AGENDA
The Annual DevOps, DevSecOps, MLOps User Conference
Plan your schedule for swampUP 2025 and reserve your spot before sessions reach capacity!
September 8-10, 2025
Day 1
September 9th
Day 2
September 10th
0
7:30 AM
7:30 AM
Registration
Vintner's Dining Room
1
8:30 AM
8:30 AM
Ronny Belenitsky
Director of Product
Ronny is a Product Director at JFrog, where he leads strategic initiatives across DevSecOps and SDLC innovation. With a strong background in cloud-native technologies and application lifecycle management, Ronny plays a key role in shaping products that empower enterprise engineering teams to build and release software more quickly and securely.
Prior to JFrog, Ronny was the VP of Product at Titan, where he scaled product organizations, launched market-leading solutions, and drove enterprise adoption globally. He brings over 15 years of experience in building impactful software products, combining technical depth with strategic vision.
Secure & Streamline Your Software Supply Chain with JFrog, Strengthening SDLC Integrity, Step by Step
Secure & Streamline Your Software Supply Chain with JFrog
Salon A
Effective Release Lifecycle Management is key to ensuring secure, traceable, and efficient software delivery. Join us for this workshop with hand-on practice to learn how JFrog’s platform can help you automate workflows, improve collaboration, and ensure security and compliance throughout your software supply chain.
Key Skills you can Expect to Learn:
• Tracking and managing software artifacts throughout the lifecycle
• Automating release processes with CI/CD pipeline integration
• Implementing immutable releases and ensuring security compliance
• Enhancing team collaboration for smoother software delivery
• Exclusive Preview of JFrog’s upcoming product features
Who Should Attend?
• DevOps & Software Engineers
• Release Managers & QA Professionals
• Security Engineers & CISOs
• Technology Leaders (CTOs, CIOs)
Don’t miss out on transforming your software delivery process.
Sign up today!
Effective Release Lifecycle Management is key to ensuring secure, traceable, and efficient software delivery. Join us for this workshop with hand-on practice to learn how JFrog’s platform can help you automate workflows, improve collaboration, and ensure security and compliance throughout your software supply chain.
Key Skills you can Expect to Learn:
• Tracking and managing software artifacts throughout the lifecycle
• Automating release processes with CI/CD pipeline integration
• Implementing immutable releases and ensuring security compliance
• Enhancing team collaboration for smoother software delivery
• Exclusive Preview of JFrog’s upcoming product features
Who Should Attend?
• DevOps & Software Engineers
• Release Managers & QA Professionals
• Security Engineers & CISOs
• Technology Leaders (CTOs, CIOs)
Don’t miss out on transforming your software delivery process.
Sign up today!
2
8:30 AM
8:30 AM
From Code to Runtime: Protecting Your Software Supply Chain
Salon B
Managing your software supply chain from code inception to runtime deployment is crucial for security, compliance, and efficiency. This workshop will guide you through best practices to serve as the gatekeeper of your supply chain, embedding security, automating processes, and ensuring compliance throughout the SDLC.
Key Skills Learned:
• Understand the essentials of securing your software supply chain.
• Identify and mitigate common risks and vulnerabilities in the supply chain.
• Integrate security practices throughout your SDLC (e.g., code review, dependency management, artifact scanning).
• Leverage JFrog tools like Xray and JFrog Advanced Security for secure artifact management.
• Automate security and compliance checks, and streamline deployment.
• Implement real-time monitoring and incident response strategies.
Who Should Attend?
• Software Developers and Engineers
• DevOps Professionals
• Security Engineers
• Project Managers & Team Leaders
Take control of your software supply chain - secure, streamline, and safeguard the journey from code to runtime.
Managing your software supply chain from code inception to runtime deployment is crucial for security, compliance, and efficiency. This workshop will guide you through best practices to serve as the gatekeeper of your supply chain, embedding security, automating processes, and ensuring compliance throughout the SDLC.
Key Skills Learned:
• Understand the essentials of securing your software supply chain.
• Identify and mitigate common risks and vulnerabilities in the supply chain.
• Integrate security practices throughout your SDLC (e.g., code review, dependency management, artifact scanning).
• Leverage JFrog tools like Xray and JFrog Advanced Security for secure artifact management.
• Automate security and compliance checks, and streamline deployment.
• Implement real-time monitoring and incident response strategies.
Who Should Attend?
• Software Developers and Engineers
• DevOps Professionals
• Security Engineers
• Project Managers & Team Leaders
Take control of your software supply chain - secure, streamline, and safeguard the journey from code to runtime.
3
8:30 AM
8:30 AM
JFrog Artifactory Foundations: Optimize & Secure Your Software Pipeline
Salon K
Development teams struggle with securing artifacts, automating complex workflows, and maintaining compliance across various stages of the software development lifecycle (SDLC). This workshop addresses those challenges by showing you how to effectively use JFrog tools - Artifactory and Xray - to streamline and secure your SSC, making it easier to automate processes, identify vulnerabilities, and integrate security from start to finish.
Key Skills Learned:
• Use JFrog tools to manage, secure, and automate your software supply chain.
• Set up and manage repositories and automate CI/CD pipelines efficiently.
• Implement security best practices across your software lifecycle.
Who Should Attend?
• DevOps Engineers looking to integrate security into their workflows.
• Security Engineers focused on strengthening their software supply chain.
• Software Engineers interested in automating and securing their delivery pipelines.
Join us to improve your DevSecOps practices and secure your software supply chain from start to finish.
Development teams struggle with securing artifacts, automating complex workflows, and maintaining compliance across various stages of the software development lifecycle (SDLC). This workshop addresses those challenges by showing you how to effectively use JFrog tools - Artifactory and Xray - to streamline and secure your SSC, making it easier to automate processes, identify vulnerabilities, and integrate security from start to finish.
Key Skills Learned:
• Use JFrog tools to manage, secure, and automate your software supply chain.
• Set up and manage repositories and automate CI/CD pipelines efficiently.
• Implement security best practices across your software lifecycle.
Who Should Attend?
• DevOps Engineers looking to integrate security into their workflows.
• Security Engineers focused on strengthening their software supply chain.
• Software Engineers interested in automating and securing their delivery pipelines.
Join us to improve your DevSecOps practices and secure your software supply chain from start to finish.
4
8:30 AM
8:30 AM
Mastering Scalable Architectures for Global Enterprises with JFrog
Salon J
As enterprises scale their operations globally, creating architectures that are resilient, available, and adaptable to hybrid and multi-cloud environments becomes critical. This workshop dives into designing scalable, enterprise-level SDLC architectures, leveraging JFrog tools to meet the complex needs of modern digital ecosystems. You’ll gain hands-on experience in addressing performance, redundancy, and global collaboration challenges while ensuring operational efficiency.
Key Skills Learned:
• Articulate the key components and benefits of an enterprise-scale architecture for your organization.
• Implement scalable solutions that enhance reliability and resilience across multi-cloud environments.
• Select and design deployment topologies that meet enterprise-specific requirements.
• Anticipate and address potential operational, security, and compliance challenges.
• Create a blueprint that supports operational continuity and global collaboration.
Who Should Attend:
• DevOps and IT Architects.
• Principal and Senior Engineers.
• Systems Administrators.
• Network Engineers.
• IT Decision-Makers.
Start architecting for the future of enterprise-scale success!
As enterprises scale their operations globally, creating architectures that are resilient, available, and adaptable to hybrid and multi-cloud environments becomes critical. This workshop dives into designing scalable, enterprise-level SDLC architectures, leveraging JFrog tools to meet the complex needs of modern digital ecosystems. You’ll gain hands-on experience in addressing performance, redundancy, and global collaboration challenges while ensuring operational efficiency.
Key Skills Learned:
• Articulate the key components and benefits of an enterprise-scale architecture for your organization.
• Implement scalable solutions that enhance reliability and resilience across multi-cloud environments.
• Select and design deployment topologies that meet enterprise-specific requirements.
• Anticipate and address potential operational, security, and compliance challenges.
• Create a blueprint that supports operational continuity and global collaboration.
Who Should Attend:
• DevOps and IT Architects.
• Principal and Senior Engineers.
• Systems Administrators.
• Network Engineers.
• IT Decision-Makers.
Start architecting for the future of enterprise-scale success!
5
8:30 AM
8:30 AM
GitHub Actions for JFrog: Streamlining Workflows and Enhancing Security
Salon H
This workshop provides a comprehensive exploration of integrating the Jfrog Platform with GitHub to optimize your software development lifecycle. Through hands-on exercises, participants will learn how to leverage GitHub Actions to automate workflows and connect them seamlessly with JFrog for efficient artifact management, CI/CD, and security. The session will cover essential practices for secure authentication, build information management, and vulnerability scanning, demonstrating how these integrations streamline development processes and enhance collaboration.
Key Skills Learned:
- OIDC Authentication: understand and implement OpenID Connect (OIDC) for secure authentication between GitHub and JFrog.
- GitHub Actions Automation: learn to automate CI/CD workflows using GitHub Actions and integrate them with the JFrog platform.
- JFrog Advanced Security Integration: discover how to integrate JFrog Advanced Security with GitHub Advanced Security for comprehensive vulnerability scanning and remediation.
- Source Code Scanning: bulk Installation across multiple repositories.
Who Should Attend:
- Software Developers & Engineers
- DevOps Professionals
- Security Engineers
- Team Leaders & Project Managers
Enhance your software development process by integrating JFrog and GitHub to automate workflows, improve security, and streamline artifact management.
This workshop provides a comprehensive exploration of integrating the Jfrog Platform with GitHub to optimize your software development lifecycle. Through hands-on exercises, participants will learn how to leverage GitHub Actions to automate workflows and connect them seamlessly with JFrog for efficient artifact management, CI/CD, and security. The session will cover essential practices for secure authentication, build information management, and vulnerability scanning, demonstrating how these integrations streamline development processes and enhance collaboration.
Key Skills Learned:
- OIDC Authentication: understand and implement OpenID Connect (OIDC) for secure authentication between GitHub and JFrog.
- GitHub Actions Automation: learn to automate CI/CD workflows using GitHub Actions and integrate them with the JFrog platform.
- JFrog Advanced Security Integration: discover how to integrate JFrog Advanced Security with GitHub Advanced Security for comprehensive vulnerability scanning and remediation.
- Source Code Scanning: bulk Installation across multiple repositories.
Who Should Attend:
- Software Developers & Engineers
- DevOps Professionals
- Security Engineers
- Team Leaders & Project Managers
Enhance your software development process by integrating JFrog and GitHub to automate workflows, improve security, and streamline artifact management.
