November 13-14, 2025
Agenda
The Annual DevOps, DevSecOps and MLOps User Conference
Plan your schedule for swampUP Europe 2025 and reserve your spot before sessions reach full capacity!
Day 1
November 13th
Day 2
November 14th
0
8:00 AM
8:00 AM
Registration
Galerie
1
9:00 AM
9:00 AM
Compliance Without Compromise: Secure Your Software Supply Chain with JFrog
Salon 16
Maintaining compliance is no longer optional — it’s essential. This workshop guides you through the complexities of compliance regulations while ensuring the security and integrity of your software supply chain. Attendees will explore how JFrog tools, including Artifactory and Xray, enable organizations to not only meet regulatory requirements but also establish a culture of compliance excellence. Through hands-on experience, you’ll learn best practices for implementing compliance frameworks within your DevSecOps processes, automate compliance checks, and ensure rigorous security standards are met across the SDLC.
Key Skills Learned:
• Understand the key compliance requirements relevant to software development and deployment, including: NIST, SLSA, DORA, CRA and more
• Use JFrog Platfrom Security capabilities to manage open-source and proprietary artifacts while ensuring compliance.
• Automate compliance processes with JFrog CLI, REST APIs, and AQL to streamline workflows and reduce human errors.
• Implement proactive compliance strategies and integrate security measures early in the SDLC.
• Foster a culture of compliance excellence and improve collaboration across security, compliance, and development teams.
• Monitor and report compliance status using JFrog tools for ongoing compliance verification.
Who Should Attend:
• Compliance Officers and Risk Managers.
• DevOps Engineers and Software Developers.
• Security Engineers.
Don’t miss out on learning how JFrog can elevate your compliance strategy. Register now and secure your spot today!
Maintaining compliance is no longer optional — it’s essential. This workshop guides you through the complexities of compliance regulations while ensuring the security and integrity of your software supply chain. Attendees will explore how JFrog tools, including Artifactory and Xray, enable organizations to not only meet regulatory requirements but also establish a culture of compliance excellence. Through hands-on experience, you’ll learn best practices for implementing compliance frameworks within your DevSecOps processes, automate compliance checks, and ensure rigorous security standards are met across the SDLC.
Key Skills Learned:
• Understand the key compliance requirements relevant to software development and deployment, including: NIST, SLSA, DORA, CRA and more
• Use JFrog Platfrom Security capabilities to manage open-source and proprietary artifacts while ensuring compliance.
• Automate compliance processes with JFrog CLI, REST APIs, and AQL to streamline workflows and reduce human errors.
• Implement proactive compliance strategies and integrate security measures early in the SDLC.
• Foster a culture of compliance excellence and improve collaboration across security, compliance, and development teams.
• Monitor and report compliance status using JFrog tools for ongoing compliance verification.
Who Should Attend:
• Compliance Officers and Risk Managers.
• DevOps Engineers and Software Developers.
• Security Engineers.
Don’t miss out on learning how JFrog can elevate your compliance strategy. Register now and secure your spot today!
2
9:00 AM
9:00 AM
Mastering Scalable Architectures for Global Enterprises with JFrog
Salon 12-14
As enterprises scale their operations globally, creating architectures that are resilient, available, and adaptable to hybrid and multi-cloud environments becomes critical. This workshop dives into designing scalable, enterprise-level SDLC architectures, leveraging JFrog tools to meet the complex needs of modern digital ecosystems. You’ll gain hands-on experience in addressing performance, redundancy, and global collaboration challenges while ensuring operational efficiency.
Key Skills Learned:
• Articulate the key components and benefits of an enterprise-scale architecture for your organization.
• Implement scalable solutions that enhance reliability and resilience across multi-cloud environments.
• Select and design deployment topologies that meet enterprise-specific requirements.
• Anticipate and address potential operational, security, and compliance challenges.
• Create a blueprint that supports operational continuity and global collaboration.
Who Should Attend:
• DevOps and IT Architects.
• Principal and Senior Engineers.
• Systems Administrators.
• Network Engineers.
• IT Decision-Makers.
Register now to secure your spot and start architecting for the future of enterprise-scale success with JFrog!
*This session is available to existing customers only.
As enterprises scale their operations globally, creating architectures that are resilient, available, and adaptable to hybrid and multi-cloud environments becomes critical. This workshop dives into designing scalable, enterprise-level SDLC architectures, leveraging JFrog tools to meet the complex needs of modern digital ecosystems. You’ll gain hands-on experience in addressing performance, redundancy, and global collaboration challenges while ensuring operational efficiency.
Key Skills Learned:
• Articulate the key components and benefits of an enterprise-scale architecture for your organization.
• Implement scalable solutions that enhance reliability and resilience across multi-cloud environments.
• Select and design deployment topologies that meet enterprise-specific requirements.
• Anticipate and address potential operational, security, and compliance challenges.
• Create a blueprint that supports operational continuity and global collaboration.
Who Should Attend:
• DevOps and IT Architects.
• Principal and Senior Engineers.
• Systems Administrators.
• Network Engineers.
• IT Decision-Makers.
Register now to secure your spot and start architecting for the future of enterprise-scale success with JFrog!
*This session is available to existing customers only.
3
9:00 AM
9:00 AM
Master JFrog AppTrust for SSC Governance & Trust
Salon 17
Effective Release Lifecycle Management is key to ensuring secure, traceable, and efficient software delivery. Join us for this workshop with hand-on practice to learn how JFrog’s platform can help you automate workflows, improve collaboration, and ensure security and compliance throughout your software supply chain.
Key Skills you can Expect to Learn:
• Tracking and managing software artifacts throughout the lifecycle
• Automating release processes with CI/CD pipeline integration
• Implementing immutable releases and ensuring security compliance
• Enhancing team collaboration for smoother software delivery
• Exclusive Preview of JFrog’s upcoming product features
Who Should Attend?
• DevOps & Software Engineers
• Release Managers & QA Professionals
• Security Engineers & CISOs
• Technology Leaders (CTOs, CIOs)
Don’t miss out on transforming your software delivery process. Sign up today!
*This session is available to existing customers only.
