Europe Agenda - SwampUP 2025 | JFrog's Premier Event

November 12-14, 2025

Agenda

The Annual DevOps, DevSecOps and MLOps User Conference

Plan your schedule for swampUP Europe 2025 and reserve your spot before sessions reach full capacity!

Day 1

November 13th

Day 2

November 14th

8:30 AM

Registration

Grand Ballroom

9:00 AM

Add to calendar

9:00 AM

Add to calendar

Compliance Without Compromise: Secure Your Software Supply Chain with JFrog

Salon J

Maintaining compliance is no longer optional — it’s essential. This workshop guides you through the complexities of compliance regulations while ensuring the security and integrity of your software supply chain. Attendees will explore how JFrog tools, including Artifactory and Xray, enable organizations to not only meet regulatory requirements but also establish a culture of compliance excellence. Through hands-on experience, you’ll learn best practices for implementing compliance frameworks within your DevSecOps processes, automate compliance checks, and ensure rigorous security standards are met across the SDLC. Key Skills Learned: • Understand the key compliance requirements relevant to software development and deployment, including: NIST, SLSA, DORA, CRA and more • Use JFrog Platfrom Security capabilities to manage open-source and proprietary artifacts while ensuring compliance. • Automate compliance processes with JFrog CLI, REST APIs, and AQL to streamline workflows and reduce human errors. • Implement proactive compliance strategies and integrate security measures early in the SDLC. • Foster a culture of compliance excellence and improve collaboration across security, compliance, and development teams. • Monitor and report compliance status using JFrog tools for ongoing compliance verification. Who Should Attend: • Compliance Officers and Risk Managers. • DevOps Engineers and Software Developers. • Security Engineers. Don’t miss out on learning how JFrog can elevate your compliance strategy. Register now and secure your spot today!

9:00 AM

Add to calendar

9:00 AM

Add to calendar

Mastering Scalable Architectures for Global Enterprises with JFrog

Salon K

As enterprises scale their operations globally, creating architectures that are resilient, available, and adaptable to hybrid and multi-cloud environments becomes critical. This workshop dives into designing scalable, enterprise-level SDLC architectures, leveraging JFrog tools to meet the complex needs of modern digital ecosystems. You’ll gain hands-on experience in addressing performance, redundancy, and global collaboration challenges while ensuring operational efficiency. Key Skills Learned: • Articulate the key components and benefits of an enterprise-scale architecture for your organization. • Implement scalable solutions that enhance reliability and resilience across multi-cloud environments. • Select and design deployment topologies that meet enterprise-specific requirements. • Anticipate and address potential operational, security, and compliance challenges. • Create a blueprint that supports operational continuity and global collaboration. Who Should Attend: • DevOps and IT Architects. • Principal and Senior Engineers. • Systems Administrators. • Network Engineers. • IT Decision-Makers. Register now to secure your spot and start architecting for the future of enterprise-scale success with JFrog! *This session is available to existing customers only.

9:00 AM

Add to calendar

9:00 AM

Add to calendar

Secure & Streamline Your Software Supply Chain with JFrog

Salon H

Effective Release Lifecycle Management is key to ensuring secure, traceable, and efficient software delivery. Join us for this workshop with hand-on practice to learn how JFrog’s platform can help you automate workflows, improve collaboration, and ensure security and compliance throughout your software supply chain. Key Skills you can Expect to Learn: • Tracking and managing software artifacts throughout the lifecycle • Automating release processes with CI/CD pipeline integration • Implementing immutable releases and ensuring security compliance • Enhancing team collaboration for smoother software delivery • Exclusive Preview of JFrog’s upcoming product features Who Should Attend? • DevOps & Software Engineers • Release Managers & QA Professionals • Security Engineers & CISOs • Technology Leaders (CTOs, CIOs) Don’t miss out on transforming your software delivery process. Sign up today! *This session is available to existing customers only.

12:30 PM

Lunch

Grand Ballroom

2:00 PM

Add to calendar

2:00 PM

Add to calendar

Foundations of DevSecOps - Avoiding Software Supply Chain Attacks

Salon J

With software supply chain attacks on the rise, security risks have never been more critical. This hands-on workshop focuses on JFrog Security from Shift left to shift right - and how to integrate them into your DevSecOps strategy. We’ll explore how to secure your software supply chain, reduce vulnerabilities, and automate key workflows, ensuring your artifacts and dependencies are safe throughout the development lifecycle. Key Skills Learned: • Understand how JFrog security solutions accelerated your organisational DevSecOps goals and provide complete visibility from code to the production. • Use JFrog security scan capabilities and Developer-Focused Security. • Gain hands-on experience in configuring repositories, scanning for vulnerabilities, and automating delivery pipelines. • Implement best practices to secure your software supply chain, reducing the risk of vulnerabilities and improving compliance. • How to shift security left by embedding security measures early in your SDLC. Who Should Attend: • Engineers working across SDLC phases—Development, Automation, DevOps, and SRE. • Security Engineers focused on securing the software supply chain with the JFrog platform. Join us to deepen your DevSecOps knowledge and enhance your organization’s security posture with JFrog’s trusted tools. Sign Up Today!

2:00 PM

Add to calendar

2:00 PM

Add to calendar

MLOps in Action: From Experimentation to Production

Salon K

Integrating machine learning with DevOps practices is essential for organizations to stay competitive. This hands-on workshop will introduce you to JFrog ML and its capabilities, empowering data scientists and DevOps teams to seamlessly manage the end-to-end machine learning lifecycle. Learn to securely build, deploy, and maintain machine learning models with JFrog’s powerful platform, while enhancing collaboration between data scientists and DevOps teams. Key Skills Learned: • Seamlessly manage the full ML lifecycle, from experimentation to production, on a single platform. • Track, compare, and version model experiments for optimized decision-making. • Leverage JFrog’s advanced security features to scan models for vulnerabilities and ensure compliance. • Automate training, validation, and deployment processes for faster, more reliable ML results. • Collaborate effectively between data science and DevOps teams to accelerate model development and deployment. Who Should Attend: • Data Scientists. • DevOps Engineers. • IT Professionals & Project Managers. Don’t miss the chance to take your machine learning deployments to the next level. Register now and learn how JFrog ML can transform your MLOps processes for greater speed, security, and efficiency.

6:30 PM

Welcome Reception

Grand Ballroom

8:30 AM

Registration & Breakfast

Foyer A - Grand Ballroom

9:15 AM

Add to calendar

9:15 AM

Shlomi Ben Haim, Co-Founder and CEO, JFrog

The Quantum Shift - Rethink Software Supply Chain

Grand Ballroom

9:30 AM

Add to calendar

9:30 AM

Add to calendar

Yoav Landman, CTO & Co-founder, JFrog

AI-Driven DevOps Unleashed: The Future Starts Here

Grand Ballroom

The future of DevOps is being transformed with autonomous agents. As the world begins to focus on agentic-driven release management, we will soon experience agents driving crucial processes such as building, securing, and deploying packages alongside automated policy enforcement. These agents are not working in silos - they will (and are) communicating with one another, enabling real-time visibility and management of secure pipelines. In this landmark technical keynote, we will reveal how JFrog is empowering teams to implement this modern approach to agentic software delivery - with minimal manual intervention, and with enhanced security – all in a streamlined release process without losing control!

10:00 AM

Add to calendar

10:00 AM

Add to calendar

Eyal Dyment, VP Security, JFrog

Yossi Shaul, SVP DevOps, JFrog

Reimagining Trust in Software Releases: A New Approach to Supply Chain Integrity

Grand Ballroom

Only secure, verified, compliant software should reach production. Full stop. With increasing pressure on modern development teams to deliver across security and compliance requirements, a fully-secured, attestable pipeline demands complete visibility and control across the entire release lifecycle in a single solution. In this can’t-miss swampUP keynote session, we’ll look at new innovations across JFrog security and platform teams, as well as industry advancements that enable a not just connected, but fully-integrated and robust software supply chain security solution that meets the modern needs of a security-focused, EveryOps reality. Join us for an exclusive look at how this tectonic security shift reshapes what you thought you knew about application security and governance, helping you unlock new levels of confidence in every release.

10:45 AM

Coffee Break

Foyer A - Grand Ballroom

11:15 AM

Add to calendar

11:15 AM

Add to calendar

Ran Romano, VP of P&E, JFrog

Trusted AI at Scale: Secure Governance and Scalable Management for Your AI Models

Grand Ballroom

As AI becomes an indispensable part of modern software applications, managing machine learning models with the same rigor as code and binaries is essential. Yet most organizations still treat models as ad-hoc assets: scattered, untracked, and inconsistently governed, creating potentially serious risks around security, compliance, and operational trust. Reminding us of yesterday’s OSS package gold rush, today’s ML/AI Models can originate from many sources: custom-built, open-source, and third-party APIs, each with different risks, ownership boundaries, and lifecycle considerations. In this session, we’ll explore these emerging challenges, and show how advancements in JFrog ML and platform technologies are helping solve them. By treating every type of model as a first-class software artifact, you’ll learn how to integrate model management into your existing DevSecOps pipeline, enable trust by providing visibility, traceability, and evidence-based policy enforcement, and bring the same governance and trust to AI that you already rely on for your software supply chain. It’s time to take back control of AI!