6
12:00 PM
12:00 PM
Training Day Lunch
Vintner's Dining Room
7
1:00 PM
1:00 PM
Foundations of DevSecOps: Avoiding Software Supply Chain Attacks
Salon K
With software supply chain attacks on the rise, security risks have never been more critical. This hands-on workshop focuses on JFrog’s security tools - from shift left to shift right - and how to integrate them into your DevSecOps strategy. We’ll explore how to secure your software supply chain, reduce vulnerabilities, and automate key workflows, ensuring your artifacts and dependencies are safe throughout the development lifecycle.
Key Skills Learned:
• Understand how JFrog tools from Curation to Xray and Advanced security can accelerate your DevSecOps goals.
• Use JFrog security scan capabilities and Developer-Focused Security.
• Gain hands-on experience in configuring repositories, scanning for vulnerabilities, and automating delivery pipelines.
• Implement best practices to secure your software supply chain, reducing the risk of vulnerabilities and improving compliance.
• How to shift security left by embedding security measures early in your SDLC.
Who Should Attend:
• Engineers working across SDLC phases - Development, Automation, DevOps, and SRE.
• Security Engineers focused on securing the software supply chain with the JFrog platform.
Join us to deepen your DevSecOps knowledge and enhance your organization’s security posture with JFrog’s trusted tools.
Sign Up Today!
With software supply chain attacks on the rise, security risks have never been more critical. This hands-on workshop focuses on JFrog’s security tools - from shift left to shift right - and how to integrate them into your DevSecOps strategy. We’ll explore how to secure your software supply chain, reduce vulnerabilities, and automate key workflows, ensuring your artifacts and dependencies are safe throughout the development lifecycle.
Key Skills Learned:
• Understand how JFrog tools from Curation to Xray and Advanced security can accelerate your DevSecOps goals.
• Use JFrog security scan capabilities and Developer-Focused Security.
• Gain hands-on experience in configuring repositories, scanning for vulnerabilities, and automating delivery pipelines.
• Implement best practices to secure your software supply chain, reducing the risk of vulnerabilities and improving compliance.
• How to shift security left by embedding security measures early in your SDLC.
Who Should Attend:
• Engineers working across SDLC phases - Development, Automation, DevOps, and SRE.
• Security Engineers focused on securing the software supply chain with the JFrog platform.
Join us to deepen your DevSecOps knowledge and enhance your organization’s security posture with JFrog’s trusted tools.
Sign Up Today!
8
1:00 PM
1:00 PM
Pavel Klushin
Senior Manager, Solution Engineering
Pavel Klushin is an ML expert with over ten years of expertise in cloud engineering. His work focuses on integrating AI with cloud infrastructures, enhancing performance and driving innovation across various industries.
MLOps in Action: From Experimentation to Production, Delivering AI You Can Trust
MLOps in Action: From Experimentation to Production
Salon J
Integrating machine learning with DevOps practices is essential for organizations to stay competitive. This hands-on workshop will introduce you to JFrog ML and its capabilities, empowering data scientists and DevOps teams to seamlessly manage the end-to-end machine learning lifecycle. Learn to securely build, deploy, and maintain machine learning models with JFrog’s powerful platform, while enhancing collaboration between data scientists and DevOps teams.
Key Skills Learned:
• Seamlessly manage the full ML lifecycle, from experimentation to production, on a single platform.
• Track, compare, and version model experiments for optimized decision-making.
• Leverage JFrog Advanced Security features to scan models for vulnerabilities and ensure compliance.
• Automate training, validation, and deployment processes for faster, more reliable ML results.
• Collaborate effectively between data science and DevOps teams to accelerate model development and deployment.
Who Should Attend:
• Data Scientists.
• DevOps Engineers.
• IT Professionals & Project Managers.
Don’t miss the chance to take your machine learning deployments to the next level. JFrog ML can transform your MLOps processes for greater speed, security, and efficiency.
Integrating machine learning with DevOps practices is essential for organizations to stay competitive. This hands-on workshop will introduce you to JFrog ML and its capabilities, empowering data scientists and DevOps teams to seamlessly manage the end-to-end machine learning lifecycle. Learn to securely build, deploy, and maintain machine learning models with JFrog’s powerful platform, while enhancing collaboration between data scientists and DevOps teams.
Key Skills Learned:
• Seamlessly manage the full ML lifecycle, from experimentation to production, on a single platform.
• Track, compare, and version model experiments for optimized decision-making.
• Leverage JFrog Advanced Security features to scan models for vulnerabilities and ensure compliance.
• Automate training, validation, and deployment processes for faster, more reliable ML results.
• Collaborate effectively between data science and DevOps teams to accelerate model development and deployment.
Who Should Attend:
• Data Scientists.
• DevOps Engineers.
• IT Professionals & Project Managers.
Don’t miss the chance to take your machine learning deployments to the next level. JFrog ML can transform your MLOps processes for greater speed, security, and efficiency.
9
1:00 PM
1:00 PM
Compliant SDLC Without Compromise: Navigating Regulations & Beyond with JFrog
Salon H
Maintaining compliance is no longer optional — it’s essential. This workshop guides you through the complexities of compliance regulations while ensuring the security and integrity of your software supply chain. Attendees will explore how JFrog tools, including JFrog Artifactory and JFrog Xray, enable organizations to not only meet regulatory requirements but also establish a culture of compliance excellence. Through hands-on experience, you’ll learn best practices for implementing compliance frameworks within your DevSecOps processes, automate compliance checks, and ensure rigorous security standards are met across the SDLC.
Key Skills Learned:
• Understand the key compliance requirements relevant to software development and deployment, including: NIST, SLSA, DORA, SOX and more
• Use JFrog Artifactory and JFrog Xray to manage open-source and proprietary artifacts while ensuring compliance.
• Automate compliance processes with JFrog CLI, REST APIs, and AQL to streamline workflows and reduce human errors.
• Implement proactive compliance strategies and integrate security measures early in the SDLC.
• Foster a culture of compliance excellence and improve collaboration across security, compliance, and development teams.
• Monitor and report compliance status using JFrog tools for ongoing compliance verification.
Don’t miss out on learning how JFrog can elevate your compliance strategy.
Maintaining compliance is no longer optional — it’s essential. This workshop guides you through the complexities of compliance regulations while ensuring the security and integrity of your software supply chain. Attendees will explore how JFrog tools, including JFrog Artifactory and JFrog Xray, enable organizations to not only meet regulatory requirements but also establish a culture of compliance excellence. Through hands-on experience, you’ll learn best practices for implementing compliance frameworks within your DevSecOps processes, automate compliance checks, and ensure rigorous security standards are met across the SDLC.
Key Skills Learned:
• Understand the key compliance requirements relevant to software development and deployment, including: NIST, SLSA, DORA, SOX and more
• Use JFrog Artifactory and JFrog Xray to manage open-source and proprietary artifacts while ensuring compliance.
• Automate compliance processes with JFrog CLI, REST APIs, and AQL to streamline workflows and reduce human errors.
• Implement proactive compliance strategies and integrate security measures early in the SDLC.
• Foster a culture of compliance excellence and improve collaboration across security, compliance, and development teams.
• Monitor and report compliance status using JFrog tools for ongoing compliance verification.
Don’t miss out on learning how JFrog can elevate your compliance strategy.
10
4:30 PM
4:30 PM
Welcome Reception
Vintner's Dining Room
11
7:30 AM
7:30 AM
Registration
Meritage Building - Lobby
12
7:45 AM
7:45 AM
Breakfast
Vintner's Dining Room
13
9:00 AM
9:00 AM
Shlomi Ben Haim
Co-Founder and CEO
Shlomi is Co-Founder and CEO of JFrog, creators of the universal DevOps platform.
He brings over 20 years of experience in building profitable, high-growth information technology companies.
Prior to JFrog, Shlomi was the CEO of AlphaCSP (acquired in 2005 by MalamTeam) and a Major in the Israeli Air Force.
Shlomi holds an MS from Clark University (Massachusetts, USA) and a BA from Ben-Gurion University (Israel).
The Quantum Shift - Rethink Software Supply Chain
The Quantum Shift - Rethink Software Supply Chain
Meritage Ballroom
14
9:20 AM
9:20 AM
Yoav Landman
Co-Founder and CTO
Co-Founder and CTO of JFrog, Yoav is the visionary behind Artifactory, the universal artifact repository manager. Prior to founding JFrog, he spent over a decade as a senior consultant specializing in Distributed Computing and Enterprise Build Systems and held several senior technical roles in global organizations. Yoav holds a master’s degree in computing from RMIT University and a Bachelor of Laws (LL.B) from the University of Haifa.
AI-Driven DevOps Unleashed: The Future Starts Here
AI-Driven DevOps Unleashed: The Future Starts Here
Meritage Ballroom
The future of DevOps is being transformed with autonomous agents. As the world begins to focus on agentic-driven release management, we will soon experience agents driving crucial processes such as building, securing, and deploying packages alongside automated policy enforcement. These agents are not working in silos - they will (and are) communicating with one another, enabling real-time visibility and management of secure pipelines.
In this landmark technical keynote, we will reveal how JFrog is empowering teams to implement this modern approach to agentic software delivery - with minimal manual intervention, and with enhanced security – all in a streamlined release process without losing control!
The future of DevOps is being transformed with autonomous agents. As the world begins to focus on agentic-driven release management, we will soon experience agents driving crucial processes such as building, securing, and deploying packages alongside automated policy enforcement. These agents are not working in silos - they will (and are) communicating with one another, enabling real-time visibility and management of secure pipelines.
In this landmark technical keynote, we will reveal how JFrog is empowering teams to implement this modern approach to agentic software delivery - with minimal manual intervention, and with enhanced security – all in a streamlined release process without losing control!
15
10:10 AM
10:10 AM
Eyal Dyment
VP, Security
Eyal Dyment leads Security at JFrog, where he is responsible for driving the company’s security product strategy and innovation across the software supply chain. With a deep background in AI, machine learning, and data-driven product development, Eyal brings a unique blend of technical expertise and business acumen to the evolving DevSecOps landscape.
Reimagining Trust in Software Releases: A New Approach to Supply Chain Integrity
Yossi Shaul
SVP, DevOps
Yossi Shaul is the Senior Vice President of DevOps Core at JFrog, where he leads the development of the company's core DevOps platform. With a career spanning over two decades in software engineering and leadership, Yossi has been instrumental in shaping JFrog's comprehensive solutions that integrate DevOps, DevSecOps, and MLOps practices.
Reimagining Trust in Software Releases: A New Approach to Supply Chain Integrity
Reimagining Trust in Software Releases: A New Approach to Supply Chain Integrity
Meritage Ballroom
Only secure, verified, compliant software should reach production. Full stop. With increasing pressure on modern development teams to deliver across security and compliance requirements, a fully-secured, attestable pipeline demands complete visibility and control across the entire release lifecycle in a single solution.
In this can’t-miss swampUP keynote session, we’ll look at new innovations across JFrog security and platform teams, as well as industry advancements that enable a not just connected, but fully-integrated and robust software supply chain security solution that meets the modern needs of a security-focused, EveryOps reality.