Effective Release Lifecycle Management is key to ensuring secure, traceable, and efficient software delivery. Join us for this workshop with hand-on practice to learn how JFrog’s platform can help you automate workflows, improve collaboration, and ensure security and compliance throughout your software supply chain.
Key Skills you can Expect to Learn:
• Tracking and managing software artifacts throughout the lifecycle
• Automating release processes with CI/CD pipeline integration
• Implementing immutable releases and ensuring security compliance
• Enhancing team collaboration for smoother software delivery
• Exclusive Preview of JFrog’s upcoming product features
Who Should Attend?
• DevOps & Software Engineers
• Release Managers & QA Professionals
• Security Engineers & CISOs
• Technology Leaders (CTOs, CIOs)
Don’t miss out on transforming your software delivery process. Sign up today!
*This session is available to existing customers only.
4
12:30 PM
12:30 PM
Lunch
Restaurant Le Market
5
1:30 PM
1:30 PM
Foundations of DevSecOps - Avoiding Software Supply Chain Attacks
Salon 16
With software supply chain attacks on the rise, security risks have never been more critical. This hands-on workshop focuses on JFrog Security from Shift left to shift right - and how to integrate them into your DevSecOps strategy. We’ll explore how to secure your software supply chain, reduce vulnerabilities, and automate key workflows, ensuring your artifacts and dependencies are safe throughout the development lifecycle.
Key Skills Learned:
• Understand how JFrog security solutions accelerated your organisational DevSecOps goals and provide complete visibility from code to the production.
• Use JFrog security scan capabilities and Developer-Focused Security.
• Gain hands-on experience in configuring repositories, scanning for vulnerabilities, and automating delivery pipelines.
• Implement best practices to secure your software supply chain, reducing the risk of vulnerabilities and improving compliance.
• How to shift security left by embedding security measures early in your SDLC.
Who Should Attend:
• Engineers working across SDLC phases—Development, Automation, DevOps, and SRE.
• Security Engineers focused on securing the software supply chain with the JFrog platform.
Join us to deepen your DevSecOps knowledge and enhance your organization’s security posture with JFrog’s trusted tools. Sign Up Today!
With software supply chain attacks on the rise, security risks have never been more critical. This hands-on workshop focuses on JFrog Security from Shift left to shift right - and how to integrate them into your DevSecOps strategy. We’ll explore how to secure your software supply chain, reduce vulnerabilities, and automate key workflows, ensuring your artifacts and dependencies are safe throughout the development lifecycle.
Key Skills Learned:
• Understand how JFrog security solutions accelerated your organisational DevSecOps goals and provide complete visibility from code to the production.
• Use JFrog security scan capabilities and Developer-Focused Security.
• Gain hands-on experience in configuring repositories, scanning for vulnerabilities, and automating delivery pipelines.
• Implement best practices to secure your software supply chain, reducing the risk of vulnerabilities and improving compliance.
• How to shift security left by embedding security measures early in your SDLC.
Who Should Attend:
• Engineers working across SDLC phases—Development, Automation, DevOps, and SRE.
• Security Engineers focused on securing the software supply chain with the JFrog platform.
Join us to deepen your DevSecOps knowledge and enhance your organization’s security posture with JFrog’s trusted tools. Sign Up Today!
6
1:30 PM
1:30 PM
MLOps in Action: From Experimentation to Production
Salon 12-14
Integrating machine learning with DevOps practices is essential for organizations to stay competitive. This hands-on workshop will introduce you to JFrog ML and its capabilities, empowering data scientists and DevOps teams to seamlessly manage the end-to-end machine learning lifecycle. Learn to securely build, deploy, and maintain machine learning models with JFrog’s powerful platform, while enhancing collaboration between data scientists and DevOps teams.
Key Skills Learned:
• Seamlessly manage the full ML lifecycle, from experimentation to production, on a single platform.
• Track, compare, and version model experiments for optimized decision-making.
• Leverage JFrog’s advanced security features to scan models for vulnerabilities and ensure compliance.
• Automate training, validation, and deployment processes for faster, more reliable ML results.
• Collaborate effectively between data science and DevOps teams to accelerate model development and deployment.
Who Should Attend:
• Data Scientists.
• DevOps Engineers.
• IT Professionals & Project Managers.
Don’t miss the chance to take your machine learning deployments to the next level. Register now and learn how JFrog ML can transform your MLOps processes for greater speed, security, and efficiency.
Integrating machine learning with DevOps practices is essential for organizations to stay competitive. This hands-on workshop will introduce you to JFrog ML and its capabilities, empowering data scientists and DevOps teams to seamlessly manage the end-to-end machine learning lifecycle. Learn to securely build, deploy, and maintain machine learning models with JFrog’s powerful platform, while enhancing collaboration between data scientists and DevOps teams.
Key Skills Learned:
• Seamlessly manage the full ML lifecycle, from experimentation to production, on a single platform.
• Track, compare, and version model experiments for optimized decision-making.
• Leverage JFrog’s advanced security features to scan models for vulnerabilities and ensure compliance.
• Automate training, validation, and deployment processes for faster, more reliable ML results.
• Collaborate effectively between data science and DevOps teams to accelerate model development and deployment.
Who Should Attend:
• Data Scientists.
• DevOps Engineers.
• IT Professionals & Project Managers.
Don’t miss the chance to take your machine learning deployments to the next level. Register now and learn how JFrog ML can transform your MLOps processes for greater speed, security, and efficiency.
7
6:30 PM
6:30 PM
Welcome Reception
Galerie
8
8:00 AM
8:00 AM
Registration & Breakfast
Foyer A
9
9:00 AM
9:00 AM
Shlomi Ben Haim,
Co-Founder and CEO, JFrog
Shlomi is Co-Founder and CEO of JFrog, creators of the universal DevOps platform. He brings over 20 years of experience in building profitable, high-growth information technology companies. Prior to JFrog, Shlomi was the CEO of AlphaCSP (acquired in 2005 by MalamTeam) and a Major in the Israeli Air Force. Shlomi holds an MS from Clark University (Massachusetts, USA) and a BA from Ben-Gurion University (Israel).