12:00 PM

Add to calendar

12:00 PM

Add to calendar

Asaf Karas, CTO, SVP JFrog Security

Frog-Proof Security: Streamlining The Sec In DevSecOpsv

Grand Ballroom

What’s in store for Software Supply Chain security in 2026? With the types of software entering organizations ever-changing, and the volume ever-increasing, DevSecOps teams are facing new, and complex questions at macro and micro levels: How can teams effectively control and curate what enters systems? How can remediation be accelerated, while ensuring accuracy? How will the rising use of AI impact our threat landscape and can DevOps and Security teams truly share ownership of this emerging reality without adding friction? While no one has a crystal ball, JFrog's leading-edge research and impactful real-world insights provide clarity. Join this session to gain critical foresight into the evolving and future software supply chain security challenges that will redefine how you operate. We will dissect recent, high-impact supply chain attacks to reveal malicious threats, and crucially, equip you with practical, implementable solutions for mitigating both current and emerging risks. In a world being built for humans and machines side-by-side, your attack surface is morphing daily. Join this session to explore groundbreaking capabilities and new, exciting approaches that smoothly put the “Sec” back in DevSecOps.

12:30 PM

Lunch

Restaurant Le Market

1:45 PM

Add to calendar

1:45 PM

Amos Haviv Senior Engineering Manager, Booking.com

Measuring Engineering Success - Metrics in the age of AI

Salon J

A practical guide to measuring engineering success and barrier in the age of AI. In this presentation I will tell the story of Booking.com's journey in measuring our developer experience, productivity and barriers for executions. I will then talk about how this connected with the huge rise in AI usage for coding and our foundational work helped us measure the impact this had on our teams.

1:45 PM

Add to calendar

1:45 PM

Add to calendar

Yonatan Arbel Developer Advocate @ JFrog

Deploy Artifacts (Even Order Pizza!) with MCP

Salon K

What if you could deploy software, manage running images, and even order your favorite pizza—all through an AI-powered chat? Meet MCP (Model Context Protocol), the ultimate gateway for companies looking to become AI-friendly and provide seamless interactions through an exposed MCP server. In this session, we’ll explore: ✅ What MCP is and how it enables AI-driven automation ✅ How MCP simplifies data fetching and environment management ✅ Real-world use cases, from DevOps workflows to AI-assisted user experiences ✅ A live demo: see how easy it is to integrate MCP into your workflows—yes, even for ordering pizza! 🍕 By the end of this session, you’ll have a solid understanding of MCP and why you should start leveraging its power today. Whether you're a developer, DevOps engineer, or product innovator, MCP is your key to unlocking AI-enhanced automation.

2:25 PM

Breakout Sessions

Grand Ballroom

Dive deep with customers and industry leaders into the real-world challenges and innovative solutions defining the quantum shift in software. These sessions offer practical strategies across AI, ML, DevSecOps, and compliance, helping you enhance code quality, accelerate secure delivery, and mitigate supply chain risks.

2:35 PM

Add to calendar

2:35 PM

Add to calendar

Yaniv Feldman Director of Solutions Engineering, JFrog

Compliance: The Holy Grail

Salon K

In this session, we'll explore why compliance remains one of the most elusive challenges in modern software supply chains and what's finally evolving. You'll learn the most common compliance requirements, why tracking them across fast-moving DevSecOps environments is so complex, and why legacy approaches often fall short. We'll share practical strategies from SBOM generation to automated evidence collection that help meet compliance goals without slowing down innovation. We'll also look ahead to what's next: continuous compliance posture monitoring, integrated trust signals, and how embedding security into the SDLC can eliminate the need for reactive patching to help you build secure, compliant software from the start.

3:15 PM

Coffee Break

Foyer A - Grand Ballroom

3:45 PM

Add to calendar

3:45 PM

Petro Flomin, Director of Solution Engineering, JFrog

Empower Your Organization with Smarter Retention Policies

Salon J

Learn how JFrog’s Retention Policies — Cleanup and Archival — help optimize storage, reduce costs, and ensure compliance without compromising developer productivity. This session will cover best practices for managing dev and production artifacts, automating cleanup and archival, and aligning storage strategies with business goals. Walk away with actionable insights to implement smarter, more efficient retention policies.

4:35 PM

Add to calendar

automation

4:35 PM

Add to calendar

automation

Supun Vidana Pathiranage DevSecOps Specialist, Adyen

Taming the Monolith: Unifying Vulnerability Scanning at Adyen with JFrog

Salon J

At Adyen, our core platform is a massive, multi-language monolith—an intricate ecosystem of interconnected modules written in Java, TypeScript, and Python. While this architecture accelerates development, it presented a monumental security challenge: our complex, custom build mechanism made it nearly impossible to effectively identify and track dependencies. This created a critical visibility gap, preventing us from leveraging the full power of the JFrog Platform for vulnerability scanning. In this session, I will showcase the innovative strategy we engineered to overcome this hurdle. You'll learn how we decoupled dependency resolution from the core build process by creating a system to independently identify dependencies for each language. I'll then demonstrate the custom tooling we built to aggregate this data, publish it as comprehensive build-info to JFrog Artifactory, and finally unlock deep, accurate scanning with JFrog Xray. Finally, I'll walk you through how we integrated this entire workflow into our development lifecycle. See how we now automatically scan every merge request for new vulnerabilities in both new and existing packages, empowering our developers to shift-left and stop threats before they ever reach our production environment. Key Takeaways for Attendees: - Strategies for tackling dependency management in complex, multi-language monorepos. - A practical blueprint for integrating custom build systems with JFrog Artifactory and Xray. - Actionable techniques for implementing automated security scans on merge requests to provide developers with immediate feedback.

7:00 PM

Gala Dinner

Restaurant Le Market

Prepare to be amazed by the mind-blowing show of Lior Souchard at the swampUP Gala Dinner. This is your prime opportunity to cap off a day of groundbreaking insights and expand your network within the community of engineers, DevOps pros, and security leaders driving the quantum shift in software.

10:00 PM

Post Gala Open Bar

Foyer A - Grand Ballroom

9:00 AM

Registration & Breakfast

Foyer A - Grand Ballroom

9:30 AM

Keynotes

Grand Ballroom

Kickstart your day with visionary Keynotes from industry leaders. Gain critical insights into the future of AI, ML, DevSecOps, and compliance, and learn how to navigate the quantum shift to securely build, deploy, and scale intelligent software.

10:45 AM

Add to calendar

10:45 AM

Demetrios Brinkmann, Founder, MLOps Community

Ensuring Reliable Evaluation Systems for Your ML

Salon J

Standard benchmarks often fall short and can be misleading. Leaderboards can erode trust in model claims, as they rarely address specific, real-world needs. In this talk, Demetrios Brinkmann will detail how MLOps engineers and developers can build and continuously update their own evaluation systems to create a strong competitive advantage. He’ll cover how to build a reliable “golden dataset,” optimize data collection, labeling, and utilize the right tools to ensure evaluations truly reflect their intended use case.

11:30 AM

Keynotes

Grand Ballroom

12:00 PM

Key Takeaways & Wrap-Up

Grand Ballroom

12:15 PM

Lunch

Restaurant Le Market

10:55 AM

Add to calendar

10:55 AM

Avishag Sahar Engineering Tech Leader, LinearB

50 shades of PR

In this a fun talk (yes it’ll be fun!) - Avishag Sahar laments about the top blockers of PRs, but cheer up - because I’ll also provide insights into how to unblock them.

10:55 AM

Add to calendar

10:55 AM

Saurabh Mishra DevOps Lead

Accelerating GenAI Development: Seamless Integration with Hugging Face,NVIDIA via JFrog Artifactory

Practical demonstration of how JFrog Artifactory can proxy public AI model repositories like Hugging Face, and integrate with NVIDIA Inference Microservices (NIM), ensuring security, performance, and governance for enterprise GenAI development, all while leveraging JFrog Xray for security scanning

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Marin Niehues Founder & Principal Consultant

AI for Decision-Makers & Non-Techies: The baseline for survival

While everyone's talking about AI, most people outside the tech world still don't know how to actually use it. You've sat through countless presentations filled with buzzwords and vague promises, but you're still unclear on what AI can realistically do for your organization and what it can't. This isn't another theoretical or technical AI overview. This session delivers practical clarity for anyone who needs to understand AI well enough to make smart decisions and stay relevant in their role. We'll break down technical concepts into something you can actually understand and relate to, no matter your background. Drawing from my hands-on experience leading AI implementations across enterprises, SMEs, and startups, I'll show you exactly what separates successful AI initiatives from expensive failures. You'll see concrete examples from multiple industries and learn to spot the difference between genuine AI opportunities and oversold solutions. You'll discover how to think about AI not just as a technical gimmick but as a tool for today's problems and tomorrow's opportunities. You’ll walk away knowing: -> How to talk about AI confidently without faking it. -> What AI can actually achieve (no magical promises here). -> Real, practical examples of companies making AI genuinely useful. -> How to introduce AI effectively, without wasting your budget. -> Exactly what AI needs to deliver actual results (spoiler: it’s not magic).