Join us for an exclusive look at how this tectonic security shift reshapes what you thought you knew about application security and governance, helping you unlock new levels of confidence in every release.
Only secure, verified, compliant software should reach production. Full stop. With increasing pressure on modern development teams to deliver across security and compliance requirements, a fully-secured, attestable pipeline demands complete visibility and control across the entire release lifecycle in a single solution.
In this can’t-miss swampUP keynote session, we’ll look at new innovations across JFrog security and platform teams, as well as industry advancements that enable a not just connected, but fully-integrated and robust software supply chain security solution that meets the modern needs of a security-focused, EveryOps reality.
Join us for an exclusive look at how this tectonic security shift reshapes what you thought you knew about application security and governance, helping you unlock new levels of confidence in every release.
16
10:45 AM
10:45 AM
Coffee Break
Meritage Ballroom
17
11:00 AM
11:00 AM
Yuval Fernbach
VP, MLOps
Yuval Fernbach is VP and CTO of MLOps at JFrog, where he leads the integration of a fully managed ML platform following JFrog’s acquisition of Qwak, which he co-founded. With deep expertise in AI and infrastructure, Yuval helps teams streamline the entire ML lifecycle, from data prep to deployment, bridging the worlds of MLOps and DevOps for secure, scalable AI delivery.
Trusted AI at Scale: Secure Governance and Scalable Management for Your AI Models
Trusted AI at Scale: Secure Governance and Scalable Management for Your AI Models
Meritage Ballroom
As AI becomes an indispensable part of modern software applications, managing machine learning models with the same rigor as code and binaries is essential. Yet most organizations still treat models as ad-hoc assets: scattered, untracked, and inconsistently governed, creating potentially serious risks around security, compliance, and operational trust.
Reminding us of yesterday’s OSS package gold rush, today’s ML/AI Models can originate from many sources: custom-built, open-source, and third-party APIs, each with different risks, ownership boundaries, and lifecycle considerations.
In this session, we’ll explore these emerging challenges, and show how advancements in JFrog ML and platform technologies are helping solve them. By treating every type of model as a first-class software artifact, you’ll learn how to integrate model management into your existing DevSecOps pipeline, enable trust by providing visibility, traceability, and evidence-based policy enforcement, and bring the same governance and trust to AI that you already rely on for your software supply chain. It’s time to take back control of AI!
As AI becomes an indispensable part of modern software applications, managing machine learning models with the same rigor as code and binaries is essential. Yet most organizations still treat models as ad-hoc assets: scattered, untracked, and inconsistently governed, creating potentially serious risks around security, compliance, and operational trust.
Reminding us of yesterday’s OSS package gold rush, today’s ML/AI Models can originate from many sources: custom-built, open-source, and third-party APIs, each with different risks, ownership boundaries, and lifecycle considerations.
In this session, we’ll explore these emerging challenges, and show how advancements in JFrog ML and platform technologies are helping solve them. By treating every type of model as a first-class software artifact, you’ll learn how to integrate model management into your existing DevSecOps pipeline, enable trust by providing visibility, traceability, and evidence-based policy enforcement, and bring the same governance and trust to AI that you already rely on for your software supply chain. It’s time to take back control of AI!
18
12:00 PM
12:00 PM
Lunch
Vintner's Dining Room
19
1:20 PM
1:20 PM
Yonatan Arbel
Developer Advocate
A software developer with rich experience spanning over 12 years. For the past 7.5 years, I have been a valuable member of the JFrog team, a prominent tech company. Over the years, I progressed through the organization and eventually found my place within the Infrastructure group.
I have a genuine passion for technology, which has been a guiding force throughout my 12-year career. My work at JFrog has included significant contributions to the development of the JFrog Platform.
My journey is a testament to my dedication and the opportunities that the tech industry offers to those who are eager to learn and grow. As a speaker, I am excited to share my experiences and insights with others in the tech community.
Deploy Artifacts (Even Order Pizza!) with MCP
Deploy Artifacts (Even Order Pizza!) with MCP
Salon A
What if you could deploy software, manage running images, and even order your favorite pizza—all through an AI-powered chat? Meet MCP (Model Context Protocol), the ultimate gateway for companies looking to become AI-friendly and provide seamless interactions through an exposed MCP server.
In this session, we’ll explore:
✅ What MCP is and how it enables AI-driven automation
✅ How MCP simplifies data fetching and environment management
✅ Real-world use cases, from DevOps workflows to AI-assisted user experiences
✅ A live demo: see how easy it is to integrate MCP into your workflows—yes, even for ordering pizza! 🍕
By the end of this session, you’ll have a solid understanding of MCP and why you should start leveraging its power today. Whether you're a developer, DevOps engineer, or product innovator, MCP is your key to unlocking AI-enhanced automation.
What if you could deploy software, manage running images, and even order your favorite pizza—all through an AI-powered chat? Meet MCP (Model Context Protocol), the ultimate gateway for companies looking to become AI-friendly and provide seamless interactions through an exposed MCP server.
In this session, we’ll explore:
✅ What MCP is and how it enables AI-driven automation
✅ How MCP simplifies data fetching and environment management
✅ Real-world use cases, from DevOps workflows to AI-assisted user experiences
✅ A live demo: see how easy it is to integrate MCP into your workflows—yes, even for ordering pizza! 🍕
By the end of this session, you’ll have a solid understanding of MCP and why you should start leveraging its power today. Whether you're a developer, DevOps engineer, or product innovator, MCP is your key to unlocking AI-enhanced automation.
20
1:20 PM
automation
1:20 PM
automation
Charles Crowder
Senior Engineering Manager
Charles Crowder is a Senior Engineering Manager at Cisco on Splunk's SDLC Infrastructure team, and has been with Splunk for 6 years working both as an IC delivering cloud infrastructure, and now as a leader within SDLC.
When not at work, he enjoys family time with his daughter and hobbies like 3D printing, photography, and mountain biking.
Artifactory self-hosted Observability with OpenTelemetry & Splunk O11y
Artifactory self-hosted Observability with OpenTelemetry & Splunk O11y
Salon K
Learn how the Splunk team provides Observability for their Artifactory & X-Ray infrastructure using OpenTelemtry, Splunk, and Splunk O11y Cloud to:
- Emit metrics and integrations to Splunk 011y Cloud
- Define detectors, dashboards, and alerts in Splunk O11y Cloud via Terraform
- Emit logs to Splunk Cloud / Enterprise via OpenTelemetry collector or Splunk UF
- Overview of data sources, reports, & dashboards
Learn how the Splunk team provides Observability for their Artifactory & X-Ray infrastructure using OpenTelemtry, Splunk, and Splunk O11y Cloud to:
- Emit metrics and integrations to Splunk 011y Cloud
- Define detectors, dashboards, and alerts in Splunk O11y Cloud via Terraform
- Emit logs to Splunk Cloud / Enterprise via OpenTelemetry collector or Splunk UF
- Overview of data sources, reports, & dashboards
21
1:20 PM
1:20 PM
Jeremy Adams
Head of Ecosystem
Jeremy is a senior leader with both a technical and a strategic streak. Passionate about people and entrepreneurship, integration and automation. Through technical/business roles at Dagger, GitHub, Twistlock, and Puppet, Jeremy has both zoomed in and zoomed out a lot, acquiring an appreciation for the details and an ever-broader sense of the big architectural picture.
Zero to Hero: Self-Healing CI/CD with JFrog, Dagger, and AI Agents
Zero to Hero: Self-Healing CI/CD with JFrog, Dagger, and AI Agents
Salon J
What if your CI/CD pipelines could fix themselves? What if they understood why a deployment failed, rolled back safely, and then proposed the correct fix? Join us for a hands-on technical session showcasing how JFrog Artifactory, Dagger’s portable pipelines, and an LLM-powered AI agent combine to create an intelligent, adaptive platform for shipping software fast, safely, and globally.
We’ll walk through a live scenario such as:
- An app build fails in CI.
- An AI agent (backed by a local LLM) inspects the failure, correlates logs, build metadata, and deployment artifacts.
- It proposes a fix in code (using Dagger Functions), regenerates the pipeline on the fly, and pushes the corrected artifact to JFrog.
You’ll leave with a blueprint for building your own self-healing pipeline systems using the best of artifact management, containerized pipeline portability, and developer-first AI.
What if your CI/CD pipelines could fix themselves? What if they understood why a deployment failed, rolled back safely, and then proposed the correct fix? Join us for a hands-on technical session showcasing how JFrog Artifactory, Dagger’s portable pipelines, and an LLM-powered AI agent combine to create an intelligent, adaptive platform for shipping software fast, safely, and globally.
We’ll walk through a live scenario such as:
- An app build fails in CI.
- An AI agent (backed by a local LLM) inspects the failure, correlates logs, build metadata, and deployment artifacts.
- It proposes a fix in code (using Dagger Functions), regenerates the pipeline on the fly, and pushes the corrected artifact to JFrog.
You’ll leave with a blueprint for building your own self-healing pipeline systems using the best of artifact management, containerized pipeline portability, and developer-first AI.
22
1:20 PM
AI/ML
1:20 PM
AI/ML
Mohammad Saheer Padinharayil
Manager | AI & Cloud Security Enthusiast
AI security and cloud-native pipeline expert with about a decade of experience in building scalable, secure ML platforms. Currently leading Payment Integrity and Automation efforts at CVS Health with a focus on ML governance and infrastructure. Frequent speaker on GCP, AI/ML and enterprise-scale MLOps.
Securing AI Models and ML Pipelines: Best Practices and Pitfalls to Avoid
Securing AI Models and ML Pipelines: Best Practices and Pitfalls to Avoid
Salon H
As machine learning becomes integral to modern applications, the attack surface for AI systems is rapidly expanding. From data poisoning and model inversion to supply chain vulnerabilities in ML pipelines, the risks are real—and often overlooked.
In this session, we'll explore key challenges in securing the AI lifecycle. You’ll learn how adversaries exploit weaknesses in model training, deployment, and inference stages—and how to counter them with practical strategies.
We’ll walk through:
-Threat modeling for ML pipelines
-Secure model training and deployment using ML tools
-Proven strategies for securing data inputs, model artifacts, and dependencies
-CI/CD best practices for AI/ML, including policy enforcement and SBOMs
-Real-world case studies of AI system compromises—and what we can learn from them
This talk will give you the actionable insight to evaluate and secure your own AI initiatives, ensuring trust and compliance in an era where AI is not just an asset, but a potential liability.
As machine learning becomes integral to modern applications, the attack surface for AI systems is rapidly expanding. From data poisoning and model inversion to supply chain vulnerabilities in ML pipelines, the risks are real—and often overlooked.
In this session, we'll explore key challenges in securing the AI lifecycle. You’ll learn how adversaries exploit weaknesses in model training, deployment, and inference stages—and how to counter them with practical strategies.
