DevSecOps in the AI Era: JFrog Powers Agentic Remediation with Self-Healing Software Supply Chain

New JFrog Platform MCP connections with GitHub Copilot deliver autonomous security resolution capabilities directly into developer workflows

Application Security | Artificial Intelligence | Product Development

Posted: Wednesday, Sep 10

KBI.Media
$
DevSecOps in the AI Era: JFrog Powers Agentic Remediation with Self-Healing Software Supply Chain

DevSecOps in the AI Era: JFrog Powers Agentic Remediation with Self-Healing Software Supply Chain

JFrog Ltd (Nasdaq: FROG), the Liquid Software company and creators of the award-winning JFrog Software Supply Chain Platform, today announced a new set of AI agent-based capabilities to automate software vulnerability remediation. JFrog’s new agentic remediation capabilities help developers identify and automatically fix vulnerabilities as they code. The unique combination of JFrog’s research-based contextual analysis and policy-driven auto-remediation across enterprise applications aims to inoculate codebases in the AI era.

“We want to help developers shift from reactive security to proactive, continuous vulnerability management and autonomous remediation, wherein security is no longer an afterthought, it’s an integral, agentic-coding problem solver,” said Asaf Karas, CTO, JFrog Security. “Our advanced security research insights coupled with our GitHub Copilot integration help teams automate vital safeguards like fixing CVEs and curating safe packages. This allows users to innovate with confidence, while reducing risk, and accelerating secure software delivery.”

Developer Intelligence with Agentic Security Remediation

By combining the power of JFrog’s Software Supply Chain Security with the GitHub integration, organisations enjoy streamlined, fast and trusted remediation that ensures they can:

Safeguard against unsafe packages: JFrog Curation and Catalog, powered by AI agents via JFrog’s MCP server, enables developers to select secure, policy-compliant open-source packages, avoiding failed builds, boosting developer productivity, and reducing risk.
Flag and fix vulnerable code automatically: JFrog flags insecure code directly in the IDE, and with agentic remediation powered by MCP server connections to GitHub Copilot, developers receive conversational, contextual suggested fixes inline.
Immunise code for future development using context-aware insights: Developers can quickly tap into JFrog Security Research expertise when vulnerabilities are flagged in dependencies to determine the threat level based on their environment. Because fixes are generated in the context of the organisation’s security and governance policies, Copilot not only patches the issue, but also immunises their software from future use of the same infected code.

Uniting JFrog’s Curation and Catalog capabilities with its deep security research, MCP-based platform connectivity, and GitHub integration with Copilot AI assistant, transforms how developers address vulnerabilities: not just finding them, but fixing them instantly and continuously as part of a self-healing software supply chain.

JFrog’s new agentic remediation capabilities are available immediately as part of JFrog Ultimate or Unified security bundles. For more information on agentic remediation and its benefits read this blog.