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Marin Niehues Founder & Principal Consultant

AI Is Easy - until you add people: Inside the Chaos of Implementing AI

AI is supposed to be the future. At least, that's what all the PowerPoint decks say. The pitch always sounds great - smarter production lines, real-time process optimization, predictive everything. And then you actually try to make it happen. It turns out that AI isn't the hard part - everything else is. The biggest blockers? Legacy systems that refuse to cooperate, missing data that no one realized was missing, skeptical engineers who don't trust "some algorithm," and processes designed for a world that existed long before AI. But most of all, it’s the people and the organization. Most companies like the idea of AI far more than the change it actually requires Roles, responsibilities, decision paths -none of it fits. And no one wants to be the first to do things differently. This is the inside story of embedding AI in a global manufacturer, a project I led from start to finish. The goal was ambitious, the potential was huge, but reality had other plans. I'll walk you through what actually happened-the unexpected resistance, the messy pivots, and the moments that nearly killed the project. What you'll walk away with... ... a real-world AI case study-not the polished version, but the unfiltered reality. ... why AI isn't just about technology - it's about people, processes, and organizational politics. ... how to deal with resistance, broken data, and invisible roadblocks. ... lessons from the trenches. What works, what doesn't, and what to avoid. ... how to avoid AI mistakes before they derail your next big thing.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Kalle Sirkesalo CTO of Managed Services

AI-Powered Slopsquatting: Is Your Software Supply Chain Compromised?

Manual dependency checks are no longer sufficient. The software supply chain faces an evolved threat: Slopsquatting. In this talk I’ll expose the nature of AI-driven Slopsquatting, a technique exploiting subtle naming variations and developer habits to inject malicious code. I will dissect why this threat vector is particularly insidious, how AI enhances its effectiveness, and the high probability that your current practices leave you vulnerable. In this talk I’ll show concrete examples from the real world on how to counter this behaviour. Learn how to integrate automated checks, enhance vetting processes, and adopt DevSecOps strategies crucial for safeguarding your applications and understanding the collective responsibility we share in securing the open-source landscape. Define Slopsquatting and how AI transforms it into a scalable, sophisticated threat. Analyze the specific vulnerabilities exploited by AI-driven Slopsquatting. Evaluate the risks associated with inadequate dependency management in CI/CD pipelines. Implement robust, automated strategies to counter Slopsquatting threats. Understand the broader implications for software supply chain security.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Neel Bhatt Chapter Lead & Solutions Architect at RTL

Architecting Smarter Systems: Leveraging Semantic Kernel and Autogen in .NET

In an era where software systems need to be more adaptive, intelligent, and autonomous than ever before, .NET, combined with cutting-edge tools like Semantic Kernel and Autogen, is empowering developers to build the future of intelligent agents. This talk dives deep into the principles and practical applications of creating smarter, agentic systems with these technologies. Key takeaways from the session include: - Semantic Kernel: How to leverage its powerful AI orchestration capabilities for natural language understanding, decision-making, and context-driven interactions. - Autogen: Simplifying multi-agent collaboration to create systems that communicate, collaborate, and solve complex problems autonomously. - .NET Integration: How the rich ecosystem of .NET 9 streamlines the development and deployment of agentic AI systems. - Architectural Insights: Designing scalable, maintainable systems that harness the power of intelligent agents, while ensuring accountability, transparency, and ethical compliance. This session will feature real-world examples and live demos, showcasing how developers can build smarter applications and systems by blending the flexibility of .NET with the power of agentic AI frameworks. Whether you're a seasoned developer or new to AI, this talk will equip you with the tools and strategies to architect smarter systems for the next generation.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Yishai Beeri CTO at LinearB

Are Your Engineering Teams Really Prepared for the GenAI Revolution?!

GenAI has gone from generally available, novel technology to widely adopted in a matter of months. Most engineering organizations are using GenAI to generate code, write tests, and assist in code reviews. New code is becoming dirt cheap to write - but our delivery pipelines remain miserably unprepared for the tsunami of new code flowing at a much more rapid pace. Our current pipelines need a hard reset to prepare us for the GenAI revolution - and engineering managers need to get started TODAY. This talk will dive into where GenAI is starting to break down our delivery pipelines. While scaling CI/CD is easy, and we can always add a few more workers, scaling the humans in the process is the hard part. This talk will demonstrate how massive amounts of new machine-generated code will impact our pipelines, in ways that will require either greater headcount, or smarter, automated pipelines. You'll come away with ideas for how to modernize your delivery pipeline so you can fully embrace the GenAI revolution.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Ant(on) Weiss Software Delivery Futurist

Augment Your Kubernetes with AI Agents Using Kagent

Kubernetes can be a great platform for building and running your own AI agents with the use of Kagent - the open source framework for DevOps and platform engineers to automate complex operations and troubleshoot workloads. In this workshop we'll deploy Kagent in our lab clusters, create AI agents and enrich them with our own tools. We'll see how agents help us with managing and troubleshooting Kubernetes workloads. We'll also get a taste of self-hosting LLMs backing our agents using either Ollama or Kaito, and discuss the cost and performance considerations of this approach. It's time to make your clusters agentic!

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Igor Gumush Jfrog | Senior R&D

Beyond Automation: When Pipelines Learn to Say ‘No’

What if your CI/CD pipelines could think twice before building? In a world where every commit spins up expensive builds, we asked: can we teach pipelines to be smarter — and just say no? In this session, we’ll reveal how we infused AI into our CI/CD workflows, giving pipelines the power to detect when builds are truly needed. The result? A 30% cut in build volume, faster feedback for developers, and significant cost savings. Join us for a deep dive into the architecture, challenges, and real-world results — and walk away with a blueprint to add intelligence to your pipelines in just days.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Olha Pyvko Agile Delivery Coordinator & Scrum Master

Beyond the Screen: Unlocking Team Agility with Lessons from Our Feline Friends

We all know the feeling: you could watch a crackling fire, a flowing stream, or a cat just being a cat for hours. There's a universal fascination with these incredible creatures, and honestly, I think they can share some profound secrets for high-performing teams. Think about it: cats effortlessly switch between being laser-focused hunters, perfectly relaxed "loafs", insatiably curious explorers, and yes, occasionally, demanding little beasts. They embody a fluid mastery of different states that many of us humans (and our teams) often struggle to achieve. Cats possess an innate clarity of purpose – they know what they want, and they pursue it with an almost stubborn determination, rarely settling for less. How often do our teams drift without a clear goal, or jump at the first "good enough" solution? Here's the kicker: While they might not have a clue about the Agile Manifesto, cats live agile principles every single day through their actions. Their adaptability, their focus on value (usually food!), their ability to quickly change direction – it's all there! Want a team that's not just productive, but genuinely mesmerizing in their ability to deliver and adapt? While I can't promise a mandatory office cat (though, I think that would be awesome!), I can share actionable insights. Join me to explore my top 5 takeaways on building successful, empowered teams, directly inspired by the most naturally agile creatures on the planet!

