Agenda

Hands-on Training | Keynotes | Breakout Sessions | Networking
October 20-22, 2026
Training Day
October 20th
Conference Day 1
October 21st
Conference Day 2
October 22nd

1

8:00 AM
Registration & Breakfast
TUE 8:00 AM - 9:00 AM

2

9:00 AM
Morning
JFrog Security Full Shift: Leveraging JFrog Curation for Automated Remediation
Mark Whitby | Solution Architect
Micky Gorelick | Technical Instructor
TUE 9:00 AM - 12:30 PM
Intermediate
Add to calendar
    2026-10-20T09:00:00+0000
    2026-10-20T12:30:00+0000
    10/20/2026 9:00 am
    10/20/2026 12:30 pm
    JFrog Security Full Shift: Leveraging JFrog Curation for Automated Remediation
    Combine JFrog Curation with local SAST (via MCP), Frogbot, and Snippet Detection to bridge the gap between policy enforcement and seamless violation fixes. Course Objective: Learn to deploy a "Developer-First" security strategy that blocks malicious packages before they hit your cache and uses AI-powered agents to detect plagiarized code in real-time. Bridge the gap between Security and Development by stopping threats at the front door and automating fixes directly in the SCM. What You Will Learn - JFrog Curation: How to proactively block malicious or non-compliant open-source packages at the point of download. - IDE & Git Integration: How to use Frogbot to scan Pull Requests and provide instant feedback to developers before code is merged. - Developer-Centric SAST: Identify "exposed secrets" and security flaws in proprietary code during the initial coding stage and apply agentic remidiation - with MCP. - Early Remediation: Utilize JFrog’s contextual analysis to fix the most critical issues early, saving time upstream and reducing downstream friction. Who Should Sign Up: - AppSec Engineers looking to move from reactive scanning to proactive, automated policy enforcement at the entry point. - Developers using AI-assisted coding tools who want to catch and fix vulnerabilities, secrets, and license risks directly in their IDE or PR. - DevOps Leaders tasked with reducing MTTR (Mean Time to Remediation) by automating the "autofix" lifecycle for vulnerable packages.
    3
    americas
  • Apple
  • Google
  • Outlook
  • Outlook.com
  • Yahoo
Combine JFrog Curation with local SAST (via MCP), Frogbot, and Snippet Detection to bridge the gap between policy enforcement and seamless violation fixes. Course Objective: Learn to deploy a "Developer-First" security strategy that blocks malicious packages before they hit your cache and uses AI-powered agents to detect plagiarized code in real-time. Bridge the gap between Security and Development by stopping threats at the front door and automating fixes directly in the SCM. What You Will Learn - JFrog Curation: How to proactively block malicious or non-compliant open-source packages at the point of download. - IDE & Git Integration: How to use Frogbot to scan Pull Requests and provide instant feedback to developers before code is merged. - Developer-Centric SAST: Identify "exposed secrets" and security flaws in proprietary code during the initial coding stage and apply agentic remidiation - with MCP. - Early Remediation: Utilize JFrog’s contextual analysis to fix the most critical issues early, saving time upstream and reducing downstream friction. Who Should Sign Up: - AppSec Engineers looking to move from reactive scanning to proactive, automated policy enforcement at the entry point. - Developers using AI-assisted coding tools who want to catch and fix vulnerabilities, secrets, and license risks directly in their IDE or PR. - DevOps Leaders tasked with reducing MTTR (Mean Time to Remediation) by automating the "autofix" lifecycle for vulnerable packages.