We’ll walk through:
-Threat modeling for ML pipelines
-Secure model training and deployment using ML tools
-Proven strategies for securing data inputs, model artifacts, and dependencies
-CI/CD best practices for AI/ML, including policy enforcement and SBOMs
-Real-world case studies of AI system compromises—and what we can learn from them
This talk will give you the actionable insight to evaluate and secure your own AI initiatives, ensuring trust and compliance in an era where AI is not just an asset, but a potential liability.
23
2:00 PM
2:00 PM
Break
The swamp
24
2:20 PM
2:20 PM
Shimi Bandiel
Senior Solution Architect
Shimi is an experienced consultant and developer who specializes in building performant DevOps CI/CD pipelines.
Before his current role as a Strategic DevOps Acceleration Solution Architect @ JFrog, Shimi was the CTO of Trainologic responsible for high profile consulting and training about DevOps, architecture and performance tuning.
Compliance: The Holy Grail
Compliance: The Holy Grail
Salon A
In this session, we’ll explore why compliance remains one of the most elusive challenges in modern software supply chains and what’s finally evolving.
You’ll learn the most common compliance requirements, why tracking them across fast-moving DevSecOps environments is so complex, and why legacy approaches often fall short.
We’ll share practical strategies from SBOM generation to automated evidence collection that help meet compliance goals without slowing down innovation.
We’ll also look ahead to what's next: continuous compliance posture monitoring, integrated trust signals, and how embedding security into the SDLC can eliminate the need for reactive patching to help you build secure, compliant software from the start.
In this session, we’ll explore why compliance remains one of the most elusive challenges in modern software supply chains and what’s finally evolving.
You’ll learn the most common compliance requirements, why tracking them across fast-moving DevSecOps environments is so complex, and why legacy approaches often fall short.
We’ll share practical strategies from SBOM generation to automated evidence collection that help meet compliance goals without slowing down innovation.
We’ll also look ahead to what's next: continuous compliance posture monitoring, integrated trust signals, and how embedding security into the SDLC can eliminate the need for reactive patching to help you build secure, compliant software from the start.
25
2:20 PM
2:20 PM
Krishna Nadiminti US
Developer Experience Leader
Krishna Nadiminti leads Developer Experience at NVIDIA, focusing on improving developer productivity and application lifecycle efficiency. She is an award-winning leader recognized across the tech industry for her contributions to engineering excellence and innovation.
Handling Hyper-Scale Growth and AI Workloads with Artifactory
Handling Hyper-Scale Growth and AI Workloads with Artifactory
Salon K
How do you scale artifact management for an era of AI-driven engineering? In this session, learn how a lean DevOps team inherited a legacy Artifactory instance and transformed it into a hyper-scale, cloud-native artifact platform capable of handling modern AI/ML workloads. The speakers will walk through the transformation journey—from aging infrastructure and operational bottlenecks to a scalable, automated, and performance-optimized Artifactory cluster.
Discover how NVIDIA scaled to support 10x artifact growth, massive binaries, and unpredictable CI/CD bursts, all driven by cutting-edge GPU development and AI test pipelines. You’ll gain insights into architectural evolution, observability patterns, and DevOps practices that enabled the team to tame explosive scale while improving reliability and efficiency.
How do you scale artifact management for an era of AI-driven engineering? In this session, learn how a lean DevOps team inherited a legacy Artifactory instance and transformed it into a hyper-scale, cloud-native artifact platform capable of handling modern AI/ML workloads. The speakers will walk through the transformation journey—from aging infrastructure and operational bottlenecks to a scalable, automated, and performance-optimized Artifactory cluster.
Discover how NVIDIA scaled to support 10x artifact growth, massive binaries, and unpredictable CI/CD bursts, all driven by cutting-edge GPU development and AI test pipelines. You’ll gain insights into architectural evolution, observability patterns, and DevOps practices that enabled the team to tame explosive scale while improving reliability and efficiency.
26
2:20 PM
2:20 PM
Krishna Chaganti
Associate Director
Hi, I’m Krishna an application security expert with 13+ years of experience in penetration testing, vulnerability management, and DevSecOps. I specialize in SAST, DAST, threat modeling, and CI/CD security automation, using tools like Burp Suite, OWASP ZAP, and Metasploit. Passionate about integrating security into development, I mentor, speak at conferences, and conduct hands-on workshops. My mission is to help teams bridge the gap between speed and security, ensuring innovation without compromise. Let’s build secure applications togethe
Mastering Vulnerability Management and Secure SDLC: A Deep Dive into Enterprise Application Security
Mastering Vulnerability Management and Secure SDLC: A Deep Dive into Enterprise Application Security
Salon J
In this session, participants will explore advanced techniques in vulnerability management, application penetration testing, and secure software development life cycles (SDLC). Drawing from over 13 years of hands-on experience, Krishna, Associate Director at S&P Global, will share insights into building and managing comprehensive application security programs across diverse environments.
The session covers real-world practices in integrating SAST/DAST tools into CI/CD pipelines, performing dynamic and static vulnerability assessments, and effectively collaborating with development teams for secure coding. Learn about OWASP Top 10 vulnerabilities, mobile app testing, API security, and managing enterprise risk through threat modeling, patch management, and compliance alignment (PCI DSS, ISO 27001).
In this session, participants will explore advanced techniques in vulnerability management, application penetration testing, and secure software development life cycles (SDLC). Drawing from over 13 years of hands-on experience, Krishna, Associate Director at S&P Global, will share insights into building and managing comprehensive application security programs across diverse environments.
The session covers real-world practices in integrating SAST/DAST tools into CI/CD pipelines, performing dynamic and static vulnerability assessments, and effectively collaborating with development teams for secure coding. Learn about OWASP Top 10 vulnerabilities, mobile app testing, API security, and managing enterprise risk through threat modeling, patch management, and compliance alignment (PCI DSS, ISO 27001).
27
2:20 PM
2:20 PM
Ricardo Aravena
Cloud Infrastructure Lead
Ricardo is making daily impactful contributions as an AI Infrastructure Lead at Snowflake. He's passionate about open source in various roles, such as co-chairing the CNCF TAG-Runtime and leading the Cloud Native AI Working Group. With over 25 years of experience in the tech industry and a diverse professional background, he has held various roles at major companies such as Rakuten, Cisco, and VMware, as well as startups like Branch Metrics, Coupa, HyTrust, Exablox, and SnapLogic. His most recent role at Truera involved automating cloud infrastructure for a large-scale AI/ML Observability solution.
Cloud Infrastructure Lead
From Pipelines to Production: Cloud Native AI Gets Real
Salon H
Since last year's swampUP, the Cloud Native AI ecosystem has evolved significantly. With ongoing innovation in open source models, orchestration, model registries, and observability tools, DevOps teams are now better equipped to reliably and quickly move AI applications from experiment to production.
This talk will dive into the latest work from the CNCF Cloud Native AI Working Group, which has been mapping out the reference architectures, challenges, and opportunities at the intersection of MLOps, DevOps, Security and cloud native tooling. We'll showcase the most recent advancements across the model lifecycle—covering artifact management, inference serving, workload orchestration, and lineage tracking—through a lens of practical, real-world implementation.
Attendees will leave with a blueprint for building scalable, reproducible, secure AI platforms using cloud-native practices, including open-source components. We'll also explore where the ecosystem is heading next, from AI gateway patterns to cluster-level scheduling for GPUs.
Since last year's swampUP, the Cloud Native AI ecosystem has evolved significantly. With ongoing innovation in open source models, orchestration, model registries, and observability tools, DevOps teams are now better equipped to reliably and quickly move AI applications from experiment to production.
This talk will dive into the latest work from the CNCF Cloud Native AI Working Group, which has been mapping out the reference architectures, challenges, and opportunities at the intersection of MLOps, DevOps, Security and cloud native tooling. We'll showcase the most recent advancements across the model lifecycle—covering artifact management, inference serving, workload orchestration, and lineage tracking—through a lens of practical, real-world implementation.
Attendees will leave with a blueprint for building scalable, reproducible, secure AI platforms using cloud-native practices, including open-source components. We'll also explore where the ecosystem is heading next, from AI gateway patterns to cluster-level scheduling for GPUs.
28
3:00 PM
3:00 PM
Break
The swamp
29
3:20 PM
3:20 PM
Yasodhara Varma
VP and Lead Software Engineer
I am a seasoned Lead Software Engineer with 25 years of experience in machine learning, big data, and cloud infrastructure. As a Vice President at JPMorgan Chase, I have led the design and migration of large-scale ML platforms from on-premise Hadoop to AWS, optimizing model training and governance. I specialize in Python, TensorFlow, Spark, and AWS services, driving innovation in fraud detection and credit risk assessment. With expertise in DevOps, distributed computing, and AI-driven solutions, I am passionate about building scalable, efficient platforms that empower businesses to harness the full potential of cloud and AI technologies.
Building Scalable Machine Learning Platforms: A Practical Guide for Engineers
Building Scalable Machine Learning Platforms: A Practical Guide for Engineers
Salon A
Join me, Yash, as I take you through the key strategies and technologies behind designing and managing large-scale machine learning platforms. Drawing from my 25+ years of experience, including my role as a Lead Software Engineer at JPMorgan Chase, this session will cover how to build robust ML infrastructure, optimize distributed model training, and transition on-premise workloads to cloud-based solutions like AWS SageMaker and EMR.
You'll learn about:
1 Best practices for scaling ML models across petabyte-scale data
2 Leveraging cloud services (AWS, EMR, EC2, SageMaker) for efficient ML workflows
3 Implementing governance, compliance, and cost-optimization strategies
4 Case studies on fraud detection and risk assessment using ML
Join me, Yash, as I take you through the key strategies and technologies behind designing and managing large-scale machine learning platforms. Drawing from my 25+ years of experience, including my role as a Lead Software Engineer at JPMorgan Chase, this session will cover how to build robust ML infrastructure, optimize distributed model training, and transition on-premise workloads to cloud-based solutions like AWS SageMaker and EMR.
You'll learn about:
1 Best practices for scaling ML models across petabyte-scale data
2 Leveraging cloud services (AWS, EMR, EC2, SageMaker) for efficient ML workflows
3 Implementing governance, compliance, and cost-optimization strategies
4 Case studies on fraud detection and risk assessment using ML
30
3:20 PM
devsecops
3:20 PM
devsecops
Luis Caro Campos
Conan| R&D Team Lead
Luis is an Electronics and Computer Engineer, currently working a R&D Team Lead in the Conan Team at JFrog. He started his journey with C++ in university doing research in the field of Computer Vision. Since 2015 he has been based in the UK and has worked in the field of 3D Scanning, and more recently in the field of Robotics (Autonomous Driving) at Oxbotica, before joining the Conan team at JFrog in 2022.