10:55 AM

Add to calendar

10:55 AM

Tiago Galvao Viegas Lead Developer | Senior Key Engineer | Siemens AG

Alex Stoy IT Product Owner, Siemens AG

Jonathan Beller Siemens AG, Solution Architect

Binary Management Platform - Gaining Vision with Open Telemetry and Grafana

Find out how we migrated our monitoring from a paid proprietary monitoring service to a self-managed cost-effective solution using well-known open-source components. By using Open Telemetry, we gained access to additional monitoring capabilities, which allowed us to get rid of resource consumption and misconfiguration blind spots for our world-wide self-hosted JFrog Platform landscape.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Luis Caro Campos Conan @ JFrog

Conan 2: security features for enterprise-grade C++ projects

Memory safety issues have long been a common cause of security vulnerabilities, to the point where government agencies are recommending moving away from languages like C and C++ for new product development. However, while “memory safe” languages exist - the same agencies acknowledge that software will have to interface with components written in C and C++ for a long time, and recommend that software vendors have a memory safety roadmap. Key items of a memory safety roadmap include keeping proper track of external dependencies, a transparency plan (vendors and customers should know which dependencies are included in each product), and a plan to react to disclosed CVEs (Common Vulnerabilities and Exposures). The recent ISO C++ developer survey highlights how dependencies are still integrated as part of projects and not properly traced. This talk will cover how C++ developers can leverage Conan to properly track dependencies, and how it integrates with JFrog’s Security offerings to help developers in fulfilling their contractual and regulatory obligations. Features covered: Software Bill of Materials, Audit dependencies (report CVE vulnerabilities, powered by JFrog Advanced Security), package signing and JFrog Xray integration via Artifactory.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Oleg Nenashev Lead Developer Advocate, Gradle

d'AIrtagnan and Three Mocketeers for easy integration testing - all as one, and one as all

When you model (aka "mock") services during software development or integration testing, you need to mimic APIs, databases, and other data providers. You can't do this with just one tool; you need to combine several. You will also need zillions of configuration files and test samples for mock... unless you leverage the power of Generative AI. In this session, We will take Artifactory as a target service for the integrations and create an upgerade assistant bot together. I'll demonstrate some ways to create test services, mock databases, and API providers using Testcontainers, Microcks, and DataFaker for a modern Java / Gradle project. After the introduction, we'll skip all the boring YAML configurations and go straight to leveraging AI and MCPs to generate proper data services and mocks with minimum effort from the developer's side.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Shumaila Ahmed Senior DevSecOps Engineer - Qordata

Digital Trust at Scale: DevSecAI, Scalable Supply Chains, and Continuous Compliance

This session shares our journey implementing DevSecAI principles across a multicloud, serverless architecture while achieving continuous compliance with SOC 2 Type 2 and other regulatory standards. We’ll explore the tools central to our secure software supply chain, enabling automated SBOM validation, artifact integrity enforcement, and policy-as-code guardrails. You'll learn how we built secure, scalable CI/CD pipelines for AWS Lambda, Fargate, and Azure Functions From third-party risk and automated evidence collection to secret rotation and multicloud posture visibility, this talk provides a blueprint for embedding security, compliance, and digital trust directly into your DevSecOps workflows.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Yash Verma Software Engineer and Researcher

Drowning in Observability Costs? Build a Cost-Aware Telemetry Pipeline to Keep You Afloat

Observability is the cornerstone of reliable systems. It lets teams identify and resolve issues before they impact a broader group of users. Yet building an ideal observability stack is far from easy. It demands time and effort — instrumenting every app, service and component that emits telemetry. Shouldn’t we be asking ourselves: are we really investing in observability, or just paying for some distributed noise? Many teams default to - Store'em All, just in case - logs that no one reads, traces that no one queries, metrics that never inform action. The result? Costs escalate. Operational clarity fades. The issue isn’t lack of telemetry, it’s unchecked volume without purpose. This talk explores telemetry pipeline as a strategy to take back control. At the OpenTelemetry Collector level, we can filter, transform, sample, redact sensitive data and route telemetry with intent. The goal is to extract clear business value from every signal and dollar spent. By aligning observability with outcomes, we get an adaptive, efficient and cost-aware setup. Whether you’re just starting out or operating at scale, this talk will show how to turn observability into a strategic asset instead of a liability.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Ram Mohan Rao Chukka Ram | Developer | JFrog

Eldad Assis Principal DevOps Architect, JFrog CTO office

Effortless JFrog Platform setup on AWS Using Terraform

In this session, we will explore how to simplify and automate the deployment of the JFrog Platform on AWS using Terraform, with a particular focus on Day 1 and Day 2 operations. Day 1 will cover the foundational setup, including provisioning the necessary AWS infrastructure such as VPC, RDS, S3, and EKS. Day 2 will dive into the post-deployment configurations and management using Terraform providers, ensuring that your JFrog platform remains scalable, reliable, and easy to manage. By the end of this session, you'll have a clear understanding of how to deploy JFrog Platform on AWS using Terraform and efficiently manage your environment for ongoing operations, updates, and scaling with Terraform providers. This session is perfect for DevOps engineers and cloud architects looking to optimize their infrastructure-as-code workflows for JFrog platform deployments.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Mark-Kevin Walda IT Product Owner and Project Manager - IAV GmbH

Empowering Efficiency: A Scalable DevSecOps Journey with IAV

Join IAV on a transformative journey from a decentralized ecosystem to a centralized powerhouse of DevSecOps excellence. This session will showcase IAV's innovative building block approach to handling diverse tasks in the software development process, with a focus on scalability and security. Discover how IAV transitioned to a centralized model using the JFrog Platform and standardized GitLab Pipelines, providing a comprehensive overview of open-source artifacts and enhancing developer efficiency. Learn how companies, even those unable to centrally manage policies, can centralize key aspects of software development to streamline processes and boost productivity. Through technical examples and practical insights, this session will demonstrate the power of DevSecOps building blocks, offering a blueprint for success in modern software development. Explore how IAV's scalable solutions can empower your organization to achieve DevSecOps excellence.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Ben Kadel Senior Mobile Engineer at GetYourGuide

Escape from Planet Regex - Kotlin to the Rescue

Calling All Aspiring Space Adventurers: Join the Elite Crew of the USS Singleton (the Federation's greatest explorer class vessel) Today! Embark on the thrilling adventure of a lifetime with the intrepid crew of the Singleton, as you navigate an uncharted (possibly dangerous) galaxy, where mastering Regex is not just an option—it's a matter of life-or-death! During your travels you'll uncover; not only a deep understanding of Regex itself (from basics to advanced), but also how to wield Kotlin to conquer any pattern matching challenge you face, equipping you with invaluable lifelong regex power! If that excites you, then signing up to the legendary personnel of the USS Singleton is for you! Here are just a few of the Benefits of the Job: * Properly learn Regex - From Amateur to Professional, so that you can actually put the knowledge to use! * Learn Kotlin APIs to work with Regex * Explore the vast cosmos & become an Intergalactic Hero having your name sung through the ages! (...possibly) Due to § 213-B:USSF Mandatory disclosure of hazardous workplaces; we must add: Possible “Challenges” of the role: * Ship may crash, leaving the crew stranded on an alien world * Possible loss of sanity and/or limbs * High chance of death. …But no need to worry, with the Captain & the crew of the USS Singleton, you are in very safe hands…So, what are you waiting for? Become a fabled starfarer today and unlock the secrets of Regex… ... Before it’s too late…

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Jeremy Adams Head of Ecosystem at Dagger

Fight fire with fire: Agentic CI with JFrog and Dagger

As organizations pump out record quantities of code, it's moving the bottlenecks to CI and Code Review. With code piling up, velocity grinds to a halt. Teams need to add appropriate AI agents and the right guardrails to CI pipelines to balance things out. What if your CI/CD pipelines could fix PR code right in the pipeline!? What if they understood why lints, builds, or tests failed and then proposed the correct fix instead of just throwing it back over the wall to developers or burdening code reviewers with half-done PRs? Join us for a hands-on technical session showcasing how JFrog Artifactory, Dagger’s portable pipelines, and LLM-powered AI agents combine to create an intelligent, adaptive platform for shipping software faster. We’ll walk through a live scenario such as: - An app build fails in CI. - An AI agent (backed by an LLM) inspects the failure, correlates logs, build metadata, and deployment artifacts. - It proposes a fix in code (using Dagger Functions), regenerates the pipeline, and pushes the corrected artifact to JFrog. You’ll leave with a blueprint for building your own self-healing pipeline systems using the best of artifact management, containerized pipeline portability, and developer-first AI.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Neel Bhatt Chapter Lead & Solutions Architect at RTL

Formula One Thinking: Speed, Precision, and Pit Crew Culture in Tech

In the world of Formula One, milliseconds matter. Pit crews operate with breathtaking precision, teams make data-driven decisions in real-time, and entire car systems are optimized to handle extreme pressure - all while racing at over 300 km/h. This talk takes you into the fast lane, drawing parallels between elite F1 teams and high-performing software engineering organizations. We’ll explore how principles like rapid iteration, modular design, tight feedback loops, and psychological safety from the F1 world can help tech teams move faster without crashing under pressure. From CI/CD pipelines as pit stops, to observability as digital telemetry, to building a culture where failure is expected and recoverable - this session offers a high-octane perspective on team performance, system design, and engineering excellence.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Mehul Patel Independent Cloud Consultant

Freeze,Investigate,Recover: Unlocking Forensic Container Checkpointing with CRI-U

Resilience in Kubernetes often relies on pod restarts, but what if we could checkpoint running containers for forensic analysis and seamless recovery? This is where Checkpoint/Restore in Userspace (CRIU) and its integration with CRI-O and Containerd come into play. When applications fail, are compromised, or need migration, traditional recovery methods lose valuable runtime data, making debugging, forensic investigation, and live migration difficult. CRI-U enables container-level checkpointing, allowing us to snapshot an application’s complete state, including memory, processes, and open files. This unlocks new security forensics, failure recovery, and workload resilience possibilities. This session will explore how forensic container checkpointing enhances Kubernetes resilience. Attendees will learn how to securely capture, analyse, and restore container states, ensuring minimal downtime and improved security

