Technically
AI Reference
Your dictionary for AI terms like LLM and RLHF
Company Breakdowns
What technical products actually do and why the companies that make them are valuable
Learning Tracks
In-depth, networked guides to learning specific concepts
Posts Archive
All Technically posts on software concepts since the dawn of time
Terms Universe
The dictionary of software terms you've always wanted

Explore learning tracks

AI, it's not that ComplicatedAnalyzing Software CompaniesBuilding Software ProductsWorking with Data Teams
Loading...
I'm feeling luckyPricing
Log In

What does JFrog do?

JFrog provides a bunch of products and services around DevOps, i.e. taking your software and deploying it to the world.

Last updated Jun 18, 2026devops
Justin Gage
Justin Gage
Read within learning track:Analyzing Software Companies

JFrog provides a bunch of products and services around DevOps, i.e. taking your software and deploying it to the world. Their most popular lines deal with package and dependency management.

  • Software is mostly developed locally (on a personal computer), and then later deployed remotely to a group of powerful servers to run in “production”
  • The process of deploying that software - especially as teams use more and more open source packages - can get pretty complex
  • JFrog provides products that take your local software and get it ready for deployment, manage those packages, scan for security vulnerabilities, and other nice things

Adoption is comically high, with literally 82% [1] From JFrog's most recent 10-K filing: As of December 31, 2024, we had a global customer base of approximately 7,300 organizations across all industries and sizes, including approximately 82% of Fortune 100 organizations. of the Fortune 100 as customers (seems suspicious tbh). JFrog IPOd in 2020, and in 2024 they generated $428.5 million in revenue, growing 22% year-over-year [2] From JFrog's most recent 10-K filing: We generated revenue of $428.5 million and $349.9 million for the years ended December 31, 2024 and 2023, respectively, representing year-over-year growth rate of 22%.. So they're definitely on to something.

Terms Mentioned

Training

Open Source

Distribution

Remote

Server

Cloud

Infrastructure

Integration

Production

Continuous deployment (CD)

Continuous integration (CI)

Deploy

Authentication

Machine Learning

DevOps

React

Kubernetes

Companies Mentioned

AWS logo

AWS

AMZN
JFrog logo

JFrog

FROG
Gitlab logo

Gitlab

GTLB

The JFrog core product: DevOps automation#

DevOps today is riddled with issues; it’s hard. Infrastructure is more complicated, software is at a larger scale, and engineering teams are releasing new versions constantly.

On top of that, most software that’s built today relies on packages of other software, mostly open source. When you use these packages in your application, they save you a lot of time, but also surface some new problems: how do you deal with versioning? Where do you host them? And how do you make sure they’re secure?

JFrog provides a group of integrated products that attempts to solve all of these major DevOps issues together - moving your software from local to remote, managing packages, and building CI/CD pipelines.

The core JFrog product is called Artifactory. In software, the word artifact refers to pretty much any static group of code (your application, a package). Artifactory lets you upload your code and dependencies (the packages you’re using) through a simple REST API, and distribute them to your servers or customers across a globally distributed network (so it’s fast).

Refresher: deploying software and packages#

Why does JFrog exist, and what problems do they solve? The key is to understand the “DevOps” buzzword, which is what I’m here for. Quoting from the What’s DevOps post:

To understand why DevOps as a concept has gotten really popular recently, you need to understand software delivery and how that’s changed over time. → What it means to deliver softwareWhen a team of engineers builds an application, it’s just a bunch of code. And that code needs to run somewhere for users to access it and get value out of it. During development, developers tend to run that code on their personal computers, but that’s obviously not scalable - so when they’re ready to share the software with the world, they’ll put that code on big powerful servers, and let people access it via a domain name like https://technically.dev. So in general, delivering software means taking the application you’ve built and figuring out how to distribute it widely to whoever wants to use it.→ How things have changed, a lotJust 10-15 short years ago, a lot of delivering software meant literally delivering software - Microsoft Office used to ship to you on a CD that you’d install directly to your computer. And it wasn’t web-based, so you didn’t need internet access to use Excel or Powerpoint. The public cloud (AWS and co.) didn’t exist, so if you needed to run software on a server or two, you’d need to literally build that infrastructure yourself, which used to cost millions of dollars up front. So naturally, software delivery was bespoke and on the slower side.But then people started consuming software via the internet, and public clouds like AWS made it cheap and easy to use a server without having to build a data center. That fundamentally changed 3 things:The scale of software increased - software is generally used by a lot more people than in the past. You could realistically need to support millions of users for your applicationInfrastructure got more complicated - we’re moving towards increasingly specialized managed infrastructure for different parts of the stack. Generally, you don’t just throw your code onto a box and forget about it anymoreTeams started releasing a lot more often - changes in philosophy mean teams are now shipping code changes to users as often as multiple times a day, which means many many more opportunities to break thingsWith these fundamental shifts happening, teams needed to start building processes for managing this stuff, and making sure their apps didn’t constantly break and disappoint their users. And that’s basically what DevOps is - making sure your app works at scale.