Over the years, Luis has become concerned with the problem of enabling C++ Software Development at scale, working on the tooling and processes that enable large teams of C++ developers to focus on writing code.
Conan 2: security features for enterprise-grade C++ projects
Conan 2: security features for enterprise-grade C++ projects
Salon K
Memory safety issues have long been a common cause of security vulnerabilities, to the point where government agencies are recommending moving away from languages like C and C++ for new product development. However, while “memory safe” languages exist - the same agencies acknowledge that software will have to interface with components written in C and C++ for a long time, and recommend that software vendors have a memory safety roadmap.
Key items of a memory safety roadmap include keeping proper track of external dependencies, a transparency plan (vendors and customers should know which dependencies are included in each product), and a plan to react to disclosed CVEs (Common Vulnerabilities and Exposures).
The recent ISO C++ developer survey highlights how dependencies are still integrated as part of projects and not properly traced. This talk will cover how C++ developers can leverage Conan to properly track dependencies, and how it integrates with JFrog’s Security offerings to help developers in fulfilling their contractual and regulatory obligations.
Features covered: Software Bill of Materials, Audit dependencies (report CVE vulnerabilities, powered by JFrog Advanced Security), package signing and JFrog Xray integration via Artifactory.
Memory safety issues have long been a common cause of security vulnerabilities, to the point where government agencies are recommending moving away from languages like C and C++ for new product development. However, while “memory safe” languages exist - the same agencies acknowledge that software will have to interface with components written in C and C++ for a long time, and recommend that software vendors have a memory safety roadmap.
Key items of a memory safety roadmap include keeping proper track of external dependencies, a transparency plan (vendors and customers should know which dependencies are included in each product), and a plan to react to disclosed CVEs (Common Vulnerabilities and Exposures).
The recent ISO C++ developer survey highlights how dependencies are still integrated as part of projects and not properly traced. This talk will cover how C++ developers can leverage Conan to properly track dependencies, and how it integrates with JFrog’s Security offerings to help developers in fulfilling their contractual and regulatory obligations.
Features covered: Software Bill of Materials, Audit dependencies (report CVE vulnerabilities, powered by JFrog Advanced Security), package signing and JFrog Xray integration via Artifactory.
31
3:20 PM
automation
3:20 PM
automation
Hariharan Ragothaman
Software Engineer
Hariharan Ragothaman is a Software Engineer at AMD, leading server validation for AI and GPU platforms. Prior to this, he served as a Lead Software Engineer - System Design and Architecture (Manager) at athenahealth where he designed and developed 'Unified Deployment Pipeline' to integrate multiple tech stacks, enhancing service visibility and improving release and product quality. His work in commercializing the macro-service hybrid cloud (Amazon EKS, AWS Local Zones, and AWS Outposts) was a major step towards modernizing the athenaOne platform. At Bose, he developed scalable firmware for wireless audio products and led AVS/GVA integrations. He received his Masters degree at Northeastern University, Boston.
Unified DevSecOps Pipelines: Accelerating Secure Deployments with NLP & JFrog Xray
Unified DevSecOps Pipelines: Accelerating Secure Deployments with NLP & JFrog Xray
Salon J
In today’s application security landscape, navigating complex deployment environments often feels like facing an onslaught of cyber adversaries. Much like Batman’s trusty utility belt— equipping the perfect gadget for every challenge— integrating robust security into your SDLC transforms your pipeline into a resilient defense against vulnerabilities and breaches.
This talk deep dives into a comprehensive case study where we revolutionized our security posture. On one hand, we applied an innovative strategy to unify all our deployments to a 'Unified Deployment Model' based on Elastic Kubernetes Service (EKS), while on the other by integrating JFrog Xray into each stage of our Software Development Lifecycle (SDLC). Through this integration, our team uncovered about 100K previously undetected security violations that our traditional fragmented approach had overlooked.
In large codebases with services across mobile and front-end, lack of standardization and common tooling causes operational burdens. Teams often build custom deployment flows, leading to two major issues: no consistent “shift-left” feedback loop, and no unified security posture or compliance. This fragmentation hampers visibility into DORA metrics due to divergent pipelines and tech stacks.
Here, we'll explore approaches for architecting a 'Unified Deployment Pipeline' that accelerates developer velocity and productivity while enforcing robust security governance across the SDLC with integrated logging, tracing, and metrics. Additionally, by automating SBOM generation, our strategy delivers an organization-wide impact—enhancing transparency, compliance, and overall risk mitigation. This architecture also provides central observability of progress and aggregates metrics to monitor the health and maturity of deployments. Additionally, we will also investigate how the “build once, deploy many times” paradigm aligns with the proposed architecture.
In today’s application security landscape, navigating complex deployment environments often feels like facing an onslaught of cyber adversaries. Much like Batman’s trusty utility belt— equipping the perfect gadget for every challenge— integrating robust security into your SDLC transforms your pipeline into a resilient defense against vulnerabilities and breaches.
This talk deep dives into a comprehensive case study where we revolutionized our security posture. On one hand, we applied an innovative strategy to unify all our deployments to a 'Unified Deployment Model' based on Elastic Kubernetes Service (EKS), while on the other by integrating JFrog Xray into each stage of our Software Development Lifecycle (SDLC). Through this integration, our team uncovered about 100K previously undetected security violations that our traditional fragmented approach had overlooked.
In large codebases with services across mobile and front-end, lack of standardization and common tooling causes operational burdens. Teams often build custom deployment flows, leading to two major issues: no consistent “shift-left” feedback loop, and no unified security posture or compliance. This fragmentation hampers visibility into DORA metrics due to divergent pipelines and tech stacks.
Here, we'll explore approaches for architecting a 'Unified Deployment Pipeline' that accelerates developer velocity and productivity while enforcing robust security governance across the SDLC with integrated logging, tracing, and metrics. Additionally, by automating SBOM generation, our strategy delivers an organization-wide impact—enhancing transparency, compliance, and overall risk mitigation. This architecture also provides central observability of progress and aggregates metrics to monitor the health and maturity of deployments. Additionally, we will also investigate how the “build once, deploy many times” paradigm aligns with the proposed architecture.
32
3:20 PM
cloud
3:20 PM
cloud
Stephen Chin
VP of Developer Relations
Stephen Chin is VP of Developer Relations at Neo4j, member of the Open AI Alliance, and author of several titles with O'Reilly, Apress, and McGraw Hill. He has keynoted numerous conferences around the world including AI DevSummit, Devoxx, DevNexus, JNation, Shift, JavaOne, Joker, swampUP, and Open Source India. Stephen is an avid motorcyclist who has done evangelism tours in Europe, Japan, and Brazil, interviewing developers in their natural habitat. When he is not traveling, he enjoys teaching kids how to do AI, embedded, and robot programming together with his daughters.
Efficient DevOps with Agentic GraphRAG
Efficient DevOps with Agentic GraphRAG
Salon H
AI models are getting tasked to do increasingly complex and industry specific tasks, where different retrieval approaches provide distinct advantages in accuracy, explainability, and cost to execute. GraphRAG retrieval models have become a powerful tool to solve domain-specific problems where answers require logical reasoning and correlation that can be aided by graph relationships and proximity algorithms. I will demonstrate how the agentic combination of RAG and GraphRAG retrieval patterns can improve analysis of dependency and security information to optimize a DevOps pipeline.
AI models are getting tasked to do increasingly complex and industry specific tasks, where different retrieval approaches provide distinct advantages in accuracy, explainability, and cost to execute. GraphRAG retrieval models have become a powerful tool to solve domain-specific problems where answers require logical reasoning and correlation that can be aided by graph relationships and proximity algorithms. I will demonstrate how the agentic combination of RAG and GraphRAG retrieval patterns can improve analysis of dependency and security information to optimize a DevOps pipeline.
33
3:55 PM
3:55 PM
Break
The swamp
34
4:20 PM
devops
4:20 PM
devops
Richard Clark
Senior Solutions Architect
Richard is a Senior Solutions Architect with JFrog. He is also an entrepreneur/inventor, having previously run a startup in the Internet of Things space, where he holds technology patents and has been a key member of several M&A startups. In his spare time, he enjoys cooking and traveling with his wife and two girls, working on projects with them in his garage-turned makerspace and is also an experienced winemaker.
From Vinyard to Version Control: The DevSecOps of Winemaking
From Vinyard to Version Control: The DevSecOps of Winemaking
Salon A
This talk will discuss the entire process of producing and delivering great wine from the ground up by selecting grapes to bottling, with close similarities to developing and deploying safe, secure & trusted releases in a Software Supply Chain. We will touch upon how to choose a reliable source for safe OSS libraries, CI, CD, SBOM recipes, evidence tracking, quality control, common pitfalls to avoid, packaging/distribution, and ultimately consumption of wine/software by the end user! If you love wine and DevSecOps don't miss this exciting session to learn more about the best practices for both!
This talk will discuss the entire process of producing and delivering great wine from the ground up by selecting grapes to bottling, with close similarities to developing and deploying safe, secure & trusted releases in a Software Supply Chain. We will touch upon how to choose a reliable source for safe OSS libraries, CI, CD, SBOM recipes, evidence tracking, quality control, common pitfalls to avoid, packaging/distribution, and ultimately consumption of wine/software by the end user! If you love wine and DevSecOps don't miss this exciting session to learn more about the best practices for both!
35
4:20 PM
cloud
4:20 PM
cloud
Aman Sardana
Senior Principal Application Architect
Aman Sardana is a technology professional in the financial services and payments domain. He is a hands-on technology leader, enabling business capabilities by implementing cutting-edge, modernized technology solutions. He is skilled in designing, developing, and implementing innovative financial technology solutions that drive business results and establish best-in-class operations.
Aman did his Masters in Information Technology from Northwestern University. This unique program straddles between the business and technical side of information technology, focusing on data mining, information security, enterprise architecture, statistics, innovation, marketing and finance.
Disaster- Proof Development: Embedding Resilience in Every Release
Vijay Kumar Soni
Expert Application Engineer
Vijay Soni is the Expert Architect & Engineer at Discover's business technology department. He architected and designed Discover's Open banking and Click to Pay ecommerce Digital Wallet Payments platforms. He is seasoned software engineer and passionate about solving complex emerging finance, digital payment, identity and payment product problems using secure, futureproof and innovative approach.
Vijay also led multiple EMVCo, eCommerce, Mobile SE/HCE Payments technology initiatives as lead architect and engineer.
Vijay has worked on large financial services & payments technology integration projects including Apple Pay, Google Pay, Samsung Pay, Click to Pay and FDX Open Banking integrations, Pay with Rewards, Contactless Mass Transit acceptance etc..