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Yoav Lax AI Solution Architect at Varonis

From CI/CD to CI/AI: Scaling DevOps with AI-Driven Automation and Autonomous Agents

As AI becomes integral to modern software delivery, DevOps teams face new challenges and opportunities in transforming their workflows. In this session, we'll share real-world lessons from leading AI adoption across mission-critical platforms, where we evolved traditional CI/CD pipelines into intelligent, adaptive CI/AI systems. We’ll explore how we: * Embedded autonomous agents into our CI lifecycle. * Designed strategic adoption frameworks to supercharge engineering velocity and quality. * Measured the real-world impact on developer productivity, code quality, and release velocity. * Drove adoption across the whole R&D organization. * Balanced rapid innovation with reliability while scaling AI across complex, high-stakes environments. Whether you're just starting your AI journey or scaling adoption across teams, this talk offers a practical blueprint for building AI-native DevOps organizations.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Avishag Sahar Engineering Tech Leader, LinearB

From CI/CD to CM (Continuous Merge): Unleash Your Dev Velocity

Being an elite dev team isn’t just about merging faster, it’s about being able to deliver consistently. While velocity is the primary metric these days that marks elite teams - this is still in a world where all pull requests are created equal and undergo the same CI/CD gating and branch protection. But what if it doesn’t have to be this way? Developer happiness and retention is often based on the type of work a team is doing and the amount of frustration involved trying to get code merged––where some of these merges are as simple as minor config fixes, version upgrades or documentation edits. In this session, we will discover how elite teams are flipping the paradigm through evolving their CI/CD to CM, continuous merge, by optimizing non-coding time and customizing how Pull Requests are treated based on their unique characteristics and impact on production systems. You too can be one pull request away from dev enlightenment and happiness.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Owen Delaney Senior Chapter Lead, Admiral Insurance

From Fire to Flow: Scaling Platform Engineering with JFrog

What do you do when your software delivery platform becomes the bottleneck instead of the enabler? At Admiral, we faced a burning platform moment—an inflection point that forced us to rethink how we build, secure, and ship software. This keynote shares our journey from firefighting to future-proofing, and how we scaled platform engineering with JFrog at the core. We’ll explore how we selected JFrog as our DevOps platform of choice, the strategic role of platform engineering in the implementation, and how we used Terraform to codify and scale our infrastructure. You’ll hear how we tackled challenges like fragmented tooling, inconsistent pipelines, and cultural inertia—and how we overcame them through automation, enablement, and a product mindset. This is a story of transformation, not just technology. It’s about building a platform that empowers teams, accelerates delivery, and strengthens security—without burning out your engineers. Key Takeaways Turning Crisis into Opportunity: How a burning platform moment aligned leadership, engineering, and security around a shared vision for change. Platform Selection with Purpose: Why JFrog was chosen and how it aligned with our goals for security, scalability, and developer experience. Scaling with Platform Engineering: How we structured our platform team, used Terraform to codify JFrog, and built reusable modules and golden paths to support autonomy at scale. Overcoming Real-World Challenges: From cultural resistance to technical complexity, how we navigated the human and technical sides of transformation. Delivering Measurable Impact: The benefits we’ve realised—from faster delivery cycles and stronger governance to happier, more empowered engineers.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Qilong Wang Chief Technology Officer | NightVision Security

From Scan to Sign-Off: Integrating NightVision DAST Attestations with JFrog Evidence Collection

In this session, we’ll walk through how to integrate NightVision’s next-generation web and API security testing tool with JFrog’s Evidence Collection framework. You’ll see how NightVision runs high-speed, authenticated grey-box scans, finds exploitable issues with code-level insights, and then generates signed vulnerability attestations. We’ll integrate that evidence into a JFrog software artifact using the JFrog CLI, so that scan result travels with the artifacts and appears on JFrog’s visual evidence graph. By the end of this talk, you’ll see how this combined solution: . Ensures traceable, signed proof of security testing across your SDLC . Enables Release Lifecycle Management policies that gate promotions based on NightVision scan results . Streamlines audits, compliance, and governance by keeping all security attestation into JFrog as the single source of truth We’ll demo a CI flow that starts with a pull request, kicks off a NightVision scan, collects its report as signed evidence, and attaches it to a software artifact before any promotion happens. If no critical vulnerabilities are found, you can proceed. Otherwise, you’ll see how to automatically halt a rollout, track the findings, and iterate fast.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Lucas Teixeira Rocha Senior Software Engineer at Oracle

From Zero to Million: How I got the first Million downloads on my Open-Source PHP package

I will start by explaining a little bit about the project, it’s differentials and how the CI/CD process helped it to succeed. The second part will explain the process and the most important decisions and suggestions that I got from friends and co-workers (highlighting the importance of sharing your personal projects with people you thrust). Third part will speak about how to get financial support for a free and Open Source project. Here I will also reveal what I would do differently if I could go back in time. Last part will provide valorous advices for who is starting or looking for a project to start. I will also try to finish the presentation by inspiring people to do the same I did (or even better).

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Yishai Beeri CTO at LinearB

How Can Engineering Leaders Measure the Impact of GenAI

Generative AI has taken the world by storm since its general availability to the public in early 2023. Going from novel technology to commodity in months, this disruptive technology quickly found applications in the software development world - and many engineering organizations are trying to capitalize on the disruptive technology. Nearly every engineering organization has adopted, or is thinking about adopting GenAI as a tool for developers. It has become wildly popular for everything from generating code, to writing and deploying tests, pull request reviews, experimentation and PoCs and much more. But who checks the machines? In this talk I'll dive into the actual measurable outcomes - positive and negative - of adopting GenAI in engineering organizations. While engineering leaders rapidly jumped on the GenAI bandwagon, many are still struggling to quantify its value, not to mention manage its risks. This talk will discuss how and what to measure to understand adoption, quantify benefits and control risks in your initiative to leverage AI in your engineering organization. Join us to learn about the specific metrics you should be monitoring to ensure maximizing ROI on your GenAI engineering org initiatives.

10:55 AM

Add to calendar

10:55 AM

Melica Moshiri BBC The Apprentice Candidate 2025 | Founder & CEO at Global AI search firm

How to secure a job beyond a job ad

Candidates in the tech field often feel ignored when applying for roles which they are a suitable fit for. They don’t hear back. This is a session to advice job seekers how to secure a role with their dream company beyond just seeing a job ad out. How to approach decision makers and how to stand out by personal branding initiatives

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Bhanu Reddy Senior Software Engineer

Leela Padmaja Engineering Manager

JFrog CLI version manager

As teams grow and projects use different tools, managing JFrog CLI versions gets tricky. JFVM makes this easy for both DevOps engineers and CI/CD developers. For CI/CD developers, consistency and predictability in build and deployment pipelines are critical but managing JFrog CLI versions in these environments often becomes a hidden bottleneck. Testing new CLI versions without disrupting existing flows is difficult, and tracing regressions to a CLI update is rarely straightforward. JFVM addresses these issues by enabling CLI version pinning per project or pipeline, ensuring reproducibility across all stages. CI/CD Developers can test command behavior and measure performance and export results in CI-friendly formats like JSON. The shim-based design means every call to jf runs the right version without manual setup. For CI/CD workflows, JFVM adds a layer of control, automation, and insight eliminating guesswork and allowing teams to ship faster with confidence. For DevOps engineers, managing multiple versions of the JFrog CLI across various environments and teams is an ongoing challenge. Different projects often rely on specific versions, and maintaining consistency without breaking workflows requires careful coordination. Manual version switching, symlink setups, and PATH manipulations are not only error-prone but also difficult to scale. Troubleshooting version-related issues or testing new CLI releases becomes a time-consuming and risky task. JFVM streamlines this entire process by offering a clean, reliable version manager that lets teams install, switch, and link JFrog CLI binaries effortlessly. With project-level defaults, teams ensure version consistency across machines and environments. Powerful features in jfvm allow DevOps teams to evaluate behavior and performance across versions, reducing risk during upgrades. Usage analytics add visibility into command usage and adoption trends, enabling better governance and toolchain optimization.

