JFrog and Anthropic Integrate Enterprise-Grade Software Supply Chain Governance into Claude Code

Deep News06-10

JFrog and Anthropic have announced a joint launch of a JFrog platform plugin, designed to provide enterprise-level software supply chain governance and security capabilities for Anthropic's Claude Code AI coding assistant. This plugin is available to all Claude Code users starting today.

This collaboration aims to address the security risks arising from AI coding agents making decisions without the context of the software supply chain. Yoav Landman, Co-founder and Chief Technology Officer at JFrog, stated that AI agents are active participants in the software supply chain, making decisions about dependencies, builds, and deployments. However, most agents operate without this crucial supply chain context, which is a common pathway for malicious packages, vulnerabilities, and ungoverned AI assets to enter production environments, exposing enterprises to the risk of software supply chain attacks.

Anthropic also emphasized the importance of agent-specific security, noting that as agent capabilities advance and the attack surface continuously evolves, the industry requires collective investment in agent-specific security postures.

The plugin provides developers with governed access, enabling them to scan, filter, and secure every artifact and dependency used by the agent. Simultaneously, the plugin extends Claude Code's capabilities through JFrog platform skills, allowing developers and agents to perform platform operations using natural language.

The plugin is expected to deliver the following core capabilities: enforcing upstream governance within workflows to ensure agents execute policies at the time of code writing; governing MCP and agent skills to ensure agents only pull verified, secure servers and skills; accelerating DevOps workflows by handling routine platform tasks through JFrog platform skills; and providing full traceability from source code commits to build artifacts, thereby strengthening audit capabilities.

This integration reflects JFrog's strategic positioning for multi-agent environments. The JFrog platform supports three connection layers—JFrog platform skills, JFrog MCP tools, and agent-native plugins—spanning any AI coding environment. With this release, JFrog further solidifies its role as the system of record for the software supply chain in the AI era, ensuring that governance, traceability, and security follow the developer rather than a single tool.

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Comments

We need your insight to fill this gap
Leave a comment