Control. Shift. Deliver. Take Command of your Software Supply Chain, Key Takeaways & Wrap-Up
Bill Sheridan, VP of ITSM Product Management,
ServiceNow
Control. Shift. Deliver. Take Command of your Software Supply Chain
Johannes Dahse,
VP Code Security, Sonar
Johannes leads the product strategy and innovation for SonarQube’s security analysis. He joined Sonar in 2020 following the acquisition of his startup, RIPS Technologies, whose pioneering SAST product originated from his PhD research in static taint analysis. With over 15 years of experience, his passion for automating the detection of security vulnerabilities began while competing in capture-the-flag hacking contests and working as a penetration tester.
Control. Shift. Deliver. Take Command of your Software Supply Chain, From Code to Binaries: Trust your Software with JFrog and Sonar
Charles Sutton,
Head of Enterprise Software & Cloud - EMEA, NVIDIA
Control. Shift. Deliver. Take Command of your Software Supply Chain
Control. Shift. Deliver. Take Command of your Software Supply Chain
Grand Ballroom
10
9:45 AM
9:45 AM
Yoav Landman,
CTO & Co-founder, JFrog
Yoav is the visionary behind Artifactory, the universal artifact repository manager. Prior to founding JFrog, he spent over a decade as a senior consultant specializing in Distributed Computing and Enterprise Build Systems and held several senior technical roles in global organizations. Yoav holds a master’s degree in computing from RMIT University and a Bachelor of Laws (LL.B) from the University of Haifa.
AI-Driven DevOps Unleashed: The Future Starts Here
AI-Driven DevOps Unleashed: The Future Starts Here
Grand Ballroom
The future of DevOps is being transformed with autonomous agents. As the world begins to focus on agentic-driven release management, we will soon experience agents driving crucial processes such as building, securing, and deploying packages alongside automated policy enforcement. These agents are not working in silos - they will (and are) communicating with one another, enabling real-time visibility and management of secure pipelines. In this landmark technical keynote, we will reveal how JFrog is empowering teams to implement this modern approach to agentic software delivery - with minimal manual intervention, and with enhanced security – all in a streamlined release process without losing control!
The future of DevOps is being transformed with autonomous agents. As the world begins to focus on agentic-driven release management, we will soon experience agents driving crucial processes such as building, securing, and deploying packages alongside automated policy enforcement. These agents are not working in silos - they will (and are) communicating with one another, enabling real-time visibility and management of secure pipelines. In this landmark technical keynote, we will reveal how JFrog is empowering teams to implement this modern approach to agentic software delivery - with minimal manual intervention, and with enhanced security – all in a streamlined release process without losing control!
11
10:25 AM
10:25 AM
Eyal Dyment,
VP Security, JFrog
Eyal Dyment leads Security at JFrog, where he is responsible for driving the company’s security product strategy and innovation across the software supply chain. With a deep background in AI, machine learning, and data-driven product development, Eyal brings a unique blend of technical expertise and business acumen to the evolving DevSecOps landscape.
DevGovOps : DevOps & Governance Delivered with Trust
Yossi Shaul,
SVP DevOps, JFrog
Yossi Shaul is the Senior Vice President of DevOps Core at JFrog, where he leads the development of the company's core DevOps platform. With a career spanning over two decades in software engineering and leadership, Yossi has been instrumental in shaping JFrog's comprehensive solutions that integrate DevOps, DevSecOps, and MLOps practices.
DevGovOps : DevOps & Governance Delivered with Trust
Dennis Kuipers,
Sr Advisory Solution Consultant, ServiceNow
With over 30 years of experience in the IT industry, Dennis has held a wide range of roles, including Database Administrator, Developer, Architect, Engineer, and Pre-Sales Consultant. Dennis joined ServiceNow in 2018 as a Solution Consultant within the Swiss team and later transitioned to the ITOM Health organization, specializing in DevOps, Cloud Native technologies, and IT Operations Management (ITOM). Dennis’s current focus areas include AIOps and Generative AI, helping organizations enhance operational resilience and accelerate digital transformation. Before joining ServiceNow, Dennis spent 13 years at Credit Suisse in various engineering and architecture roles, driving initiatives around automation and operational management.
DevGovOps : DevOps & Governance Delivered with Trust
DevGovOps : DevOps & Governance Delivered with Trust
Grand Ballroom
Only secure, verified, compliant software should reach production. Full stop. With increasing pressure on modern development teams to deliver across security and compliance requirements, a fully-secured, attestable pipeline demands complete visibility and control across the entire release lifecycle in a single solution. In this can’t-miss swampUP keynote session, we’ll look at new innovations across JFrog security and platform teams, as well as industry advancements that enable a not just connected, but fully-integrated and robust software supply chain security solution that meets the modern needs of a security-focused, EveryOps reality. Join us for an exclusive look at how this tectonic security shift reshapes what you thought you knew about application security and governance, helping you unlock new levels of confidence in every release.
Only secure, verified, compliant software should reach production. Full stop. With increasing pressure on modern development teams to deliver across security and compliance requirements, a fully-secured, attestable pipeline demands complete visibility and control across the entire release lifecycle in a single solution. In this can’t-miss swampUP keynote session, we’ll look at new innovations across JFrog security and platform teams, as well as industry advancements that enable a not just connected, but fully-integrated and robust software supply chain security solution that meets the modern needs of a security-focused, EveryOps reality. Join us for an exclusive look at how this tectonic security shift reshapes what you thought you knew about application security and governance, helping you unlock new levels of confidence in every release.
12
11:20 AM
11:20 AM
Coffee Break
Foyer A
13
11:50 AM
11:50 AM
Ran Romano,
VP of P&E, JFrog
Securing AI and DevOps: Models, MCPs, and ShadowAI Under Control
Jeremy Krinitt,
Strategic Alliances, NVIDIA
Jeremy Krinitt leads key MLOps, DevOps and Security partnerships at NVIDIA. Jeremy has also driven NVIDIA's ecosystems in the areas of Visual Generative AI, Professional Broadcast, Video Conferencing, Virtual Production and Streaming. Jeremy has more than 25 years of experience in AI, video and 3D graphics technologies, much of it driving software and hardware product development and partnerships.