10:55 AM

Add to calendar

10:55 AM

Erwin de Keijzer DevOps Engineer at Fullstaq, chindōgu Engineer at home

Leaking Secrets with AI: mcp workflow edition

With LLMs and MCP it has become easier than ever to leak secrets from all your environments to LLM providers. Erwin will demo how to responsibly use LLMs to debug your running applications with kubernetes and prometheus and how to prevent them from accessing things they should not.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Olha Pyvko Agile Delivery Coordinator & Scrum Master

Less Is More: How Lagom and Agile Can Create Harmonious Workflows

Hej! As an Agile coach who recently moved to Sweden, I’ve come to discover a beautiful thing about the Scandinavian way of life—Lagom. It's all about balance, simplicity, and finding the perfect harmony in everything you do. And guess what? It turns out Lagom has so much in common with Agile! Who knew? In this fun and energizing talk, I’ll share how the philosophy of Lagom (which, in case you're wondering, roughly translates to "just the right amount") can actually help you fine-tune your Agile processes to create workflows that feel... well, just right! No more chaos, no more burnout—just the perfect balance of productivity and well-being. And the best part? By incorporating Lagom, you can actually improve the quality of your work without pushing yourself or your team to the breaking point and burnouts. It's all about creating just the right amount of challenge, just the right amount of rest, and just the right amount of focus. This session is focused on the practical, lighthearted insights you can start using right away to improve your Agile processes, all while embracing a tradition that has stood the test of time in Sweden. If you’re ready to get rid of burnout and bring balance to your development teams, this is the talk for you!

10:55 AM

Add to calendar

10:55 AM

Ant(on) Weiss Software Delivery Futurist

Letting Swarms of Agents Loose (or Letting them Win?)

Agent Swarms are the hottest trend in AI-assisted software delivery. Let's explore the technologies, the approaches, the risks and the opportunities. Brought to you by a fly on the wall of the Agentics foundation.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Abhilekh Verma Director at Abhilekh Verma Consultancy (OPC) Private Limited

LLMs & Natural Language Processing – Unlocking the Future of AI Communication

Large Language Models (LLMs) are revolutionizing the way we interact with AI, transforming industries from customer service to enterprise automation. This session will break down how LLMs work, explore their real-world applications, and address key challenges like bias and hallucinations. Attendees will gain insights into the evolution of NLP, emerging trends in multilingual and domain-specific models, and practical use cases in recruitment, HR tech, and corporate training. Why This Session? With hands-on expertise in AI-powered recruitment solutions and corporate training, I bring a practical perspective on integrating LLMs into business processes. My experience delivering global lectures for Microsoft Azure Developers and AI communities makes me an engaging and insightful speaker. Key Takeaways: ✅ Understand the core workings of LLMs (GPT, BERT, etc.) ✅ Explore real-world applications in content creation, HR tech, and automation ✅ Learn about key challenges in LLM adoption, including bias and security risks ✅ Discover future trends in multilingual and domain-specific models.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Manfred Bjørlin Principal Cloud Native Architect

Managing the Chaos: Not a Superpower. Not a Curse. Just My Brain

Join me for a fun and honest talk about living with ADHD. Something I didn't fully understand about myself until later in life. I'll share my personal journey from feeling like a useless "scatterbrain", to learning how to work with my brain instead of against it. This isn't a medical lecture, but rather a real-life story with humor, practical tips and a few nerdy metaphors (yes, we'll talk about RPG and mana use and regeneration, my "mana theory"). We will explore how I experience the world, with my flavour of neurospice, what makes our brains different and how workplaces can become more inclusive and creative by embracing those differences. Whether you're neurodivergent yourself (or neurospicy as I like to call it), wotk with someone who is, or just want to understand people better - maybe this is a good talk for you.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Manfred Bjørlin Principal Cloud Native Architect

Awar Abdulkarim Senior Engineer @ Sopra Steria | Competency Lead Cloud Native

Not just another AI talk: MCP - a standardized protocol for AI

Model Context Protocol (MCP) defines itself as "a USB-C port for AI applications". It standardizes the way you can connect your devices to various peripherals and accessories. A standardized way you connect AI models to different data sources and tools. This presentation will show you, in a practical demo, how you can develop clients and servers to make use of agentic AI as their user interface. Your MCP servers will make it possible for other developers to directly plug into your services. But be aware, that means it's easier for your customers to switch to your competitors as well! We will show you best practices for securing your data within your own infrastructure, and how to control your data flow. May the demo monster be with us. We will also address some common pitfalls, and what you need to consider before diving head first into making your very first MCP server, exposing all your company's deepest secrets. Challenge yourself to make your services and data available in a whole new way, to be the cool kid and follow the latest trends without going face first into a brick wall.

10:55 AM

Add to calendar

10:55 AM

Kim-Norman Sahm CAST AI | Regional Field CTO EMEA

Optimizing Kubernetes and unlock blockers with Pod Live Migration

Kubernetes is easy, isn't it? Creating Kubernetes cluster in public cloud take a few minutes, deploying an application it's like same. But how can we make sure that our cluster scales in an efficient way? And what can we do with workloads which are not really a good fit for Kubernetes?

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Krishna Nadiminti US Developer Experience Leader, NVIDIA

Ulili Nhaga Principal Architect at NVIDIA

Powering AI at Scale: The DevOps Journey to a Next-Gen Artifactory Platform

How do you scale artifact management for an era of AI-driven engineering? In this session, learn how a lean DevOps team inherited a legacy Artifactory instance and transformed it into a hyper-scale, cloud-native artifact platform capable of handling modern AI/ML workloads. The speakers will walk through the transformation journey—from aging infrastructure and operational bottlenecks to a scalable, automated, and performance-optimized Artifactory cluster. Discover how NVIDIA scaled to support 10x artifact growth, massive binaries, and unpredictable CI/CD bursts, all driven by cutting-edge GPU development and AI test pipelines. You’ll gain insights into architectural evolution, observability patterns, and DevOps practices that enabled the team to tame explosive scale while improving reliability and efficiency.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Zohar Sacks Senior Director of Product, JFrog

Protect your vibe coding with jfrog artifactory and curation

Vibe coding is the sweet spot of developer productivity and innovation, fostering creativity and even democratizing coding across your enterprise. This session explores the power of "vibe coding" and its transformative potential, but also acknowledges the inherent risks: software supply chain vulnerabilities, licensing issues, and dependency management headaches. Discover how the JFrog Platform, with Artifactory and Curation, safeguards your development flow while maintaining productivity and innovation. Protect your vibe, accelerate innovation, and secure your software supply chain from code to production with JFrog.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Avishag Sahar Engineering Tech Leader, LinearB

Pull Request Size: The Most Important Indicator of Development Pipeline Health

Accelerate popularized “DORA 4” metrics for tracking the health of your dev pipeline. I studied 2,600 teams and found a single indicator that predicts if your team’s metrics will be elite. Learn why small PR size is the key to healthy cycle time, MTTR, change failure rate and deploy frequency. This presentation includes industry benchmarks from 2,600 dev teams collected from January 2020 though June 2021, all of the data and citations from my research, multiple case studies from well known Israeli start-ups like Unbabel, Intsights and BigID and tips for improving PR size, cycle time, MTTR, change failure rate and deployment frequency.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Chris Snowden Enterprise Security Architect

Patricia R root

Realising Expectations: Enforcing Quality and Security Gates in Release Lifecycle Management

Session Summary Ever felt like you have a wonderful plan, but theory doesn't always translate to practice? Picture this: You've established a lifecycle for your artefacts, you know how to take some code, thru your own defined CI/CD processes and quality gates, to build a good release candidate, testing it iteratively and, eventually, deploying it into production. What happens when you want to attest that all artefacts being built daily, by multiple teams, with multiple ways of working are indeed following what you carefully crafted as your Release Lifecycle? Can you continuously and consistently ensure coverage and effectiveness of your controls, at scale? We will show a case study that leverages JFrog’s Release Lifecycle Management and Distribution features to set organisational policy to achieve auditability and traceability over release candidates, which combined with CI/CD environment hardening ensure practical coverage and effectiveness of your controls is closer to what you envisioned. In this session we will pay particular attention to the following considerations: 1. You’ve created your release candidate so now what? Staging your release candidates and establishing immutability – why this matters and what good looks like 2. Release bundling for different deployment types including GitOps 3. The evidence that should be collected to establish reliability and security – emphasis on control coverage and effectiveness – what does this look like? And how/when should it be done? And what does validation look like 4. The role of protected credentials and admission controllers in establishing trust Please see "Who should attend?" for key session takeaways.

10:55 AM

Add to calendar

10:55 AM

Tinatin Balavadze Building Scalable Code, Careers, and Communities—One Bold Move at a Time.

