JFrog has introduced AppTrust, a new solution designed to help enterprises improve governance across their software supply chains. Announced at swampUP 2025 in California on 9 September, the platform aims to address growing concerns around compliance, security, and trust in application releases.
Addressing the compliance challenge
As software development accelerates, organisations are facing increasing pressure to balance speed with regulatory compliance and security. JFrog said AppTrust provides a single system of record that captures evidence, enforces policies, and offers contextual insights into software assets. This allows development, security, and operations teams to collaborate more effectively while ensuring applications meet quality and compliance standards.
“Software is being released faster than ever, and secure updates have become the fuel powering today’s world,” said Shlomi Ben Haim, JFrog’s CEO and co-founder. “Our customers tell us that after DevOps and DevSecOps, the next big challenge is compliance. That’s why ‘DevGovOps’ must happen. With JFrog AppTrust, every release is trusted, verified, and ready for production at scale.”
AppTrust integrates with the ServiceNow AI Platform, enabling organisations to align governance with IT operations. It automates quality gates, validates evidence, and provides visibility across software dependencies, ownership, and potential risks.
Features and ecosystem partnerships
JFrog highlighted several key capabilities of AppTrust. These include automated policy enforcement through governance, risk and compliance controls; assigning assets to applications with clear ownership and context; and promotion gates that regulate how software progresses from development to release. The platform also provides an open infrastructure for storing signed evidence, alongside insights that use DORA and other metrics to identify bottlenecks and improve delivery efficiency.
Rahul Tripathi, GVP and GM of IT Service Management at ServiceNow, said: “Modern software governance depends on bringing together the right data – from development through operations – to make informed, auditable decisions at scale. With ServiceNow’s insights integrated into the JFrog ecosystem, organisations can extend visibility and control even further across their software supply chain.”
JFrog is also working with a network of partners to strengthen evidence collection across the development lifecycle. Current partners include Akto, Akuity, CoGuard, Dagger, GitHub, Gradle, NightVision, ServiceNow, Shipyard, Sonar, and Troj.ai, with more expected to join.
“As the leading provider of automated, independent code review for AI and developer-written code, SonarQube plays a vital role in helping companies achieve their governance objectives,” said Tariq Shaukat, CEO of Sonar. “We are excited to partner with JFrog to integrate SonarQube’s industry-leading findings as an additional validated source of evidence in the JFrog Platform.”
Building trust across the supply chain
Industry experts view JFrog AppTrust as an important step in bridging the gap between rapid software delivery and governance. Jim Mercer, Program Vice President of Software Development, DevOps, and DevSecOps at IDC, noted: “Organisations struggling to secure their software supply chains can benefit from these new capabilities, making practices like attestation and provenance more achievable.”
By providing application-context asset assignment, promotion gating, dependency mapping, and vulnerability analysis, AppTrust seeks to reduce the friction that has traditionally existed between development, security, and compliance teams. JFrog said the platform allows organisations to maintain application quality and performance without slowing down innovation, helping them deliver software that is secure, compliant, and ready for production.