Disaster- Proof Development: Embedding Resilience in Every Release
Disaster- Proof Development: Embedding Resilience in Every Release
Salon K
Core platform systems support business-critical applications, and are expected to be available and highly responsive 24/7/365. As an example, financial institutions with legacy infrastructure are increasingly adopting hybrid cloud solutions to stay competitive, balance scalability, drive cost-efficiency, and achieve regulatory compliance. However, this shift introduces significant challenges related to system performance, security, and compliance. These challenges must be addressed with strategic mitigation measures.
In this talk, we’ll share insights, experiences, and innovative solutions to successfully navigate hybrid cloud challenges in the Financial Technology domain for core, backend processing systems, Open Banking, payment processing, etc. Attendees will gain practical strategies for securing hybrid environments, ensuring compliance with financial regulations, and optimizing performance across distributed cloud ecosystems. These strategies can be applied to any industry vertical that operates critical infrastructure with hybrid cloud deployments.
Key Takeaways:
- The importance of hybrid cloud in modern FinTech operations
- Hybrid cloud architecture and infrastructure best practices
- Data Management and Governance
- Security considerations and risk management in hybrid cloud environments
- Compliance and regulatory challenges (PCI-DSS, GDPR etc.)
- Performance optimization strategies for financial workloads in hybrid cloud deployments
- Business Continuity, Disaster Recovery and resiliency of critical infrastructure
- Cost Management and FinOps
- Vendor Lock-In and Dependency
Core platform systems support business-critical applications, and are expected to be available and highly responsive 24/7/365. As an example, financial institutions with legacy infrastructure are increasingly adopting hybrid cloud solutions to stay competitive, balance scalability, drive cost-efficiency, and achieve regulatory compliance. However, this shift introduces significant challenges related to system performance, security, and compliance. These challenges must be addressed with strategic mitigation measures.
In this talk, we’ll share insights, experiences, and innovative solutions to successfully navigate hybrid cloud challenges in the Financial Technology domain for core, backend processing systems, Open Banking, payment processing, etc. Attendees will gain practical strategies for securing hybrid environments, ensuring compliance with financial regulations, and optimizing performance across distributed cloud ecosystems. These strategies can be applied to any industry vertical that operates critical infrastructure with hybrid cloud deployments.
Key Takeaways:
- The importance of hybrid cloud in modern FinTech operations
- Hybrid cloud architecture and infrastructure best practices
- Data Management and Governance
- Security considerations and risk management in hybrid cloud environments
- Compliance and regulatory challenges (PCI-DSS, GDPR etc.)
- Performance optimization strategies for financial workloads in hybrid cloud deployments
- Business Continuity, Disaster Recovery and resiliency of critical infrastructure
- Cost Management and FinOps
- Vendor Lock-In and Dependency
36
4:20 PM
automation
4:20 PM
automation
Brett Smith
Software Architect
Software Architect/Engineer/Developer with 25+ years of experience.
Specialties: Event Driven Automation, Continuous Integration/Delivery/Testing/Deployment, Supply Chain Security
Expertise: Linux, packaging, and tool design.
Currently Engineering and Securing the Supply Chain with Event Driven CI/CD gitOps Pipeline Architectures that leverage Kafka, Go,
and Python running in Containers on Kubernetes and SBOMs.
Platform Engineering: Herding the Electric Sheep & Some Frogs
Platform Engineering: Herding the Electric Sheep & Some Frogs
Salon J
A talk about platform engineering, DevOps, DevSecOps, sprawl, chaos, bad decisions, compliance, and security. Why engineer an Internal Developer Platform when I have DevOps? DevOps works fine when you are a 20 person start-up, but it often doesn't scale to enterprise-level development efforts. When you have 3,000 developers with different needs and you are responsible for EO compliance and security, a modular self-service platform is a good choice to build. In this talk, I cover the challenges we have faced in a 3,000-developer enterprise, and how we are working to address them. I also cover how we are working on automating, integration, and scaling the creation of our internal developer platform. We talk about the tools we are using including JFrog products like Artifactory, Curation, Xray, and Advanced Security. I also talk about how we are leveraging SBOMs, SLSA, and other tools to help build out a secure and compliant platform.
A talk about platform engineering, DevOps, DevSecOps, sprawl, chaos, bad decisions, compliance, and security. Why engineer an Internal Developer Platform when I have DevOps? DevOps works fine when you are a 20 person start-up, but it often doesn't scale to enterprise-level development efforts. When you have 3,000 developers with different needs and you are responsible for EO compliance and security, a modular self-service platform is a good choice to build. In this talk, I cover the challenges we have faced in a 3,000-developer enterprise, and how we are working to address them. I also cover how we are working on automating, integration, and scaling the creation of our internal developer platform. We talk about the tools we are using including JFrog products like Artifactory, Curation, Xray, and Advanced Security. I also talk about how we are leveraging SBOMs, SLSA, and other tools to help build out a secure and compliant platform.
37
4:20 PM
automation
4:20 PM
automation
Ciro Greco
Founder and CEO
Ciro Greco - founder and CEO at Bauplan, a serverless computing platform for complex data workloads. Developers can write complex, multi-language data pipelines with zero environment management and infrastructure configuration and the same instantaneous feedback loop as running code locally.
Formerly, he was the founder of Tooso, an NLP startup based in San Francisco. Tooso was acquired by Coveo in 2019 and Ciro was in the management team that brought Coveo to IPO in 2021.
In a previous life he got a PhD in Neuroscience at Milan-Bicocca, a postdoctoral fellowship at Ghent University and he was visiting scientist at MIT.
The End of Manual DataOps: Git for Data and the Automation of AI Infrastructure
The End of Manual DataOps: Git for Data and the Automation of AI Infrastructure
Salon H
One area where we believe AI agents will be crucial is DevOps automation.
Data and ML workloads have been historically very hard to automate reliably because of their inherent complexity, and because traditional data platforms require specialized expertise and manual oversight.
This talk argues that the future of DataOps is built around code-first abstractions and fully-programmable data platforms that meet the needs of DevOps teams: full replicability, easy automation and transparent security.
We will present very specific real-world examples on how Recommender and RAG systems running in production can become more reliable by abstracting infrastructure complexities behind familiar Python concepts like functions, packages, tables, and version control.
One area where we believe AI agents will be crucial is DevOps automation.
Data and ML workloads have been historically very hard to automate reliably because of their inherent complexity, and because traditional data platforms require specialized expertise and manual oversight.
This talk argues that the future of DataOps is built around code-first abstractions and fully-programmable data platforms that meet the needs of DevOps teams: full replicability, easy automation and transparent security.
We will present very specific real-world examples on how Recommender and RAG systems running in production can become more reliable by abstracting infrastructure complexities behind familiar Python concepts like functions, packages, tables, and version control.
38
5:00 PM
5:00 PM
Booth Crawl | Happy Hour
Meritage Building - Terrace
39
6:30 PM
6:30 PM
Gala Dinner: Featuring Celebrity Cellist Tina Guo
Meritage Lawn
40
10:00 PM
10:00 PM
Post Gala Open Bar
Crush lounge
41
7:30 AM
7:30 AM
Registration
Meritage Building - Lobby
42
7:45 AM
7:45 AM
Breakfast
Vintner's Dining Room
43
9:00 AM
9:00 AM
Jens Eckels
VP of Product Marketing
Keynote Kickoff
Keynote Kickoff
Meritage Ballroom
Day 2 of swampUP drives practical application of EveryOps’ quantum shift across our industry.
Join us, as we sharpen our minds for a day of learning and collaboration.
Day 2 of swampUP drives practical application of EveryOps’ quantum shift across our industry.
Join us, as we sharpen our minds for a day of learning and collaboration.
44
9:20 AM
9:20 AM
Maciej Mazur
AI CTO
Maciej Mazur is a CTO of Artificial Intelligence in EMEA at Dell Technologies. Based in
Wrocław, Poland, Maciej works with enterprise and public sector customers to help them
successfully integrate and leverage AI solutions for strategic growth as part of their digital
transformation.
As a lead architect on more than one hundred AI projects, Maciej is a recognized AI expert
and industry blogger/podcaster. With his security clearance, Maciej is also able to discuss
strategic projects with customers in governmental space.
With cross sector experience, and deep telco and defense knowledge, Maciej works with
the C-Suite and IT leaders to leverage AI across their organizations, breaking down silos
and optimizing data investments.
Customer inquiries often center on sovereign AI cloud strategies and hybrid cloud
optimization, and Maciej works with them to provide expert guidance on architecture,
implementation, and maximizing GPU utilization in these environments.
He also works on the Dell AI Factory program that provides organizations with the building
blocks for seamless integration of AI models and frameworks into their operations,
enabling them to turn their ideas into practical applications.
Maciej joined Dell Technologies in 2024 from Ubuntu, where he was a Principal Machine
Learning Engineer, and has experience as Chief Data Scientist and lead solution architect
with top IT companies.
Large scale inference for the enterprise – architecture, security, and best practices
Large scale inference for the enterprise – architecture, security, and best practices
Meritage Ballroom
This keynote presentation will explore large-scale inference infrastructure for enterprises, focusing on architecture, security, and best practices. As an AI CTO at Dell, I had a privilege to be involved in our largest projects and I will share insights into both hardware and software solutions, highlighting deployed architectures and key learnings from customer implementations.
I will show you how to build a SW stack that is able to deliver 30 billion recommendations daily across 4 billion web pages (which is live with one of our customers). Learnings will cover GPU utilization optimization, K8s scheduling mechanisms, monitoring distributed systems using open telemetry approaches balancing security best practices with innovation coming from open source world.
This keynote presentation will explore large-scale inference infrastructure for enterprises, focusing on architecture, security, and best practices. As an AI CTO at Dell, I had a privilege to be involved in our largest projects and I will share insights into both hardware and software solutions, highlighting deployed architectures and key learnings from customer implementations.
I will show you how to build a SW stack that is able to deliver 30 billion recommendations daily across 4 billion web pages (which is live with one of our customers). Learnings will cover GPU utilization optimization, K8s scheduling mechanisms, monitoring distributed systems using open telemetry approaches balancing security best practices with innovation coming from open source world.
45
10:00 AM
10:00 AM
Coffee Break
Meritage Building - Terrace
46
10:20 AM
10:20 AM
Demetrios Brinkmann
Founder of MLOps Community
Demetrios founded the largest community dealing with productionizing AI and ML models. In April 2020 he fell into leading the MLOps community (more than 75k
ML practitioners come together to learn and share experiences) which aims to bring clarity around the operational side of Machine Learning.
Since diving into the nitty gritty of Machine Learning he has felt a strong calling to explore the ethical issues surrounding the new tech he covers. In his free time he can be found building stone stackings in the woods
with his daughters
Ensuring Reliable Evaluation Systems for Your ML
Ensuring Reliable Evaluation Systems for Your ML
Meritage Ballroom
Standard benchmarks often fall short and can be misleading. Leaderboards can erode trust in model claims, as they rarely address specific, real-world needs. In this talk, Demetrios Brinkmann will detail how MLOps engineers and developers can build and continuously update their own evaluation systems to create a strong competitive advantage. He’ll cover how to build a reliable “golden dataset,” optimize data collection, labeling, and utilize the right tools to ensure evaluations truly reflect their intended use case.