Refactor Your Career: Build It Like Your Best Codebase

Bad code hurts. A messy career—stale skills, stagnant roles, and hidden tech debt—is just as painful. Engineers refactor code to keep it fresh and efficient. Why not refactor our careers? This talk treats career growth like an engineering challenge. I'll show you how to debug outdated skills, identify growth blockers, and apply CI/CD principles for continuous improvement. Whether stuck in maintenance mode or ready to scale your impact, you'll leave with clear strategies to iteratively upgrade your career without burnout.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Gaurav Saxena Director of Engineering, Ford Motors

Resiliency by Design: Internal platform’s contribution to Cloud Security

In today's complex enterprise environments, building and maintaining resilient data streaming platforms requires a strategic approach that empowers developers while ensuring security and operational efficiency. This presentation explores how Internal Developer Platforms (IDPs) can streamline development workflows, enhance application portability, and fortify your software supply chain, including the use of CNCF projects. We'll delve into: Internal Developer Platforms (IDPs): Understanding the core principles of IDPs and how they enable self-service infrastructure, reduce cognitive load for developers, and promote consistent development practices. Open Application Model (OAM): Leveraging OAM to define applications in a platform-agnostic way, separating application logic from infrastructure concerns. This promotes portability and simplifies management across diverse environments. Crossplane: Using Crossplane to extend your Kubernetes cluster and manage infrastructure resources (databases, message queues, etc.) directly from within your IDP, enabling a unified control plane for both applications and infrastructure. A key focus will be on building a hardened software supply chain: Melange, Apko, and Wolfi: Building minimal, secure container images using these next-generation tools. We'll discuss the benefits of reduced attack surface and improved image scanning results. Sigstore Project (Cosign, Fulcio, Rekor): Ensuring the integrity and authenticity of container images through signing and attestation. We'll demonstrate how to use Sigstore to sign images built from managed CI pipelines and push to jFrog Artifactory securely. Kubernetes Admission Control: Implementing KubeWarden, a Kubernetes admission controller, to enforce policies and verify image signatures before deployment, preventing the execution of untrusted code. Workload Attestation using SPIFFE: Using SPIFFE for workload attestations

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Mohammad Saheer Padinharayil Manager | CVS Health | AI & Cloud Security Enthusiast

Securing AI Models and ML Pipelines: Best Practices and Pitfalls to Avoid

As machine learning becomes integral to modern applications, the attack surface for AI systems is rapidly expanding. From data poisoning and model inversion to supply chain vulnerabilities in ML pipelines, the risks are real—and often overlooked. In this session, we'll explore key challenges in securing the AI lifecycle. You’ll learn how adversaries exploit weaknesses in model training, deployment, and inference stages—and how to counter them with practical strategies. We’ll walk through: -Threat modeling for ML pipelines -Secure model training and deployment using ML tools -Proven strategies for securing data inputs, model artifacts, and dependencies -CI/CD best practices for AI/ML, including policy enforcement and SBOMs -Real-world case studies of AI system compromises—and what we can learn from them This talk will give you the actionable insight to evaluate and secure your own AI initiatives, ensuring trust and compliance in an era where AI is not just an asset, but a potential liability.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Dorit Dor Co-founder Qbeat Ventures, Check Point fellow; Security geek; Passionate about innovation and products, Cyber, Quantum and AI; Board member;

Security First in the Age of AI Agents

We're entering an era where applications aren’t just built by humans, they’re built with or even by intelligent agents. These autonomous systems fetch dependencies, generate code, spin up infrastructure, and even make decisions that used to be handled by experienced developers or architects. This shift fundamentally changes the risk model. In a world where AI agents can trigger CI pipelines, provision resources, or integrate third-party services, security can no longer be bolted on later. Infrastructure must be built with security-first principles from day zero. In this session, we’ll explore: Why traditional security models break in an agent-driven ecosystem What changes when autonomous systems operate within your SDLC How to design infrastructure that is ready for agentic automation, but still controlled, transparent, and resilient Cultural, organizational, and technical changes needed to embed security into your infra DNA You’ll walk away with practical strategies, real-world examples, and a new perspective on securing systems in a world where humans are no longer the only actors.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Hariharan Ragothaman Software Engineer @ AMD | Backend, Infrastructure, Cloud, Embedded

Shift-Left Meets Zero Trust: Building Secure-by-Design APIs from Day Zero

Zero Trust is no longer confined to just endpoints and user authentication—it extends crucially to APIs, services, and dynamic interactions across distributed systems. In a cloud-native world where microservices span multiple environments, APIs become the core trust boundary. The shift-left paradigm—addressing security early in the development lifecycle—is complemented by extending security principles across distributed API-driven systems using Zero Trust architectures. This talk dives deep into how organizations can implement Zero Trust at the API and service mesh layer, enforcing strong identity, access control, and behavioral baselines for service-to-service communication. This session provides attendees with practical strategies to enforce strong identity management, robust access controls, and behavioral baselines in service-to-service communications. Using hands-on examples, we’ll explore how these security patterns are integrated into modern DevSecOps workflows—showing how JFrog Xray and JFrog Advanced Security can help detect vulnerabilities and enforce policy gates in CI/CD pipelines, and how JFrog Artifactory acts as a trusted source for secured software supply chains. Attendees will benefit from an in-depth, hands-on demonstration showing exactly how these concepts are operationalized. Topics covered include: 1. Implementing mutual TLS (mTLS) across services using SPIFFE/SPIRE for cryptographic identity. 2. Using service meshes (Istio, Linkerd) to enforce Zero Trust policies, rate limiting, and telemetry. 3. Designing API Gateways with attribute-based access control (ABAC) and fine-grained policies. 4. Establishing behavioral norms and detecting anomalies in API interactions The talk concludes with a real-world reference architecture for securing microservices in a hybrid multi-cloud deployment, along with tips on avoiding common design pitfalls.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Lucas Teixeira Rocha Senior Software Engineer at Oracle

Ship with Confidence: A JavaScript Test Automation Workshop

Ready to level up your JavaScript testing? This hands-on workshop dives deep into practical test automation with Jest, Cypress, and Stryker Mutator. Learn to write robust unit & E2E tests, and discover the power of mutation testing to supercharge your test suite! This hands-on workshop provides a practical introduction to modern JavaScript test automation using three powerful tools: Jest, Cypress, and Stryker Mutator. Participants will learn how to write effective unit and integration tests with Jest, focusing on best practices and real-world scenarios. The workshop then transitions to end-to-end (E2E) testing with Cypress, demonstrating how to build robust and reliable UI tests. Finally, participants will explore the cutting-edge technique of mutation testing with Stryker Mutator, learning how to identify weaknesses in their test suites and ensure comprehensive code coverage. Workshop Highlights: * Jest: Mastering unit and integration testing, mocks, stubs, and test-driven development (TDD) principles. Hands-on exercises will cover testing various JavaScript code structures, including asynchronous operations. * Cypress: Building robust E2E tests for modern web applications. Participants will learn how to interact with UI elements, handle asynchronous behavior, and implement best practices for maintainable E2E tests. * Stryker Mutator: Discovering the power of mutation testing to identify gaps in your test suite. Learn how Stryker helps you find untested edge cases and improve the overall quality of your tests. Learning Outcomes: * Write effective and maintainable unit and integration tests using Jest. * Develop robust end-to-end tests with Cypress. * Understand and apply mutation testing with Stryker Mutator. * Improve the quality and coverage of your JavaScript test suites. * Gain practical experience with modern JavaScript testing tools and techniques.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Ronny Belenitsky Director of Product

Strengthening SDLC Integrity, Step by Step

In our discussions with customers, we identified a critical challenge in the Software Development Lifecycle (SDLC): package signing often occurs after the package build, altering the package’s SHA in the middle of the process. While organizations aim to ensure that artifacts pushed to production have a fully signed and verifiable provenance from development to deployment, this intermediate modification disrupts the integrity of the build step and beyond. Customers recognize the value of immutable release bundles and a robust provenance posture. However, transitioning away from a process that modifies artifacts mid-SDLC for signing to an immutable workflow remains challenging. This talk will explore how organizations can adopt a step-by-step approach to ensure consistency and predictability across SDLC maturity stages, while enabling the addition of trusted and signed evidence at every stage; a way to enable security, traceability, and compliance without compromising integrity.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Ant(on) Weiss Software Delivery Futurist

Systems Thinking for Vibe Coding

Vibe coding (programming with the help of AI) is making developers 3x more productive by reducing the toil and speeding up boilerplate code generation. The bottleneck of coding time is thus getting eliminated. But Systems thinking (and the Theory of Constraints) teaches us that we can only improve a process by elminiating the most limiting bottleneck in the chain of processes. Was coding ever that bottleneck? What other bottlenecks do we need to take care of now? Let's analyze software delivery in 2025 through the prism of Systems Thinking, define the challenges AI-assisted coding brings to the table and how to effectviely resolve them.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Oleg Nenashev Lead Developer Advocate, Gradle

Testcontainers and API mocking for C/C++

Testcontainers has become one of the most popular tools for software integration testing. And yes, we can have cool things in C/C++, too! If you can put your system-under-test into a container, Docker Compose cluster, or a pod, this is what you're likely to use. If your target isn't ready, not containerizable, or just too heavy for testing as is, you can always use API mocking like WireMock to mock your interfaces including REST API, gRPC, etc. But are these tools available to C/C++ developers? And the answer is YES! In September 2023, I created Testcontainers for C/C++. This is not a standalone Testcontainers engine but a C-style shared library adapter for native languages like C/C++, D, Lua, Swift, etc. It is an MVP SDK that can be later extended for the languages. I will show examples with CTest, CppUnit and Google Test. The project is based on Testcontainers for Go, which is one of the most powerful implementations. And yes, I am happy to chat about how it does [and doesn’t] work under the hood!