3

Morning
JFrog AI Masterclass: Governance & Security in the Agentic SDLC
Pavel Klushin | Senior Solution Engineering, JFrog ML
Yalin Arie | Solution Engineering
TUE 9:00 AM - 12:30 PM
Advanced
Add to calendar
    2026-10-20T09:00:00+0000
    2026-10-20T12:30:00+0000
    10/20/2026 9:00 am
    10/20/2026 12:30 pm
    JFrog AI Masterclass: Governance & Security in the Agentic SDLC
    Optimizing Management, Security, and Governance for every AI asset in the Agentic Workflows. This course provides a deep dive into the industry's most complete AI registry solution. Learn how to transform your agentic supply chain by establishing a single system of record for centralized governance. We will guide you from discovering hidden Shadow AI blind spots to building a trusted, unified organizational hub for managing ML models, MCP servers, and more. What You Will Learn: - Building a Unified AI Architecture: Discover how to use the JFrog AI Catalog as your centralized "Single Source of Truth" for AI Assets including Models, External Model APIs, MCPs and more - Proactive Security & Scanning: Leverage JFrog’s advanced security features to detect Shadow AI usage, block malicious models, surface critical vulnerabilities (CVEs), and enforce strict license compliance - Full-Spectrum AI Governance: Learn how to discover, curate, and "Allow List" approved AI assets using automated, enterprise-grade policy enforcement to stop non-compliant AI Assets at the gate - Secure Agentic Workflows: Master the management of MCP servers to safely bridge AI assistants (like Cursor and Claude) with your private enterprise data - without compromising security or bypassing governance. Who Should Sign Up: - DevSecOps Engineers tasked with applying the same "Binary-First" approach to AI Agents as they do to traditional software artifacts. - Software Engineers who want to safely integrate AI coding assistants (like Cursor) into their workflows using a single-line configuration to connect with vetted internal tools and MCP servers.. - DevOps Engineers designing the infrastructure to support secure, and scalable AI workflows.
    3
    americas
  • Apple
  • Google
  • Outlook
  • Outlook.com
  • Yahoo
Optimizing Management, Security, and Governance for every AI asset in the Agentic Workflows. This course provides a deep dive into the industry's most complete AI registry solution. Learn how to transform your agentic supply chain by establishing a single system of record for centralized governance. We will guide you from discovering hidden Shadow AI blind spots to building a trusted, unified organizational hub for managing ML models, MCP servers, and more. What You Will Learn: - Building a Unified AI Architecture: Discover how to use the JFrog AI Catalog as your centralized "Single Source of Truth" for AI Assets including Models, External Model APIs, MCPs and more - Proactive Security & Scanning: Leverage JFrog’s advanced security features to detect Shadow AI usage, block malicious models, surface critical vulnerabilities (CVEs), and enforce strict license compliance - Full-Spectrum AI Governance: Learn how to discover, curate, and "Allow List" approved AI assets using automated, enterprise-grade policy enforcement to stop non-compliant AI Assets at the gate - Secure Agentic Workflows: Master the management of MCP servers to safely bridge AI assistants (like Cursor and Claude) with your private enterprise data - without compromising security or bypassing governance. Who Should Sign Up: - DevSecOps Engineers tasked with applying the same "Binary-First" approach to AI Agents as they do to traditional software artifacts. - Software Engineers who want to safely integrate AI coding assistants (like Cursor) into their workflows using a single-line configuration to connect with vetted internal tools and MCP servers.. - DevOps Engineers designing the infrastructure to support secure, and scalable AI workflows.

4

Full Day
JFrog at Global Scale: Architecting to Make the Complex Simple
Guy Yuval-Baharav | Solution Architect
Yonatan Brand | Professional Services Engineer
TUE 9:00 AM - 5:00 PM
Intermediate
Add to calendar
    2026-10-20T09:00:00+0000
    2026-10-20T17:00:00+0000
    10/20/2026 9:00 am
    10/20/2026 5:00 pm
    JFrog at Global Scale: Architecting to Make the Complex Simple
    Optimizing the Software Supply Chain Workflow, Multi-Site Sync, and Automated Policy Enforcement. This full-day course covers follow the evolution of an organization. Learn to architect a unified platform that integrates disparate sites or teams, synchronizes artifacts globally, and enforces a "Trusted Release" lifecycle that evolves with the business at any scale. This will be a comprehensive deep dive into the latest JFrog Platform and capabilities. What You Will Learn: - Global Integration (Scale & Storage Optimization): How to implement Federated Repositories and JFrog Bridge for bi-directional synchronization and Advanced Retention Policies. - Proactive Security & Remediation: Deploying JFrog Curation to block malicious packages at the perimeter and Frogbot for automated, developer-centric vulnerability patching within the SCM. - Contextual Security & AI Governance: Utilizing Xray for runtime vulnerability prioritization and centralization the AI lifecycle via the JFrog AI Catalog to secure model usage and agentic workflows. - AppTrust & The Trusted Release: How to master evidence-based governance using GraphQL and automated security gates to ensure only compliant, signed binaries reach production. Who Should Sign Up: - Platform Architects tasked with designing an end-to-end, "Secure-by-Design" software delivery pipeline. - DevOps Leaders looking to standardize their global toolchain and eliminate fragmented "security silos". - Security & Compliance Officers who need to implement automated, evidence-based governance across the entire software lifecycle.
    8
    americas
  • Apple
  • Google
  • Outlook
  • Outlook.com
  • Yahoo
Optimizing the Software Supply Chain Workflow, Multi-Site Sync, and Automated Policy Enforcement. This full-day course covers follow the evolution of an organization. Learn to architect a unified platform that integrates disparate sites or teams, synchronizes artifacts globally, and enforces a "Trusted Release" lifecycle that evolves with the business at any scale. This will be a comprehensive deep dive into the latest JFrog Platform and capabilities. What You Will Learn: - Global Integration (Scale & Storage Optimization): How to implement Federated Repositories and JFrog Bridge for bi-directional synchronization and Advanced Retention Policies. - Proactive Security & Remediation: Deploying JFrog Curation to block malicious packages at the perimeter and Frogbot for automated, developer-centric vulnerability patching within the SCM. - Contextual Security & AI Governance: Utilizing Xray for runtime vulnerability prioritization and centralization the AI lifecycle via the JFrog AI Catalog to secure model usage and agentic workflows. - AppTrust & The Trusted Release: How to master evidence-based governance using GraphQL and automated security gates to ensure only compliant, signed binaries reach production. Who Should Sign Up: - Platform Architects tasked with designing an end-to-end, "Secure-by-Design" software delivery pipeline. - DevOps Leaders looking to standardize their global toolchain and eliminate fragmented "security silos". - Security & Compliance Officers who need to implement automated, evidence-based governance across the entire software lifecycle.