Securing AI and DevOps: Models, MCPs, and ShadowAI Under Control
Securing AI and DevOps: Models, MCPs, and ShadowAI Under Control
Grand Ballroom
As AI becomes an indispensable part of modern software applications, managing machine learning models with the same rigor as code and binaries is essential. Yet most organizations still treat models as ad-hoc assets: scattered, untracked, and inconsistently governed, creating potentially serious risks around security, compliance, and operational trust. Reminding us of yesterday’s OSS package gold rush, today’s ML/AI Models can originate from many sources: custom-built, open-source, and third-party APIs, each with different risks, ownership boundaries, and lifecycle considerations. In this session, we’ll explore these emerging challenges, and show how advancements in JFrog ML and platform technologies are helping solve them. By treating every type of model as a first-class software artifact, you’ll learn how to integrate model management into your existing DevSecOps pipeline, enable trust by providing visibility, traceability, and evidence-based policy enforcement, and bring the same governance and trust to AI that you already rely on for your software supply chain. It’s time to take back control of AI!
As AI becomes an indispensable part of modern software applications, managing machine learning models with the same rigor as code and binaries is essential. Yet most organizations still treat models as ad-hoc assets: scattered, untracked, and inconsistently governed, creating potentially serious risks around security, compliance, and operational trust. Reminding us of yesterday’s OSS package gold rush, today’s ML/AI Models can originate from many sources: custom-built, open-source, and third-party APIs, each with different risks, ownership boundaries, and lifecycle considerations. In this session, we’ll explore these emerging challenges, and show how advancements in JFrog ML and platform technologies are helping solve them. By treating every type of model as a first-class software artifact, you’ll learn how to integrate model management into your existing DevSecOps pipeline, enable trust by providing visibility, traceability, and evidence-based policy enforcement, and bring the same governance and trust to AI that you already rely on for your software supply chain. It’s time to take back control of AI!
14
12:30 PM
12:30 PM
Asaf Karas,
CTO, SVP Security, JFrog
Asaf Karas is the Chief Technology Officer for Security at JFrog, where he leads the vision and development of advanced DevSecOps solutions that secure the software supply chain from code to runtime. With over two decades of experience, including 14 years in Israel’s Defense Forces and as co-founder of embedded security startup VDOO, Asaf brings deep expertise in vulnerability research and real-world threat mitigation. At JFrog, he has spearheaded innovations like JFrog Runtime for cloud-native security and partnered with Hugging Face to secure open-source ML models. A recognized thought leader, Asaf is passionate about bridging DevOps and security through intelligent, scalable tools.
Frog-Proof Security: Control the Software Supply Chain (even npm!), Prompt Remediation: CVE Vaccines with GenAI
Frog-Proof Security: Control the Software Supply Chain (even npm!)
Grand Ballroom
In a world being built for humans and machines side-by-side, your attack surface is morphing daily. And with the recent (massive) Shai-Hulud npm attack still fresh in everyone’s mind, how can we all confidently approach Software Supply Chain security in 2026? With the types of software entering organizations ever-changing, and the volume ever-increasing, DevSecOps teams are facing new, and complex questions at macro and micro levels: How can teams effectively control and curate what enters systems? How will the rising use of GenAI coding tools impact our threat landscape and can DevOps and Security teams truly share ownership of this emerging reality without adding friction? While no one can fully predict the next attack vector, JFrog's leading-edge research and impactful real-world insights provide clarity. Join this session to gain critical foresight into the evolving software supply chain security challenges that will redefine how you operate. We will dissect recent, high-impact supply chain attacks to reveal malicious threats, and crucially equip you with practical, implementable solutions for mitigating both current and emerging risks.
In a world being built for humans and machines side-by-side, your attack surface is morphing daily. And with the recent (massive) Shai-Hulud npm attack still fresh in everyone’s mind, how can we all confidently approach Software Supply Chain security in 2026? With the types of software entering organizations ever-changing, and the volume ever-increasing, DevSecOps teams are facing new, and complex questions at macro and micro levels: How can teams effectively control and curate what enters systems? How will the rising use of GenAI coding tools impact our threat landscape and can DevOps and Security teams truly share ownership of this emerging reality without adding friction? While no one can fully predict the next attack vector, JFrog's leading-edge research and impactful real-world insights provide clarity. Join this session to gain critical foresight into the evolving software supply chain security challenges that will redefine how you operate. We will dissect recent, high-impact supply chain attacks to reveal malicious threats, and crucially equip you with practical, implementable solutions for mitigating both current and emerging risks.
15
1:00 PM
1:00 PM
Lunch
Foyer A
16
2:00 PM
2:00 PM
Yonatan Arbel
Developer Advocate, JFrog
a software developer with rich experience spanning over 12 years. For the past 7.5 years, I have been a valuable member of the JFrog team, a prominent tech company. Over the years, I progressed through the organization and eventually found my place within the Infrastructure group.
I have a genuine passion for technology, which has been a guiding force throughout my 12-year career. My work at JFrog has included significant contributions to the development of the JFrog Platform.
My journey is a testament to my dedication and the opportunities that the tech industry offers to those who are eager to learn and grow. As a speaker, I am excited to share my experiences and insights with others in the tech community.
The JFrog AI Journey: From ‘jf how’ to Secure Remote MCP
The JFrog AI Journey: From ‘jf how’ to Secure Remote MCP
Salon 16
Join Yonatan on a journey through JFrog’s AI evolution, from the humble beginnings of the ‘jf how’ CLI command, built to answer simple questions, to today’s powerful and secure remote MCP server. He’ll explore the milestones, challenges, and breakthroughs that brought AI deeper into JFrog’s products, from integrating with GitHub Copilot to enabling contextual ‘Ask AI’ features, and now delivering secure, real-time remote actions directly in your development environment. The session will conclude with a live demo of a full MCP remote installation. No worries, it only takes a few minutes, and you’ll be ready to go.
Join Yonatan on a journey through JFrog’s AI evolution, from the humble beginnings of the ‘jf how’ CLI command, built to answer simple questions, to today’s powerful and secure remote MCP server. He’ll explore the milestones, challenges, and breakthroughs that brought AI deeper into JFrog’s products, from integrating with GitHub Copilot to enabling contextual ‘Ask AI’ features, and now delivering secure, real-time remote actions directly in your development environment. The session will conclude with a live demo of a full MCP remote installation. No worries, it only takes a few minutes, and you’ll be ready to go.