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Ludovico Besana Senior Test Engineer @Nearform

Testing in Consulting: Balancing speed, scope and sanity

Testing in consulting is not the same as testing in product development. It means adapting to existing processes, working with distributed teams, and influencing quality without having full control over the code or the decisions. In this talk, I’ll share 6 years of experience as a QA on consulting projects for startups, corporations, and public sector organizations. We’ll cover: - how to tackle unfamiliar codebases with limited time - how to advocate for quality with devs and PMs who “don’t have time for testing” - how to choose between E2E tests, unit tests, and quick-impact tests - tools and templates for multi-team environments - KPIs to show clients the value of your work We’ll also talk about mental balance, unrealistic expectations, and how to avoid QA burnout from being constantly in “firefighter mode.” A practical, human talk full of tips for anyone doing or wanting to do testing in consulting.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Peter van Vliet Co-Founder and Lead Architect @ Masking Technology

The Anatomy of a Distributed JavaScript Runtime

Imagine a world where you develop an application as a monolith but deploy it distributed across multiple servers and even in the browser. If you want to learn how this looks and works, this talk is for you! We’ll dissect the design of an open-source distributed runtime for full-stack JavaScript and TypeScript applications. We’ll cover the runtime's goals, overall architecture, key building blocks, and the technical challenges faced. Additionally, we will showcase an example application, demonstrating use cases, deployment strategies, and the developer experience. By the end of this talk, you will gain a deeper understanding of the benefits and challenges of separating the development model from the deployment model, unifying the frontend and backend, and what it takes to build and operate a distributed JavaScript runtime.

10:55 AM

Add to calendar

10:55 AM

Erwin de Keijzer DevOps Engineer at Fullstaq, chindōgu Engineer at home

The Hybrid Kubernets Cluster - your head in the clouds, but feet firmly on the ground

The golden days of the cloud seem to be over, just as many companies seem to be migrating into as out of the cloud. But the cloud still has some unique advantages that are hard to implement on your own. In this talk I'll go over several of the hybrid models that might help you achieve your goals.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Aditya Tripathi Product Marketing, Docker

The proactive software supply chain: Hardening AI from the ground up

As teams build complex, multi-agent AI systems, a new generation of security challenges is emerging. We're moving beyond the traditional "scan and pray" methodology to a proactive approach that establishes security by design. Docker pioneered the simplified developer experience for microservices, and we're applying that same philosophy to securing agentic app dev workflows. In this keynote, we'll explore how leveraging hardened container images, with dramatically reduced attack surfaces and continuously automated patching, provides a secure foundation. We'll also show how this approach integrates seamlessly with the tools you already rely on, like JFrog Xray, to ensure you can build and deploy with confidence. We will then demonstrate how this security-first philosophy extends to agentic app patterns, allowing you to build, orchestrate, and deploy entire AI stacks. Join us to learn how to unify security and innovation, making resilience a core feature of the next generation of intelligent applications.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Neel Bhatt Chapter Lead & Solutions Architect at RTL

The tech behind weather forecasting: How technology keeps you ahead of the weather

Curious about how Netherlands biggest weather platform manages to predict the weather with such accuracy while serving millions of users every day? Join us for an insightful dive into the technology powering Buienradar’s meteorological marvel. In this down-to-earth conference talk, we’ll take a closer look at the nuts and bolts of Buienradar’s operations. Discover how Buienradar’s scalable infrastructure and clever algorithms work together to process vast amounts of data, providing users with reliable weather forecasts at their fingertips. We’ll explore the challenges of managing such a high volume of users and data, discussing practical solutions and lessons learned along the way. From data handling techniques to performance optimization, we’ll cover it all in a relatable and accessible manner. We will cover our journey to kubernetes, how our platform engineering works, how our architecture looks like, how we maximize our observability using grafana and much more. Whether you’re a tech enthusiast, a weather aficionado, or simply curious about how your favorite weather app works, this talk is for you. Join us as we peel back the curtain on Buienradar’s technology, demystifying the complex world of weather forecasting in a way that’s easy to understand and appreciate.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Olha Pyvko Agile Delivery Coordinator & Scrum Master

Turning Gut Feeling into Numbers: Leveraging Data to Simplify Complex Decisions

As a Scrum Master, I've often observed how teams and stakeholders face challenging decisions. Think about it: how do we weigh potential features for a product backlog, evaluate technical approaches, or prioritize strategic initiatives when each option has varying levels of impact, effort, risk, and value? These aren't simple "either/or" questions. Relying solely on gut feeling in these complex scenarios can lead to uncertainty, difficult conversations, and sometimes, decisions we later regret. While there's no magical formula to guarantee perfect decisions every time, we can use structured approaches to guide our choices. One method I've found particularly useful is the Analytic Hierarchy Process (AHP). AHP helps translate qualitative judgments – our intuition and understanding – into quantitative measures. By breaking down the decision into a hierarchy and using pairwise comparisons, we can assign relative weights to criteria and alternatives, providing a clearer, data-informed perspective on which options best align with our goals.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Marin Niehues Founder & Principal Consultant

Unf*ck your mind: How to finally build something great again

Let’s be honest: your mind is f*cked. Overloaded, overstimulated, and drowning in an endless to-do list. Everything needed to be done yesterday, you’re pulled in a hundred directions, and somewhere along the way, you forgot what actually matters. We’re bombarded with notifications, meetings, and meaningless busywork. AI is making it worse—spitting out endless streams of generic, forgettable content. We move faster and produce more, but are we actually creating anything worth remembering? The result? Mediocre, half-assed outcomes. Not just in your work, but everywhere—your company, your customers, your career. We’re all stuck in this cycle, rushing to meet deadlines we didn’t set, for work that isn’t great, while convincing ourselves that speed equals value. This session is about breaking that cycle. It’s about unf*cking your mind so you can focus on what actually matters—and finally build something you’re proud of. After this session, you will: -> Know how to unf*ck your brain and work like a person, not a machine. -> Know how to spot the fake urgency that’s keeping you from real progress -> Build the best product or service you’ve ever created -> Tell the difference between what’s actually important and what only seems important

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Ram Mohan Rao Chukka Ram | Developer | JFrog

Unlocking Developer productivity (DIY) - Best practices to release faster !

No one wants to be responsible for delivering bad quality of Code . But what can you do as a developer to avoid being the bad guy? How can developers enable their teams / themselves (DIY) to improve productivity and release faster In talking within our own teams, we discovered that many developers weren’t running sufficient integration and End to End tests in their local environments because it’s too difficult to set up and administer test environments in an efficient way. That’s why we decided to rethink our entire software development process in hopes of cutting down on the headaches and valuable time wasted. Few important tools and practices have empowered our developers to easily configure a development environment locally that accurately matches the final Production environment — without needing to become an expert CI admin themselves. These days, we hear, “bugs” far less often — and you can too!

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Diana Todea Developer Advocate at Aircall

Why Observability is key for your LLMOps platform

As DevOps platforms evolve with the rise of ML and LLM-powered workflows, observability becomes the missing piece that unlocks true reliability and scale. In this talk, I'll explore how bringing observability into LLMOps workflows transforms how we build, deploy, and maintain large language model applications. I’ll dive into JFrog ML, a platform that combines artifact management with ML lifecycle tooling, and show how it enables deep monitoring of inference pipelines, prompt flows, and model drift. From tracking performance metrics to integrating with tools like Datadog, Prometheus, and Grafana, you’ll learn how observability empowers DevOps and MLOps teams to debug faster, optimize smarter, and scale reliably. This session is ideal for platform engineers, DevOps practitioners, and MLOps teams who want practical insights into integrating observability into LLM workflows, improving visibility and gaining full control over their AI/ML deployments.

10:55 AM

Add to calendar

10:55 AM

Add to calendar

Marin Niehues Founder & Principal Consultant

Why your manager ignores your great ideas (and how to fix it)

Every technical professional has been there: you know the right solution, you have the data to back it up, but somehow you can't get leadership to listen. The problem isn't your expertise—it's understanding how decision-makers actually process information and make choices. This session explores common patterns in workplace decision-making and provides a practical framework for influencing outcomes. You'll discover why smart people make seemingly irrational choices and learn proven techniques to present your ideas in ways that resonate with different personality types and organizational levels. What You'll Learn: -> Common decision-making patterns and how to use them for you -> How to frame your recommendations using established influence techniques -> Strategies for overcoming typical roadblocks that prevent good ideas from moving forward -> Practical communication approaches for different management styles -> How to build compelling business cases that secure budget and resources

Agenda

The Annual DevOps, DevSecOps and MLOps User Conference

Thank You!