5

12:30 PM
Lunch
TUE 12:30 PM - 1:30 PM

6

1:30 PM
Afternoon
Operationalizing Xray & Advanced Security: Embedding Continuous Security Across Your Artifact Lifecy
Hamza Zaoui | Strategic Solutions Architect, Field CTO
Fabien Louis | Professional Services Architect
TUE 1:30 PM - 5:00 PM
Advanced
Add to calendar
    2026-10-20T13:30:00+0000
    2026-10-20T17:00:00+0000
    10/20/2026 1:30 pm
    10/20/2026 5:00 pm
    Operationalizing Xray & Advanced Security: Embedding Continuous Security Across Your Artifact Lifecy
    Transforming Threat Intelligence into Actionable Insights via the Security Dashboard This course focuses on the Build and Runtime phases, ensuring that no artifact- no matter how it was created—moves to production without deep inspection and policy validation. You will be able to implement automated, continuous security guardrails across the entire software lifecycle. What You Will Learn - Continuous Scanning: Automating Xray scans within CI/CD pipelines (Jenkins, GitHub Actions, etc.) to intercept compromised builds. - Vulnerability Prioritization: Use Advanced Security to determine if a vulnerable component is actually reachable in your specific runtime environment. - Compliance & Auditability: Utilizing Audit Events for Xray to ensure compliance accountability for all security actions. Who Should Sign Up: - DevOps Engineers responsible for building and maintaining secure automated pipelines. - Security Engineers designing the end-to-end governance for the complete Software Supply Chain. - Compliance Officers who need to ensure every production release has
    3
    americas
  • Apple
  • Google
  • Outlook
  • Outlook.com
  • Yahoo
Transforming Threat Intelligence into Actionable Insights via the Security Dashboard This course focuses on the Build and Runtime phases, ensuring that no artifact- no matter how it was created—moves to production without deep inspection and policy validation. You will be able to implement automated, continuous security guardrails across the entire software lifecycle. What You Will Learn - Continuous Scanning: Automating Xray scans within CI/CD pipelines (Jenkins, GitHub Actions, etc.) to intercept compromised builds. - Vulnerability Prioritization: Use Advanced Security to determine if a vulnerable component is actually reachable in your specific runtime environment. - Compliance & Auditability: Utilizing Audit Events for Xray to ensure compliance accountability for all security actions. Who Should Sign Up: - DevOps Engineers responsible for building and maintaining secure automated pipelines. - Security Engineers designing the end-to-end governance for the complete Software Supply Chain. - Compliance Officers who need to ensure every production release has