17
2:00 PM
devops
2:00 PM
devops
Owen Delaney
Senior Chapter Lead, Admiral
Owen leads platform engineering teams at Admiral, driving DevOps transformation through automation, enablement, and a product mindset. He’s passionate about building scalable platforms that empower teams and deliver real impact.
From Fire to Flow: Scaling Platform Engineering with JFrog
From Fire to Flow: Scaling Platform Engineering with JFrog
Salon 17
What happens when your delivery platform starts to limit your growth? At Admiral, a critical inflection point led us to rethink how we build, secure, and ship software. In this session, I’ll share our journey from operational constraints to future-proofing by scaling our platform engineering with JFrog at the core. Discover how we overcame fragmented tooling and enabled cultural change by using Terraform to codify infrastructure and build golden paths, turning challenge into an opportunity for transformation that resulted in faster delivery, stronger security, and more empowered engineers
What happens when your delivery platform starts to limit your growth? At Admiral, a critical inflection point led us to rethink how we build, secure, and ship software. In this session, I’ll share our journey from operational constraints to future-proofing by scaling our platform engineering with JFrog at the core. Discover how we overcame fragmented tooling and enabled cultural change by using Terraform to codify infrastructure and build golden paths, turning challenge into an opportunity for transformation that resulted in faster delivery, stronger security, and more empowered engineers
18
2:50 PM
2:50 PM
Amos Haviv
Senior Engineering Manager, Booking.com
Amos Haviv is a seasoned engineering leader with nearly two decades of experience in successfully building and deploying medium to large-scale software applications. For the past decade, he has focused on establishing and leading development teams across diverse industries and environments. Amos is also the co-creator of MEAN, an open-source project, and author of two best-selling books on the subject. He is passionate about new technologies and committed to
Measuring Engineering Success - Metrics in the age of AI
Measuring Engineering Success - Metrics in the age of AI
Salon 16
A practical guide to measuring engineering success and barrier in the age of AI. In this presentation I will tell the story of Booking.com's journey in measuring our developer experience, productivity and barriers for executions. I will then talk about how this connected with the huge rise in AI usage for coding and our foundational work helped us measure the impact this had on our teams.
A practical guide to measuring engineering success and barrier in the age of AI. In this presentation I will tell the story of Booking.com's journey in measuring our developer experience, productivity and barriers for executions. I will then talk about how this connected with the huge rise in AI usage for coding and our foundational work helped us measure the impact this had on our teams.
19
2:50 PM
automation
2:50 PM
automation
Tiago Galvao Viegas
Lead Developer, Senior Key Engineer, Siemens
Tiago is a Senior Key Engineer on Siemens AG, focusing on DevOps and Software Development.
He started as a Full-stack developer in a Portuguese healthcare company. He then joined Siemens in 2020 also as a Fullstack developer. He moved responsibilities inside Siemens, becoming a Team Lead and then more recently recognized as a Senior Key Engineer.
Binary Management Platform - Gaining Vision with Open Telemetry and Grafana
Alex Stoy
IT Product Owner, Siemens AG
Alex is the product owner at their IT department for the Siemens Binary Management Platform Service, He started as a working student in 2014 for Siemens where he gathered a lot of knowledge regarding build and development for the Siemens products. Here first he supported the incident management and got later to the position of a build/server administrator. Later on in 2016 he joined the company as a regular employee and proceeded on smaller projects where he developed his knowledge about build processes and pipelines. But also did some migration topics where he got a deep dive into the processes of the business. In 2017 he started to work with Artifactory. After they have successfully tested a PoC, decided to set Artifactory on a productive environment up. In his role of solution architect he was responsible for the whole infrastructure set up and all dependencies regarding the needs of the business. The Artifactory service has been set up, has been gone live and the service was born in April 2018. In May 2018, he left the Artifactory team and started working on Software Clearing topics as solution manager, server administrator, service desk and solution architect all in one person. After a while he became a project manager for the software clearing projects to improve the current service… Until he gained the role of Service Owner for the Artifactory service!
Binary Management Platform - Gaining Vision with Open Telemetry and Grafana
Jonathan Beller
Siemens AG, Solution Architect
I have studied computer science and business informatics at the Karlsruhe Institute of Technology.
I started working at Siemens as working student in 2016 and supported the newly set up Polarion service with scripting and development of extensions, integrating various IT systems. Since October 2021, I am the solution expert of the Binary Management Platform service that offers an array of Artifactory instances to Siemens-internal customers.
Binary Management Platform - Gaining Vision with Open Telemetry and Grafana
Binary Management Platform - Gaining Vision with Open Telemetry and Grafana
Salon 17
In this session, we'll share how we at Siemens migrated our monitoring from a paid proprietary service to a self-managed, cost-effective solution using Open Telemetry and Grafana. Join us as we demonstrate how we gained additional monitoring capabilities that allowed us to eliminate resource consumption and misconfiguration blind spots across our worldwide JFrog Platform landscape. We will walk you through the practical strategies we implemented to achieve comprehensive visibility and enhance our monitoring.
In this session, we'll share how we at Siemens migrated our monitoring from a paid proprietary service to a self-managed, cost-effective solution using Open Telemetry and Grafana. Join us as we demonstrate how we gained additional monitoring capabilities that allowed us to eliminate resource consumption and misconfiguration blind spots across our worldwide JFrog Platform landscape. We will walk you through the practical strategies we implemented to achieve comprehensive visibility and enhance our monitoring.
20
3:35 PM
3:35 PM
Coffee Break
Foyer A
21
4:05 PM
automation
4:05 PM
automation
David Turner
Engineering Lead, Nationwide
David is an Engineering Lead in the CICD Platform team at Nationwide Building Society, where he has worked since 2020, his previous roles including Engineering Lead in the Public Cloud Toolchain team at JP Morgan and Engineering Lead in the CitiDeveloper team at Citibank. Prior to that he worked as a Senior Software Development Consultant at Avanade. With a strong background in software development and a passion for innovation, David has successfully led various high-profile projects and continues to drive technological advancements in his current role.