Standard benchmarks often fall short and can be misleading. Leaderboards can erode trust in model claims, as they rarely address specific, real-world needs. In this talk, Demetrios Brinkmann will detail how MLOps engineers and developers can build and continuously update their own evaluation systems to create a strong competitive advantage. He’ll cover how to build a reliable “golden dataset,” optimize data collection, labeling, and utilize the right tools to ensure evaluations truly reflect their intended use case.
47
11:00 AM
11:00 AM
Coffee Break
Meritage Building - Terrace
48
11:15 AM
11:15 AM
Stealth Mode Session
Meritage Ballroom
Some conference talks are simply too impactful, too important, too forward-looking to expose all the details far in advance. Stay tuned for more info on this exciting session that everyone will be buzzing about - just not yet!
Some conference talks are simply too impactful, too important, too forward-looking to expose all the details far in advance. Stay tuned for more info on this exciting session that everyone will be buzzing about - just not yet!
49
12:00 PM
12:00 PM
Lunch
Vintner's Dining Room
50
1:20 PM
1:20 PM
Gal Zilberman
Senior Product Manager
2022 - now: Senior Product Manager, JFrog
2021-2022: R&D team leader, Orbit Communication Systems
2018-2021: System engineer, Orbit Communication Systems
2014-2018: Student position, Intel
2005-2014: Naval combat officer, IDF
Empower Your Organization with Smarter Retention Policies
Kunal Mazumdar
Tech Lead
Kunal Mazumdar is a seasoned software professional specializing in full-stack web solutions and scaling web applications. With expertise across DevOps, Aviation, and Developer Experience, he brings a unique blend of technical depth and industry insights.
He has contributed to enterprise and commercial SaaS applications, leveraging Java, JavaScript, Go, and Python. His DevOps expertise helps streamline workflows, automate deployments, and enhance software reliability.
Beyond tech, Kunal is a passionate singer who finds harmony in both music and software architecture. His talks are engaging, practical, and packed with real-world insights, making complex topics accessible to developers and architects.
Empower Your Organization with Smarter Retention Policies
Empower Your Organization with Smarter Retention Policies
Salon A
Learn how JFrog’s Retention Policies — Cleanup and Archival — help optimize storage, reduce costs, and ensure compliance without compromising developer productivity. This session will cover best practices for managing dev and production artifacts, automating cleanup and archival, and aligning storage strategies with business goals. Walk away with actionable insights to implement smarter, more efficient retention policies.
Learn how JFrog’s Retention Policies — Cleanup and Archival — help optimize storage, reduce costs, and ensure compliance without compromising developer productivity. This session will cover best practices for managing dev and production artifacts, automating cleanup and archival, and aligning storage strategies with business goals. Walk away with actionable insights to implement smarter, more efficient retention policies.
51
1:20 PM
jfrog artifactory
1:20 PM
jfrog artifactory
Nireesh Thiruveedula
Lead Software Engineer
I am a Lead Software Engineer and Artifactory administrator at CapitalOne with 18 years of experience in developing enterprise solutions in the Financial Tech and Insurance domains. I hold a patent for a Business-to-Enterprise application developed for StateFarm Insurance, showcasing my innovative approach and technical expertise. My role involves designing and managing scalable solutions, ensuring robust artifact governance.
Outside of work, I enjoy cycling, which keeps me energized and focused. Originally from the southern part of India, I bring a diverse perspective to problem-solving and team collaboration.
The Artifact Avengers: Governance to the Rescue
The Artifact Avengers: Governance to the Rescue
Salon K
Enterprise-level, well-structured and efficient artifact governance frameworks can ensure seamless onboarding, security, compliance and lifecycle management - all via Artifactory. This architecture enables application teams to interact with artifacts while reinforcing security and ease of operations.
Key aspects of governance:
Effective team onboarding: this workflow simplifies the process by creating dedicated repositories for each application, ensuring the teams have well-defined space to store and manage their artifacts.
Tailor-made access controls: implemented effectively, allows teams to securely manage their artifacts and maintain role based access.
Security: remains top priority, with authentication enforced for all uploads/downloads and eliminating anonymous access and ensuring that only authorized users and services interact with Artifactory.
Auditing artifacts: tracking the movement of artifacts across all stages of deployment through a structured promotion process with vulnerability detection from test environments through production with traceability and compliance.
Maintain optimized repository structures: by archiving stale artifacts through automated batch process, prevent repository bloat and improve storage efficiency.
This end-to-end artifact governance structure is made possible by harnessing the power of JFrog APIs, enabling automation and operational efficiency at scale.
Enterprise-level, well-structured and efficient artifact governance frameworks can ensure seamless onboarding, security, compliance and lifecycle management - all via Artifactory. This architecture enables application teams to interact with artifacts while reinforcing security and ease of operations.
Key aspects of governance:
Effective team onboarding: this workflow simplifies the process by creating dedicated repositories for each application, ensuring the teams have well-defined space to store and manage their artifacts.
Tailor-made access controls: implemented effectively, allows teams to securely manage their artifacts and maintain role based access.
Security: remains top priority, with authentication enforced for all uploads/downloads and eliminating anonymous access and ensuring that only authorized users and services interact with Artifactory.
Auditing artifacts: tracking the movement of artifacts across all stages of deployment through a structured promotion process with vulnerability detection from test environments through production with traceability and compliance.
Maintain optimized repository structures: by archiving stale artifacts through automated batch process, prevent repository bloat and improve storage efficiency.
This end-to-end artifact governance structure is made possible by harnessing the power of JFrog APIs, enabling automation and operational efficiency at scale.
52
1:20 PM
automation
1:20 PM
automation
Vishal Raina
Engineering Manager, Developer Velocity & Tooling
Vishal Raina is an engineering manager at Adobe, leading the Developer Velocity & Tooling team. With over 20 years of experience in platform engineering and developer productivity, he has led large-scale initiatives across GitHub, Jenkins, Artifactory, and CircleCI. Vishal specializes in scaling DevOps platforms and delivering impactful migrations that boost performance and reliability.
Zero Downtime, Maximum Impact: Migrating Artifactory Database at Scale
Kevin Patterson
Senior SCM Engineer, Engineering Productivity Tools and Applications
Once heavily focused on infrastructure, his current interests are now in Software Configuration Management (SCM) and DevOps.
Zero Downtime, Maximum Impact: Migrating Artifactory Database at Scale
Rahul Srivastava
Lead SRE
Rahul Srivastava is a Lead Senior Site Reliability Engineer at Adobe, where he has been driving critical initiatives to enhance the end-to-end resiliency of large-scale, distributed systems deployed across multiple regions and cloud environments since 2019. A core part of his work includes operating and scaling JFrog Artifactory services in a multi-cloud, multi-region infrastructure.
With over two decades of experience in software engineering and infrastructure reliability, Rahul Srivastav holds an M.S. in Software Management from Carnegie Mellon University and a B.Tech in Computer Science from the Institute of Engineering & Technology, India. He is also a certified Project Management Professional (PMP) recognized by the Project Management Institute.
Zero Downtime, Maximum Impact: Migrating Artifactory Database at Scale
Zero Downtime, Maximum Impact: Migrating Artifactory Database at Scale
Salon J
How do you migrate a mission-critical Artifactory database with zero downtime—while supporting thousands of developers? Join adobe's Vishal Raina, Kevin Patterson and Rahul Srivastava as they share their real-world experience executing a seamless migration from MySQL to PostgreSQL in a high-scale, multi-geo enterprise environment.
You'll get a behind-the-scenes view into the planning, tooling, and validation strategy that enabled a risk-free migration. We’ll cover how the team identified legacy system limitations, aligned cross-functional stakeholders, and executed the cutover with precision—all without impacting developer velocity. You'll also hear practical lessons learned on operational resilience, automation, observability, and post-migration optimization.
Whether you're preparing for your own DB migration or modernizing your artifact infrastructure, this session will equip you with actionable insights to reduce risk, improve reliability, and elevate the developer experience.
How do you migrate a mission-critical Artifactory database with zero downtime—while supporting thousands of developers? Join adobe's Vishal Raina, Kevin Patterson and Rahul Srivastava as they share their real-world experience executing a seamless migration from MySQL to PostgreSQL in a high-scale, multi-geo enterprise environment.
You'll get a behind-the-scenes view into the planning, tooling, and validation strategy that enabled a risk-free migration. We’ll cover how the team identified legacy system limitations, aligned cross-functional stakeholders, and executed the cutover with precision—all without impacting developer velocity. You'll also hear practical lessons learned on operational resilience, automation, observability, and post-migration optimization.
Whether you're preparing for your own DB migration or modernizing your artifact infrastructure, this session will equip you with actionable insights to reduce risk, improve reliability, and elevate the developer experience.
53
1:20 PM
1:20 PM
Sai prasad Veluru
Software Development Engineer
A software engineer specializing in large-scale data processing, AI-driven automation, and real-time infrastructure. Currently working at Apple, leading projects that optimize data pipelines, enhance system performance, and integrate AI to streamline operations. Passionate about distributed systems, Kafka, and cloud-native architectures, with a track record of solving complex engineering challenges at scale.
Mastering Modern Tech Stacks: Optimizing Performance at Scale
Mastering Modern Tech Stacks: Optimizing Performance at Scale
Salon H
In this session, we will explore the best practices and technologies that drive high-performance, scalable systems. Drawing from my experience at Apple, Visa, and other companies, I'll cover how to implement Kafka streaming, Kubernetes, AWS, and machine learning to build and optimize large-scale systems. This will include a deep dive into real-world scenarios and how to improve processing times, reduce latency, and manage large datasets efficiently.
In this session, we will explore the best practices and technologies that drive high-performance, scalable systems. Drawing from my experience at Apple, Visa, and other companies, I'll cover how to implement Kafka streaming, Kubernetes, AWS, and machine learning to build and optimize large-scale systems. This will include a deep dive into real-world scenarios and how to improve processing times, reduce latency, and manage large datasets efficiently.
54
2:00 PM
2:00 PM
Break
The swamp
55
2:20 PM
devops
2:20 PM
devops
Ronny Belenitsky
Director of Product
Ronny is a Product Director at JFrog, where he leads strategic initiatives across DevSecOps and SDLC innovation. With a strong background in cloud-native technologies and application lifecycle management, Ronny plays a key role in shaping products that empower enterprise engineering teams to build and release software more quickly and securely.
Prior to JFrog, Ronny was the VP of Product at Titan, where he scaled product organizations, launched market-leading solutions, and drove enterprise adoption globally. He brings over 15 years of experience in building impactful software products, combining technical depth with strategic vision.