7

Afternoon
AppTrust Essentials: Get CRA & SLSA Ready - Mastering DevGovOps & Supply Chain Integrity
Tal Etinger | Senior Strategic Solution Architect
Eli Kopelevitch | Professional Services Architect
TUE 1:30 PM - 5:00 PM
Intermediate
Add to calendar
    2026-10-20T13:30:00+0000
    2026-10-20T17:00:00+0000
    10/20/2026 1:30 pm
    10/20/2026 5:00 pm
    AppTrust Essentials: Get CRA & SLSA Ready - Mastering DevGovOps & Supply Chain Integrity
    Driving Compliant Releases with Evidence-Based Controls, Rego Policies, and ServiceNow Integration. Transition from reactive security to proactive, automated governance. This course provides the technical blueprint for using JFrog AppTrust as the orchestration layer for "Trusted Releases," binding technical security metadata to business-ready compliance evidence that satisfies NIST and CRA mandates. What You Will Learn: - Identity & Provenance (SLSA): Using build attestations to cryptographically prove the origin and integrity of every artifact in your supply chain. - Mastering the SBOM Lifecycle: Generating, managing, and exporting enriched Software Bill of Materials (SBOMs) to meet global regulatory transparency requirements (RCA). - Automated Trust Policies: Setting the "Minimum Bar" for your organization using Policy as Code to automate complex approval logic and security gates. - ServiceNow ITSM Integration: Automating the bridge between DevOps and IT Operations by triggering ServiceNow Change Requests and status updates based on real-time security evidence and AppTrust gates. Who Should Sign Up: - Security Architects & Compliance Officers who are responsible for defining and enforcing software governance that meets strict NIST/CRA regulatory standards. - DevOps & Platform Leads looking to implement standardized "Trust" workflows that integrate seamlessly with existing ServiceNow approval processes. - System Administrators and technical leads responsible for ensuring the JFrog infrastructure supports automated trust checks and compliant artifact delivery without manual bottlenecks.
    3
    americas
  • Apple
  • Google
  • Outlook
  • Outlook.com
  • Yahoo
Driving Compliant Releases with Evidence-Based Controls, Rego Policies, and ServiceNow Integration. Transition from reactive security to proactive, automated governance. This course provides the technical blueprint for using JFrog AppTrust as the orchestration layer for "Trusted Releases," binding technical security metadata to business-ready compliance evidence that satisfies NIST and CRA mandates. What You Will Learn: - Identity & Provenance (SLSA): Using build attestations to cryptographically prove the origin and integrity of every artifact in your supply chain. - Mastering the SBOM Lifecycle: Generating, managing, and exporting enriched Software Bill of Materials (SBOMs) to meet global regulatory transparency requirements (RCA). - Automated Trust Policies: Setting the "Minimum Bar" for your organization using Policy as Code to automate complex approval logic and security gates. - ServiceNow ITSM Integration: Automating the bridge between DevOps and IT Operations by triggering ServiceNow Change Requests and status updates based on real-time security evidence and AppTrust gates. Who Should Sign Up: - Security Architects & Compliance Officers who are responsible for defining and enforcing software governance that meets strict NIST/CRA regulatory standards. - DevOps & Platform Leads looking to implement standardized "Trust" workflows that integrate seamlessly with existing ServiceNow approval processes. - System Administrators and technical leads responsible for ensuring the JFrog infrastructure supports automated trust checks and compliant artifact delivery without manual bottlenecks.

8

8:00 AM
Registration & Breakfast
WED 8:00 AM - 9:00 AM
Hop in, grab your badge, and fuel up. Coffee’s hot, breakfast is served, and the day is ready to take off.

9

9:00 AM
Morning Keynotes
WED 9:00 AM - 1:00 PM
Leap into the future of trusted software and AI with JFrog’s founders as they unpack how AI is reshaping the software supply chain. As autonomous agents move from assistants to builders… writing code, resolving dependencies, and producing binaries at machine speed. Join us to see how the rules of trust are being rewritten.

10

1:00 PM
Lunch
WED 1:00 PM - 2:00 PM
Take a breather, grab a bite, and make a few new connections.

11

2:00 PM
Afternoon Breakout Sessions
WED 2:00 PM - 5:30 PM
With over 100 session submissions from our global community, swampUP 2026 delivers real-world insights across DevOps, security, and AI. These sessions focus on what it takes to build, secure, and scale a modern software supply chain, from evidence-based trust and AI security to developer experience and platform modernization. Whether you’re driving innovation, strengthening governance, or operationalizing AI at scale, you’ll walk away with practical strategies to master today’s software

12

6:30 PM
Open Bar & Gala Dinner
WED 6:30 PM - 9:30 PM
Join us for a refined, immersive experience filled with conversation, celebration, and connection among industry leaders.

13

8:00 AM
Breakfast
THU 8:00 AM - 9:00 AM
Ease into the day… grab breakfast, reconnect with peers, and get ready for what’s next.

14

9:00 AM
Morning Keynotes
THU 9:00 AM - 1:00 PM
Start your day with fresh perspectives and bold ideas. See how teams are scaling trust across the software and AI supply chain.

15

1:00 PM
Lunch
THU 1:00 PM - 2:00 PM
Refuel, recharge, and reconnect before diving back in.

16

2:00 PM
Afternoon Breakout Sessions
THU 2:00 PM - 5:00 PM
Go deeper, get practical, and leave with insights you can put into action immediately… no fluff, just results.
No matching sessions were found

Thank You for Registering!

Looking forward to swamp with you
Close Window

Thank You!

Thank you for inquiring about sponsoring swampUP 2024. We’ll be in touch shortly!
Close Window