Implementing a Multi-Cloud Toolchain with Artifactory at Scale
Implementing a Multi-Cloud Toolchain with Artifactory at Scale
Salon 16
Deploying the JFrog Platform across multiple clouds in a regulated financial services environment requires navigating significant compliance, migration, and adoption challenges. This session shares the lessons learned from our journey, covering how we met stringent security controls with infrastructure as code and solved multi-cloud challenges by federating self-hosted and SaaS Artifactory instances. We will detail our technical recipe for building vulnerability-free base images by combining GitHub Actions, Artifactory, Xray, RedHat UBI, Docker BuildX Bake, and Dependabot to harden the software supply chain without disrupting production.
Deploying the JFrog Platform across multiple clouds in a regulated financial services environment requires navigating significant compliance, migration, and adoption challenges. This session shares the lessons learned from our journey, covering how we met stringent security controls with infrastructure as code and solved multi-cloud challenges by federating self-hosted and SaaS Artifactory instances. We will detail our technical recipe for building vulnerability-free base images by combining GitHub Actions, Artifactory, Xray, RedHat UBI, Docker BuildX Bake, and Dependabot to harden the software supply chain without disrupting production.
22
4:05 PM
4:05 PM
Ronny Belenitsky
Director of Product, DevOps Core Product, JFrog
Master JFrog AppTrust for SSC Governance & Trust, From Code to Binaries: Trust your Software with JFrog and Sonar
Johannes Dahse,
VP Code Security, Sonar
Johannes leads the product strategy and innovation for SonarQube’s security analysis. He joined Sonar in 2020 following the acquisition of his startup, RIPS Technologies, whose pioneering SAST product originated from his PhD research in static taint analysis. With over 15 years of experience, his passion for automating the detection of security vulnerabilities began while competing in capture-the-flag hacking contests and working as a penetration tester.
Control. Shift. Deliver. Take Command of your Software Supply Chain, From Code to Binaries: Trust your Software with JFrog and Sonar
From Code to Binaries: Trust your Software with JFrog and Sonar
Salon 17
23
4:50 PM
devops
4:50 PM
devops
Erik Willems
Domain specialist Innovation and Digital IT, Philips
Erik Willems is a seasoned software engineer and DevOps specialist at Philips, with extensive experience in Software Configuration Management, Artifact management and Application Management. He has been instrumental in designing, implementing, and optimizing Philips’ Artifactory setup. Erik is passionate about sharing practical insights, best practices, and lessons learned from real-world implementations to empower others in the DevOps and software engineering community.
Managing Artifactory at Scale: Philips’ Multi-Server Strategy in a Regulated Industry
Managing Artifactory at Scale: Philips’ Multi-Server Strategy in a Regulated Industry
Salon 16
Managing software artifacts at a global scale is no small feat, especially in a regulated industry. In this session, we’ll explore how Philips has designed and operates a diverse Artifactory infrastructure to support teams worldwide. We’ll cover the challenges of scaling in a complex, highly regulated environment, the good and bad practices we’ve encountered, and the strategies we use to balance compliance, efficiency, and developer productivity. Attendees will leave with practical insights they can apply to their own setups, whether supporting a single team or a global enterprise.
Managing software artifacts at a global scale is no small feat, especially in a regulated industry. In this session, we’ll explore how Philips has designed and operates a diverse Artifactory infrastructure to support teams worldwide. We’ll cover the challenges of scaling in a complex, highly regulated environment, the good and bad practices we’ve encountered, and the strategies we use to balance compliance, efficiency, and developer productivity. Attendees will leave with practical insights they can apply to their own setups, whether supporting a single team or a global enterprise.
24
4:50 PM
4:50 PM
Petro Flomin,
Director of Solution Engineering, JFrog
Empower Your Organization with Smarter Retention Policies
Empower Your Organization with Smarter Retention Policies
Salon 17
Learn how JFrog’s Retention Policies — Cleanup and Archival — help optimize storage, reduce costs, and ensure compliance without compromising developer productivity. This session will cover best practices for managing dev and production artifacts, automating cleanup and archival, and aligning storage strategies with business goals. Walk away with actionable insights to implement smarter, more efficient retention policies.
Learn how JFrog’s Retention Policies — Cleanup and Archival — help optimize storage, reduce costs, and ensure compliance without compromising developer productivity. This session will cover best practices for managing dev and production artifacts, automating cleanup and archival, and aligning storage strategies with business goals. Walk away with actionable insights to implement smarter, more efficient retention policies.
25
7:30 PM
7:30 PM
Gala Dinner
Grand Ballroom
Prepare to be amazed by the mind-blowing show of Lior Suchard at the swampUP Gala Dinner. This is your prime opportunity to cap off a day of groundbreaking insights and expand your network within the community of engineers, DevOps pros, and security leaders driving the quantum shift in software.
Prepare to be amazed by the mind-blowing show of Lior Suchard at the swampUP Gala Dinner. This is your prime opportunity to cap off a day of groundbreaking insights and expand your network within the community of engineers, DevOps pros, and security leaders driving the quantum shift in software.
26
9:30 PM
9:30 PM
Post Gala Open Bar
Foyer A
27
8:00 AM
8:00 AM
Registration & Breakfast
Foyer A
28
9:00 AM
9:00 AM
Jens Eckels
VP of Product Marketing
Keynote Opening
Keynote Opening
Grand Ballroom
Kickstart your day with visionary Keynotes from industry leaders. Gain critical insights into creating trusted software, from reliable ML evaluation systems to secure build attestations, and learn how to navigate the quantum shift in software delivery by establishing end-to-end provenance.
Kickstart your day with visionary Keynotes from industry leaders. Gain critical insights into creating trusted software, from reliable ML evaluation systems to secure build attestations, and learn how to navigate the quantum shift in software delivery by establishing end-to-end provenance.
29
9:15 AM
9:15 AM
Asaf Karas,
CTO, SVP Security, JFrog
Asaf Karas is the Chief Technology Officer for Security at JFrog, where he leads the vision and development of advanced DevSecOps solutions that secure the software supply chain from code to runtime. With over two decades of experience, including 14 years in Israel’s Defense Forces and as co-founder of embedded security startup VDOO, Asaf brings deep expertise in vulnerability research and real-world threat mitigation. At JFrog, he has spearheaded innovations like JFrog Runtime for cloud-native security and partnered with Hugging Face to secure open-source ML models. A recognized thought leader, Asaf is passionate about bridging DevOps and security through intelligent, scalable tools.
