Sold by: JFrog
Deployed on AWS
The only platform to give you end-to-end visibility, security, and control
for automating delivery of trusted releases.
4.2
Overview
Trusted by millions of developers, engineers, architects, and security professionals at thousands of enterprises, including the majority of the Fortune 100, the cloud-native JFrog Software Supply Chain Platform is the single source of truth for all software packages, data, and ML models utilized and generated in the development process.
The JFrog Platform on AWS manages all software inputs and outputs, providing organizations with complete visibility across their supply chain. This flexible, massively scalable, and hybrid platform helps improve developer efficiency by reducing wait times from builds to security scans. It allows organizations to take to the clouds with agility, leveraging both managed and self-managed instances. Critically, it enables teams to manage application risk end-to-end by applying evidence-based policies across the SDLC. Finally, the JFrog Platform helps accelerate AI/ML pipelines by treating models like a package, simplifying AI development and ensuring the success of initiatives.
Contact JFrog at cloud@jfrog.com for private offers on annual subscriptions, or visit <www.jfrog.com/pricing > for more information.
The JFrog Platform is often leveraged to consolidate enterprise DevSecOps solutions for companies utilizing GitLab, Sonatype, Snyk, or Veracode, among other solutions. Key capabilities include:
- Universal artifact management with JFrog Artifactory
- Modern, holistic SCA with JFrog Xray
- Contextual analysis of vulnerabilities with JFrog Advanced Security
- Early blocking of malicious open source packages with JFrog Curation
- Application risk governance with JFrog AppTrust
- Control and govern AI/ML development with JFrog ML
- Simplify model discovery and access with JFrog AI Catalog
- AI-assisted remediation with Agentic Software Supply Chain Security
- Real-time Kubernetes security monitoring with JFrog Runtime
- Speed up secure software consumption with JFrog Distribution
- IoT device management with JFrog Connect
- Includes 24x7 Support and in-region 99.99% uptime SLA, plus an assigned support resource with regular touch points
Highlights
- 50+ natively supported package and file types, including ML models and generic repositories.
- Comprehensive, enterprise-grade security solution integrated across the entire SDLC, eliminating tool sprawl and alert fatigue. Go beyond scanning with contextual analysis and vulnerability prioritization, anti-tampering mechanisms, and signed provenance, ensuring best practices and compliance.
- Fast, secure distribution of verified, multi-repository release bundles to sync large-scale geo-distributed teams and accelerate deployments to any target: SaaS, self-managed, or connected devices.
Details
Sold by
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor, and additional usage. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. Usage-based pricing is in effect for overages or additional usage not covered in the contract. These charges are applied on top of the contract price. If you choose not to renew or replace your contract before the contract end date, access to your entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/month |
|---|---|
Pro | $150.00 |
Enterprise X | $950.00 |
Dimension | Cost/unit |
|---|---|
JFrog Consumption Unit | $0.01 |
Vendor refund policy
Contact service@jfrog.com
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
24/7 SLA support service@jfrog.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Digital.ai
By Cloudsmith
Top
10
In Continuous Integration and Continuous Delivery, Application Development, Security
Top
50
In Agile Lifecycle Management
Top
10
In Source Control
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Artifact Repository Management
Universal artifact management supporting 50+ natively supported package and file types, including ML models and generic repositories.
Software Composition Analysis
Modern, holistic software composition analysis with contextual vulnerability analysis and prioritization across the software development lifecycle.
Supply Chain Security Governance
Application risk governance with evidence-based policy enforcement, anti-tampering mechanisms, and signed provenance across the entire software development lifecycle.
Secure Artifact Distribution
Fast, secure distribution of verified, multi-repository release bundles with geo-distributed synchronization capabilities to multiple deployment targets.
AI-Powered Predictive Analytics
Generate predictive insights across the software lifecycle to enable data-driven decision making and smarter software investments.
Unified DevOps and Security Integration
Integrate DevOps and security capabilities across the full software lifecycle to enable continuous delivery with built-in protections against tampering, reverse-engineering, and application-based attack vectors.
Enterprise Agile Planning and Scaling
Scale agile practices across all organizational levels from individual teams to entire product portfolios with consistency and efficiency.
Multi-Environment Application Deployment
Deploy applications to any target environment including mainframes, virtual machines, containers, and cloud platforms with support for thousands of simultaneous deployments and automatic rollback capabilities.
Continuous Testing at Scale
Enable enterprise-level testing with increased test coverage across web and mobile applications to deliver high-quality, error-free software.
Universal Package Format Support
Support for 30 package formats enabling organizations to create a single source of truth for artifact management across diverse software types.
Dependency Firewall with Vulnerability Scanning
Caching of packages from open-source repositories with vulnerability scanning and policy compliance validation before distribution to developers.
Zero Trust Security Architecture
Automated zero-trust workflows across services, teams and users for controlling software intellectual property and mitigating risks.
Cloud-Native Global Distribution
Fully managed, cloud-native architecture optimized for fast and reliable artifact delivery across distributed teams and geographic locations.