There’s one more thing you’ll need to know to understand JFrog - packages. Today, pretty much all software you use is built on top of existing “packages” of code written by other people, most of which are open source. A few popular examples:

  • React, a library for building interactive user interfaces
  • Passport, a library for building authentication into Node.js apps
  • Tensorflow, a library for building machine learning models

If (more like when) you’re using packages like these in your applications, they save you a lot of time and headache - but they also add complexity:

  1. Versioning - the folks working on React are constantly updating and improving it. Which version did you build your software with? Will newer versions of React break your software? How do you deal with upgrades?
  2. Packaging - how do you include the underlying code for React in your application itself? Do you pull it from the web, or store it on your own servers?
  3. Security - are the packages you’re using secure? If vulnerabilities are discovered, how do you patch them?

You’ll also see these packages referred to as dependencies, because your software is dependent on them to run.

🔍 Deeper Look

If you’ve heard of NPM or Yarn, these are package managers, and they exist to solve some of the problems we’ve outlined above. They’ll register which packages your project uses, tie things to specific versions, and let you upgrade easily.

The JFrog product suite#

JFrog provides a group of integrated products that attempts to solve all of these DevOps issues together - moving your software from local to remote, managing packages, and building CI/CD pipelines. 

Loading image...

Let’s walk through a couple of them:

1) Artifactory#

This was JFrog’s first product (back in 2009!). In software, the word artifact refers to pretty much any static group of code (your application, a package). Artifactory lets you upload your code and dependencies (the packages you’re using) through a simple REST API, and distribute them to your servers or customers across a globally distributed network (so it’s fast). 

Loading image...

So if you’re using NPM for your Node app and Helm for your Kubernetes setup, Artifactory sits on top of those and integrates with both. The value prop is having a single place for all of your artifacts instead of using multiple package managers and worrying about how they work together. Gitlab offers a similar product.

2) XRay#

XRay scans your artifacts (so again, your code and dependencies) for security vulnerabilities and compliance issues. 

Loading image...

Github sort of does this too. 

3) Pipelines#

If you’re using something like CircleCI or Azure Pipelines to build CI/CD pipelines, you can use JFrog’s solution instead and integrate directly with the rest of their ecosystem.

Loading image...

For more on CI/CD, check out the original Technically post here.

4) MLOps with Qwak AI#

Like so many of its brothers and sisters, JFrog is also expanding beyond traditional DevOps into AI territory. They now have an AI product called JFrogML, that (fairly generically) supports all phases of the ML lifecycle, from training models to finetuning them and deploying them into production.

Part of this feature set is supported by their recent acquisition [3] From JFrog's most recent 10-K filing: We released significant enhancements to JFrog Advanced Security, including JFrog Runtime Security, as well as greatly expanded our MLOps functionality with the acquisition of Qwak AI, Ltd. (Qwak) as a foundational technology for our JFrog ML offering. of Qwak AI (bad names stick together) to build out their Machine Learning operations (MLOps) capabilities. In English, this means that they'll be able to help companies deploy ML models into production more easily. Remember that there are about 1,000 options for productionizing ML out there, many likely better than JFrog's option; but none of them are integrated into the JFrog product, and that's what existing JFrog customers will care about most.

--

There’s a lot more to the JFrog product suite, like Distribution, Mission Control, and a Container Registry. Few of these individual products make sense by themselves, and there are strong alternatives in the market for each. But JFrog’s marketing and product strategy is all about integration - using all of these products together gives you a much more powerful experience than using them on their own. Pay attention to their website copy:

Universal package repository, SecOps, CI/CD and software distribution all in one platform.
Discover the power of an end-to-end DevOps platform.

It’s all about the “platform” and how it’s “end-to-end.” 

Further reading#

  • The JFrog S-1 has good contextual information on how they view the business, and more financial info
  • Gitlab has a feature comparison between them and JFrog on their site (notice how similar the marketing is)
Up Next
What does GitLab do?

A complete platform for building and deploying software.

What's Docker, and what are containers?

Containers helps developers run code in isolated boxes so it works the same every time.

What does Postman do?

Postman is a suite of tools that helps developers build, test, and use internal and external API endpoints.

Content
  • All Posts
  • Learning Tracks
  • AI Reference
  • Companies
  • Terms Universe
Company
  • Pricing
  • Sponsorships
  • Contribute
  • Contact
Connect
SubscribeSubstackYouTubeXLinkedInInstagram📞Call for advice
Legal
  • Privacy Policy
  • Terms of Service

© 2026 Technically.