Frog-Proof Security: Control the Software Supply Chain (even npm!), Prompt Remediation: CVE Vaccines with GenAI
Prompt Remediation: CVE Vaccines with GenAI
Grand Ballroom
With pressure mounting on teams to meet shorter SLA times to remediate, and with the huge spike in CVEs and zero-day vulnerabilities, how can remediation be accelerated, both accurately and functionally? How do we do that when significant portions of our codebase are increasingly generated by AI with low visibility? It is clear we need - as an industry - to focus on what truly matters: the vulnerabilities that attackers will attack. These critical, exploitable binaries that are running in production are the indisputable spearhead for attackers. It is also clear that we must leverage new capabilities to match the speed and expanding surfaces of an AI-driven reality. Join this session to see real-world examples of immediate, agentic remediation with GenAI coding assistants - guided by JFrog Security Research data - that fix and even immunize software from OSS vulnerabilities no matter where they live.
With pressure mounting on teams to meet shorter SLA times to remediate, and with the huge spike in CVEs and zero-day vulnerabilities, how can remediation be accelerated, both accurately and functionally? How do we do that when significant portions of our codebase are increasingly generated by AI with low visibility? It is clear we need - as an industry - to focus on what truly matters: the vulnerabilities that attackers will attack. These critical, exploitable binaries that are running in production are the indisputable spearhead for attackers. It is also clear that we must leverage new capabilities to match the speed and expanding surfaces of an AI-driven reality. Join this session to see real-world examples of immediate, agentic remediation with GenAI coding assistants - guided by JFrog Security Research data - that fix and even immunize software from OSS vulnerabilities no matter where they live.
30
9:45 AM
9:45 AM
Demetrios Brinkmann,
Founder, MLOps Community
Demetrios founded the largest community dealing with productionizing AI and ML models. In April 2020 he fell into leading the MLOps community (more than 75k ML practitioners come together to learn and share experiences) which aims to bring clarity around the operational side of Machine Learning. Since diving into the nitty gritty of Machine Learning he has felt a strong calling to explore the ethical issues surrounding the new tech he covers. In his free time he can be found building stone stackings in the woods with his daughters
Ensuring Reliable Evaluation Systems for Your ML
Ensuring Reliable Evaluation Systems for Your ML
Grand Ballroom
Standard benchmarks often fall short and can be misleading. Leaderboards can erode trust in model claims, as they rarely address specific, real-world needs. In this talk, Demetrios Brinkmann will detail how MLOps engineers and developers can build and continuously update their own evaluation systems to create a strong competitive advantage. He’ll cover how to build a reliable “golden dataset,” optimize data collection, labeling, and utilize the right tools to ensure evaluations truly reflect their intended use case.
Standard benchmarks often fall short and can be misleading. Leaderboards can erode trust in model claims, as they rarely address specific, real-world needs. In this talk, Demetrios Brinkmann will detail how MLOps engineers and developers can build and continuously update their own evaluation systems to create a strong competitive advantage. He’ll cover how to build a reliable “golden dataset,” optimize data collection, labeling, and utilize the right tools to ensure evaluations truly reflect their intended use case.
31
10:25 AM
10:25 AM
Gal Marder,
CSO - Chief Strategy Officer, JFrog
Gal Marder is the Chief Strategy Officer at JFrog, bringing over 20 years of leadership in tech and DevOps. Before joining JFrog in 2018 via the acquisition of Trainologic, where he was co-founder and CEO. Marder played a critical role in scaling JFrog’s solutions engineering and professional services teams, initially as VP of DevOps Acceleration. In his current role, he leads the company’s strategic direction, including exploring new market opportunities, cultivating partnerships, and pursuing M&A initiatives. His early career started as a software developer in the Israel Defense Forces, where his passion for unlocking efficiency in software development began.
The State of Tech: When Users Aren’t Human
Mike Donavan,
VP Product, Docker
Mike Donovan is VP of Product at Docker, the leading platform designed to help developers build, share, and run container applications. After spending 15+ years as a Software Engineer in multiple industries, he transitioned into the role of Product Management. Before joining Docker as VP of Product, Mike was SVP of Product at Sauce Labs. His focus as a Product Leader has been on improving the lives of developers and continues that journey at Docker.
The State of Tech: When Users Aren’t Human
The State of Tech: When Users Aren’t Human
Grand Ballroom
AI may be a quantum shift for developers, but it isn’t just about generating more code. Agents and AI-driven technologies like MCP servers are fundamentally changing how platforms connect, collaborate, and integrate across the Software Supply Chain. This new era of “open” demands new approaches for all companies to building products, services, architectures - and most importantly how we build trust in our software and processes across the enterprise as mission-critical, foundational technologies. In this panel discussion, we’ll explore how AI is transforming integrations and partnerships, why being open to all types of users matters more than ever, and what it means for the future of the tools and frameworks you already use. The AI revolution in software delivery is here, and the entire ecosystem is collaborating to keep your organization safe, compliant, and ready for the next generation of delivery.
AI may be a quantum shift for developers, but it isn’t just about generating more code. Agents and AI-driven technologies like MCP servers are fundamentally changing how platforms connect, collaborate, and integrate across the Software Supply Chain. This new era of “open” demands new approaches for all companies to building products, services, architectures - and most importantly how we build trust in our software and processes across the enterprise as mission-critical, foundational technologies. In this panel discussion, we’ll explore how AI is transforming integrations and partnerships, why being open to all types of users matters more than ever, and what it means for the future of the tools and frameworks you already use. The AI revolution in software delivery is here, and the entire ecosystem is collaborating to keep your organization safe, compliant, and ready for the next generation of delivery.