Secure & Streamline Your Software Supply Chain with JFrog, Strengthening SDLC Integrity, Step by Step
Strengthening SDLC Integrity, Step by Step
Salon A
In our discussions with customers, we identified a critical challenge in the Software Development Lifecycle (SDLC): package signing often occurs after the package build, altering the package’s SHA in the middle of the process.
While organizations aim to ensure that artifacts pushed to production have a fully signed and verifiable provenance from development to deployment, this intermediate modification disrupts the integrity of the build step and beyond.
Customers recognize the value of immutable release bundles and a robust provenance posture. However, transitioning away from a process that modifies artifacts mid-SDLC for signing to an immutable workflow remains challenging.
This talk will explore how organizations can adopt a step-by-step approach to ensure consistency and predictability across SDLC maturity stages, while enabling the addition of trusted and signed evidence at every stage; a way to enable security, traceability, and compliance without compromising integrity.
In our discussions with customers, we identified a critical challenge in the Software Development Lifecycle (SDLC): package signing often occurs after the package build, altering the package’s SHA in the middle of the process.
While organizations aim to ensure that artifacts pushed to production have a fully signed and verifiable provenance from development to deployment, this intermediate modification disrupts the integrity of the build step and beyond.
Customers recognize the value of immutable release bundles and a robust provenance posture. However, transitioning away from a process that modifies artifacts mid-SDLC for signing to an immutable workflow remains challenging.
This talk will explore how organizations can adopt a step-by-step approach to ensure consistency and predictability across SDLC maturity stages, while enabling the addition of trusted and signed evidence at every stage; a way to enable security, traceability, and compliance without compromising integrity.
56
2:20 PM
2:20 PM
Stealth Mode Session
Salon K
Some conference talks are simply too impactful, too important, too forward-looking to expose all the details far in advance. Stay tuned for more info on this exciting session that everyone will be buzzing about - just not yet!
Some conference talks are simply too impactful, too important, too forward-looking to expose all the details far in advance. Stay tuned for more info on this exciting session that everyone will be buzzing about - just not yet!
57
2:20 PM
automation
2:20 PM
automation
Haggai Philip Zagury
DevOps Group & Tech Lead
25+ years if experience as an IT Systems Engineer.
I lectured in various conferences in Israel and abroad.
Bootstrapped my career as a systems administrator in a small StartUp, and a few years later learned about my passion to learn & teach ;) ,
My Day job was running production for a small ISP running various sub-systems, which quickly grew in demand, my journey continued when I joined Tikal ~16 years ago as a Configuration Manager and grew from there into the DevOps field.
I'm not the traditional geek 😉 I am very passionate about what I do ♾️.
HagZag
Farm to Table Software Delivery: DevOps to Platform Engineering
Farm to Table Software Delivery: DevOps to Platform Engineering
Salon J
The way we build, deliver, and operate software has undergone a massive transformation over the past decade. What started as a DevOps-centric approach—focused on automation, CI/CD, and infrastructure as code—has now evolved into a Platform Engineering paradigm. This shift prioritizes self-service, developer experience, and scalable platform abstractions to enable high-velocity software delivery. In this session, we will explore how organizations are modernizing their software delivery pipelines, infrastructure, and operational models to drive agility, efficiency, and reliability.
Drawing from real-world experience as a DevOps consultant and platform engineer, I will take attendees through the journey of software delivery evolution—from early configuration management days to the current Platform Engineering movement. We will discuss the critical role of self-service platforms in empowering developers while ensuring governance, security, and operational excellence at scale.
The way we build, deliver, and operate software has undergone a massive transformation over the past decade. What started as a DevOps-centric approach—focused on automation, CI/CD, and infrastructure as code—has now evolved into a Platform Engineering paradigm. This shift prioritizes self-service, developer experience, and scalable platform abstractions to enable high-velocity software delivery. In this session, we will explore how organizations are modernizing their software delivery pipelines, infrastructure, and operational models to drive agility, efficiency, and reliability.
Drawing from real-world experience as a DevOps consultant and platform engineer, I will take attendees through the journey of software delivery evolution—from early configuration management days to the current Platform Engineering movement. We will discuss the critical role of self-service platforms in empowering developers while ensuring governance, security, and operational excellence at scale.
58
2:20 PM
2:20 PM
Gaurav Saxena
Director of Engineering
Gaurav Saxena is an engineering leader in the field of platform and cloud engineering with over 20 years of experience in the software industry. His technical expertise includes Stream-based architectures, Kubernetes, Service Mesh, and Observability.
Resiliency by Design: Internal Platforms' Contributions to Cloud Stability
Resiliency by Design: Internal Platforms' Contributions to Cloud Stability
Salon H
In today's complex enterprise environments, building and maintaining resilient data streaming platforms requires a strategic approach that empowers developers while ensuring security and operational efficiency. This presentation explores how Internal Developer Platforms (IDPs) can streamline development workflows, enhance application portability, and fortify your software supply chain, including the use of CNCF projects.
We'll delve into:
Internal Developer Platforms (IDPs): Understanding the core principles of IDPs and how they enable self-service infrastructure, reduce cognitive load for developers, and promote consistent development practices.
Open Application Model (OAM): Leveraging OAM to define applications in a platform-agnostic way, separating application logic from infrastructure concerns. This promotes portability and simplifies management across diverse environments.
Crossplane: Using Crossplane to extend your Kubernetes cluster and manage infrastructure resources (databases, message queues, etc.) directly from within your IDP, enabling a unified control plane for both applications and infrastructure.
A key focus will be on building a hardened software supply chain:
Melange, Apko, and Wolfi: Building minimal, secure container images using these next-generation tools. We'll discuss the benefits of reduced attack surface and improved image scanning results.
Sigstore Project (Cosign, Fulcio, Rekor): Ensuring the integrity and authenticity of container images through signing and attestation. We'll demonstrate how to use Sigstore to sign images built from managed CI pipelines and push to jFrog Artifactory securely.
Kubernetes Admission Control: Implementing KubeWarden, a Kubernetes admission controller, to enforce policies and verify image signatures before deployment, preventing the execution of untrusted code.
Workload Attestation using SPIFFE: Using SPIFFE for workload attestations.
In today's complex enterprise environments, building and maintaining resilient data streaming platforms requires a strategic approach that empowers developers while ensuring security and operational efficiency. This presentation explores how Internal Developer Platforms (IDPs) can streamline development workflows, enhance application portability, and fortify your software supply chain, including the use of CNCF projects.
We'll delve into:
Internal Developer Platforms (IDPs): Understanding the core principles of IDPs and how they enable self-service infrastructure, reduce cognitive load for developers, and promote consistent development practices.
Open Application Model (OAM): Leveraging OAM to define applications in a platform-agnostic way, separating application logic from infrastructure concerns. This promotes portability and simplifies management across diverse environments.
Crossplane: Using Crossplane to extend your Kubernetes cluster and manage infrastructure resources (databases, message queues, etc.) directly from within your IDP, enabling a unified control plane for both applications and infrastructure.
A key focus will be on building a hardened software supply chain:
Melange, Apko, and Wolfi: Building minimal, secure container images using these next-generation tools. We'll discuss the benefits of reduced attack surface and improved image scanning results.
Sigstore Project (Cosign, Fulcio, Rekor): Ensuring the integrity and authenticity of container images through signing and attestation. We'll demonstrate how to use Sigstore to sign images built from managed CI pipelines and push to jFrog Artifactory securely.
Kubernetes Admission Control: Implementing KubeWarden, a Kubernetes admission controller, to enforce policies and verify image signatures before deployment, preventing the execution of untrusted code.
Workload Attestation using SPIFFE: Using SPIFFE for workload attestations.
59
3:00 PM
3:00 PM
Break
The swamp
60
3:20 PM
3:20 PM
Pavel Klushin
Senior Manager, Solution Engineering
Pavel Klushin is an ML expert with over ten years of expertise in cloud engineering. His work focuses on integrating AI with cloud infrastructures, enhancing performance and driving innovation across various industries.
MLOps in Action: From Experimentation to Production, Delivering AI You Can Trust
Delivering AI You Can Trust
Salon A
Discover how JFrog enables seamless and secure adoption of both open-source and commercial AI models within the enterprise, enforcing organizational policies without slowing down your AI development velocity.
Discover how JFrog enables seamless and secure adoption of both open-source and commercial AI models within the enterprise, enforcing organizational policies without slowing down your AI development velocity.
61
3:20 PM
3:20 PM
Stealth Mode Session
Salon K
Some conference talks are simply too impactful, too important, too forward-looking to expose all the details far in advance. Stay tuned for more info on this exciting session that everyone will be buzzing about - just not yet!
Some conference talks are simply too impactful, too important, too forward-looking to expose all the details far in advance. Stay tuned for more info on this exciting session that everyone will be buzzing about - just not yet!
62
3:20 PM
3:20 PM
Stealth Mode Session
Salon J
Some conference talks are simply too impactful, too important, too forward-looking to expose all the details far in advance. Stay tuned for more info on this exciting session that everyone will be buzzing about - just not yet!
Some conference talks are simply too impactful, too important, too forward-looking to expose all the details far in advance. Stay tuned for more info on this exciting session that everyone will be buzzing about - just not yet!
63
3:20 PM
automation
3:20 PM
automation
Nicholas Shine
Principal Software Engineer
Nicholas Shine is a Principal Software Development Engineer at Cisco on Splunk's SDLC Infrastructure team, and has been with the team for 4 years innovating several critical components within our SDLC systems supporting engineering as a whole.
When not at work, he enjoys family time with his wife and two daughters and hobbies like homelab / automation, woodworking, and drone photography.
JFrog Artifactory Active/Active HA DR infrastructure Split-Horizon DNS for Public/Private Access
JFrog Artifactory Active/Active HA DR infrastructure Split-Horizon DNS for Public/Private Access
Salon H
Learn how to implement JFrog Artifactory & JFrog Xray as an active/active HA DR implementation (self-hosted in AWS) with a hybrid private/public access model via Split-Horizon DNS resolution.
- Split-Horizon DNS for public/private access
- DNS routing & resolution options
- IAC via Terraform & CI/CD
- Failover operations / upgrade strategy
- Access Federation / Mission Control
Learn how to implement JFrog Artifactory & JFrog Xray as an active/active HA DR implementation (self-hosted in AWS) with a hybrid private/public access model via Split-Horizon DNS resolution.
- Split-Horizon DNS for public/private access
- DNS routing & resolution options
- IAC via Terraform & CI/CD
- Failover operations / upgrade strategy
- Access Federation / Mission Control
64
4:00 PM
4:00 PM
Show Closing at Expo
Meritage Building - Terrace
Best Speaker Award & Raffle Winner Announcements
Best Speaker Award & Raffle Winner Announcements
