is a Senior Solution Architect in IS&T working with ALSTOM Transport SA. He specializes in Application Lifecycle Management (ALM) solutions, contributing to the design, deployment, and optimization of enterprise engineering platforms. His work focuses on enabling efficient engineering processes and supporting large-scale digital transformation initiatives.
WED 4:05 PM - 4:50 PM
Intermediate
Add to calendar
This session will cover how - Alstom deployed JFrog Artifactory to support large volumes (HA). - The repository is structured in Artifactory - Software is aggregated in release bundles, challenges we faced, and the pivot to AppTrust Evaluation. - Artifactory is linked to the Alstom Configuration Management process. - Alstom will distribute software to factories that are responsible for installing software. Alstom leverages JFrog Artifactory as the central platform for software artifact storage, traceability, promotion, and release, integrated first with GitLab and progressively with configuration-management tooling such as IBM ELM/GCM.

20

4:55 PM
Session
Designing DevSecOps for Reality: Bootstrapping a Secure Software Supply Chain
Jaivy Daam | Platform Engineer | Vattenfall Jaivy is a Platform and DevOps Engineer at Vattenfall, specializing in Containers. His work focuses on integrating JFrog Artifactory and Xray into enterprise pipelines to enable artifact governance, vulnerability management, and policy-driven enforcement. Jaivy is particularly interested in scaling DevSecOps through policy-as-code, container security, and admission control, while maintaining developer velocity.
Liliya Tsikhanovich | Applications Engineer | Vattenfall https://cdn.sessionize.com/image/48af-400o400o1-XCq2LxBLgD3Bv6BqBejYvC.jpg Liliya Tsikhanovich is an Applications Engineer at Vattenfall specializing in DevOps, platform engineering, and automation. She works with JFrog Artifactory, Azure DevOps, Kubernetes, and Terraform to build scalable and secure software delivery platforms. Her focus is on automating platform operations, infrastructure provisioning, and developer self-service capabilities. At Vattenfall, she contributes to the implementation of modern software supply chain practices and cloud-native platforms. Liliya enjoys sharing practical solutions and lessons learned from real-world enterprise DevOps transformations.
WED 4:55 PM - 5:40 PM
Novice
Add to calendar
Most DevSecOps talks focus on finished implementations, but what about getting started in a real enterprise environment? In this session, Vattenfall shares how they are designing and bootstrapping a secure software supply chain using JFrog Artifactory and Xray. We’ll walk through Vattenfall's current challenges, architectural decisions, and early implementation steps to integrate security into CI/CD and Kubernetes workflows. Learn how Vattenfall approaches policy-as-code, automations, vulnerability management, and developer experience from day one, along with lessons learned, trade-offs, and pitfalls to avoid when moving from visibility to enforcement.

21

Session
From Reactive to Proactive Product Security With JFrog
Jan Andersen | Senior Consultant, Information Security | Danfoss A/S https://cdn.sessionize.com/image/8a1f-400o400o1-wyDgP3jTSciauD2EoSdkwE.jpg This will be my first time ever presenting on stage.
WED 4:55 PM - 5:40 PM
Intermediate
Add to calendar
This session highlights Danfoss’ journey to strengthen software supply chain security, transitioning from a reactive, fragmented approach with limited visibility and high effort toward a more proactive and structured model, supported by JFrog. Where We Started The initial maturity level in software security was low and largely reactive. We were always responding to alerts without full visibility into potential impact or compromise. Significant time was spent on remediation efforts, often without certainty about whether development teams had been affected. Communication challenges further compounded the problem, either overwhelming teams with too much information or failing to target the right stakeholders, leading to confusion and inefficiencies. At the same time, we were trying to balance security with developer productivity, ensuring that controls did not slow down delivery pipelines. Where We Are Today To address these challenges, Danfoss established the Digital Product Security Program (DPSP): a structured initiative designed to embed security directly into our development processes and products. With the support of JFrog, we shifted earlier in the lifecycle and introduced preventive controls rather than late-stage remediation. This includes, but is not limited to: - Preventing malicious or untrusted packages from entering the environment - Blocking critical vulnerabilities (CVEs) early in the development lifecycle - Implementing controlled and auditable exception handling processes The Value of JFrog Support An important enabler in this transformation has been the strong and responsive support from JFrog, which played a key role in: - Providing best practices and guidance aligned with our goals - Helping us fine-tune policies and controls to balance security with developer productivity - Acting as a trusted partner in our ongoing journey toward proactive security

22

6:30 PM
Awards, Gala Dinner & Open Bar
WED 6:30 PM - 9:30 PM
Celebrate the best in the business. Join us for an immersive experience featuring our annual awards ceremony, followed by a gala dinner and open bar with industry pioneers.

23

8:00 AM
Breakfast
THU 8:00 AM - 9:00 AM
Ease into the day… grab breakfast, reconnect with peers, and get ready for what’s next.

24

8:55 AM
Morning Keynotes
THU 8:55 AM - 1:15 PM
Leap into the future of trusted software and AI with JFrog’s founders as they unpack how AI is reshaping the software supply chain. Watch as autonomous agents move from assistants to builders by writing code, resolving dependencies, and producing binaries at machine speed. Join us to see how the rules of trust are being rewritten!

25

1:15 PM
Lunch
THU 1:15 PM - 2:15 PM
Refuel, recharge, and reconnect before diving back in.

26

2:15 PM
Breakout Sessions
THU 2:15 PM - 5:00 PM
Dive deep, sharpen your skills, and master the next wave of DevOps and DevSecOps innovation.
No matching sessions were found

Thank You for Registering!

Looking forward to swamp with you

Thank You!

Thank you for inquiring about sponsoring swampUP 2024. We’ll be in touch shortly!