32
10:55 AM
10:55 AM
Coffee Break
Foyer A
33
11:25 AM
automation
11:25 AM
automation
Supun Vidana Pathiranage
DevSecOps Specialist, Adyen
Supun Madhushanka is a DevSecOps Specialist at Adyen, where he helps secure large-scale CI/CD pipelines and cloud-native environments. With hands-on experience integrating security tools and automation in fast-paced delivery teams, Supun specializes in shift-left security and supply chain compliance. He is passionate about enabling development teams to deliver software securely and efficiently, and is recognized for practical solutions that bridge DevOps and cybersecurity.
Taming the Monolith: Unifying Vulnerability Scanning at Adyen with JFrog
Taming the Monolith: Unifying Vulnerability Scanning at Adyen with JFrog
Grand Ballroom
At Adyen, our core platform is a massive, multi-language monolith—an intricate ecosystem of interconnected modules written in Java, TypeScript, and Python. While this architecture accelerates development, it presented a monumental security challenge: our complex, custom build mechanism made it nearly impossible to effectively identify and track dependencies. This created a critical visibility gap, preventing us from leveraging the full power of the JFrog Platform for vulnerability scanning.
In this session, I will showcase the innovative strategy we engineered to overcome this hurdle. You'll learn how we decoupled dependency resolution from the core build process by creating a system to independently identify dependencies for each language. I'll then demonstrate the custom tooling we built to aggregate this data, publish it as comprehensive build-info to JFrog Artifactory, and finally unlock deep, accurate scanning with JFrog Xray.
Finally, I'll walk you through how we integrated this entire workflow into our development lifecycle. See how we now automatically scan every merge request for new vulnerabilities in both new and existing packages, empowering our developers to shift-left and stop threats before they ever reach our production environment.
Key Takeaways for Attendees:
- Strategies for tackling dependency management in complex, multi-language monorepos.
- A practical blueprint for integrating custom build systems with JFrog Artifactory and Xray.
- Actionable techniques for implementing automated security scans on merge requests to provide developers with immediate feedback.
At Adyen, our core platform is a massive, multi-language monolith—an intricate ecosystem of interconnected modules written in Java, TypeScript, and Python. While this architecture accelerates development, it presented a monumental security challenge: our complex, custom build mechanism made it nearly impossible to effectively identify and track dependencies. This created a critical visibility gap, preventing us from leveraging the full power of the JFrog Platform for vulnerability scanning.
In this session, I will showcase the innovative strategy we engineered to overcome this hurdle. You'll learn how we decoupled dependency resolution from the core build process by creating a system to independently identify dependencies for each language. I'll then demonstrate the custom tooling we built to aggregate this data, publish it as comprehensive build-info to JFrog Artifactory, and finally unlock deep, accurate scanning with JFrog Xray.
Finally, I'll walk you through how we integrated this entire workflow into our development lifecycle. See how we now automatically scan every merge request for new vulnerabilities in both new and existing packages, empowering our developers to shift-left and stop threats before they ever reach our production environment.
Key Takeaways for Attendees:
- Strategies for tackling dependency management in complex, multi-language monorepos.
- A practical blueprint for integrating custom build systems with JFrog Artifactory and Xray.
- Actionable techniques for implementing automated security scans on merge requests to provide developers with immediate feedback.
34
12:05 PM
12:05 PM
Eyal Cohen,
SVP, Platform Engineering, JFrog
Just Ask Customer Zero: How JFrog is Adopting JFrog
Just Ask Customer Zero: How JFrog is Adopting JFrog
Grand Ballroom
Do you “eat your own dog food?” This is a question all of us ask our vendors to see if the quality of a solution is up to par. Like your companies, we ask ourselves this question of our software supply chain solutions - in this case the JFrog Platform! What is it like to adopt and implement the JFrog Platform? How do we onboard new solutions for our own development teams? Join us to find lessons learned as “Customer 0” and to learn the rigorous process JFrog solutions have to endure to finally reach your desktop.
Do you “eat your own dog food?” This is a question all of us ask our vendors to see if the quality of a solution is up to par. Like your companies, we ask ourselves this question of our software supply chain solutions - in this case the JFrog Platform! What is it like to adopt and implement the JFrog Platform? How do we onboard new solutions for our own development teams? Join us to find lessons learned as “Customer 0” and to learn the rigorous process JFrog solutions have to endure to finally reach your desktop.
35
12:35 PM
cloud
12:35 PM
cloud
Mark-Kevin Walda
IT Product Owner & Project Manager, IAV GmbH
05/2019-04/2021: Process Engineer
from 04/2021- today: IT Product Owner
-responsibility for the application portfolio in the areas data management, data science, iot and software development
from 07/2023 - today: IT Project Manager
- it project management for projects in the area data management, data science, iot and software development.
Empowering Efficiency: A Scalable DevSecOps Journey with IAV
Empowering Efficiency: A Scalable DevSecOps Journey with IAV
Grand Ballroom
Join IAV on a transformative journey from a decentralized ecosystem to a centralized powerhouse of DevSecOps excellence. This session will showcase IAV's innovative building block approach to handling diverse tasks in the software development process, with a focus on scalability and security.
Discover how IAV transitioned to a centralized model using the JFrog Platform and standardized GitLab Pipelines, providing a comprehensive overview of open-source artifacts and enhancing developer efficiency. Learn how companies, even those unable to centrally manage policies, can centralize key aspects of software development to streamline processes and boost productivity.
Through technical examples and practical insights, this session will demonstrate the power of DevSecOps building blocks, offering a blueprint for success in modern software development. Explore how IAV's scalable solutions can empower your organization to achieve DevSecOps excellence.
Join IAV on a transformative journey from a decentralized ecosystem to a centralized powerhouse of DevSecOps excellence. This session will showcase IAV's innovative building block approach to handling diverse tasks in the software development process, with a focus on scalability and security.
Discover how IAV transitioned to a centralized model using the JFrog Platform and standardized GitLab Pipelines, providing a comprehensive overview of open-source artifacts and enhancing developer efficiency. Learn how companies, even those unable to centrally manage policies, can centralize key aspects of software development to streamline processes and boost productivity.
Through technical examples and practical insights, this session will demonstrate the power of DevSecOps building blocks, offering a blueprint for success in modern software development. Explore how IAV's scalable solutions can empower your organization to achieve DevSecOps excellence.
36
1:15 PM
1:15 PM
Lunch
Restaurant Le Market