ISO27001 Accreditation and Access Control
ISO27001 accredited platform with comprehensive access management, compliance enforcement and security best practices implementation.
Standard contract
No
No
No
Customer reviews
prashanth r.
Ultimate Safety Net for Large Teams
Reviewed on Mar 18, 2026
Review provided by G2
What do you like best about the product?
I primarily use JFrog Artifactory as a centralized repository manager to handle the lifecycle of my software packages, and it effectively eliminates the friction that slows down a high-stakes development cycle. I love how it serves as the ultimate safety net and speed booster for our entire software supply chain. Thinking of JFrog as a 'safety net' and 'speed booster' isn't just marketing—it literally describes the difference between a smooth release and a weekend spent fixing a broken production environment. It's particularly beneficial when juggling the responsibilities of a Senior Full Stack Developer in a fast-paced environment. JFrog acts as the 'connective tissue' that links my code to my infrastructure, and its key integrations keep my workflow moving smoothly.
What do you dislike about the product?
While I’m a big advocate for JFrog, being a Senior Java Full Stack Developer means I also have to deal with its 'rougher' edges. No tool is perfect, especially one that tries to do as much as the JFrog platform. Based on my experience as a Senior Java Full Stack Developer, there are several technical and workflow-specific areas where I’d like to see JFrog push further. While it’s the backbone of our supply chain here in Seattle, these improvements would significantly reduce the daily 'to-do' list for a senior dev.
What problems is the product solving and how is that benefiting you?
I use JFrog Artifactory as a centralized repository manager, eliminating friction in development cycles and acting as a safety net and speed booster for our software supply chain.
Miguel R.
JFrog Xray Stands Out Among DevOps Tools
Reviewed on Mar 14, 2026
Review provided by G2
What do you like best about the product?
JFrog Xray have not seen that in actio i nother dev ops softwares
What do you dislike about the product?
not a lot of people know about it, it should have more reach
What problems is the product solving and how is that benefiting you?
stream line ci/cd deployment and artifact management
Elisa S.
User-Friendly with Seamless CI/CD Integration
Reviewed on Mar 12, 2026
Review provided by G2
What do you like best about the product?
I like JFrog because it is very user-friendly and easy to use. I can integrate it with CI/CD, which is super useful, and the initial setup was quite easy. Although it requires understanding the process at the beginning, everything is all good now. My team switched from AWS for something that feels more like an upgrade, easier to use, and aesthetically pleasing.
What do you dislike about the product?
Maybe the setup could be a bit easier. Just a lot of going back and forth and can be a bit exhaustive.
What problems is the product solving and how is that benefiting you?
I use JFrog for addressing security problems. It's user-friendly and easy to use, and integrates with CI/CD which is super useful.
Faiz k.
JFrog Streamlines Artifact Management and CI/CD Integration
Reviewed on Mar 11, 2026
Review provided by G2
What do you like best about the product?
Building on our existing use of JFrog for artifact management and CI/CD, several newer capabilities stand out:
AI Model Governance is a big one. JFrog AI Catalog lets teams identify and access AI models approved for use within their org, with governance controls over AI added to applications JFrog — essential as AI adoption accelerates across teams.
Shadow AI Detection adds visibility we didn't have before. It gives enterprises control over unmanaged AI models and API usage, guarding against security and compliance risks from uncontrolled AI adoption. JFrog
Auto-remediation is a real time-saver. JFrog can now automatically replace risky packages with approved compliant versions JFrog, reducing manual triage significantly.
Proven ROI makes the investment easy to justify. A Forrester study found the platform delivered 282% ROI and saved 38 hours per developer on onboarding.
AI Model Governance is a big one. JFrog AI Catalog lets teams identify and access AI models approved for use within their org, with governance controls over AI added to applications JFrog — essential as AI adoption accelerates across teams.
Shadow AI Detection adds visibility we didn't have before. It gives enterprises control over unmanaged AI models and API usage, guarding against security and compliance risks from uncontrolled AI adoption. JFrog
Auto-remediation is a real time-saver. JFrog can now automatically replace risky packages with approved compliant versions JFrog, reducing manual triage significantly.
Proven ROI makes the investment easy to justify. A Forrester study found the platform delivered 282% ROI and saved 38 hours per developer on onboarding.
What do you dislike about the product?
Beyond the earlier feedback on complexity and pricing, a few additional areas stand out:
UI Cohesion — As JFrog adds products like AppTrust, AI Catalog, and Advanced Security, the experience between modules still feels disjointed. A more unified interface would help daily usability.
Pricing Transparency — It's not always clear which newer features are included in existing plans versus requiring upgrades, making budgeting harder for smaller teams.
Documentation for Advanced Use Cases — Complex setups like multi-repo configurations or custom SBOM workflows often require piecing together answers from community forums rather than official docs.
Uptrust Timeline — JFrog's supply chain trust product isn't expected until September 2026 Investing.com, leaving a gap for teams who need those capabilities now.
UI Cohesion — As JFrog adds products like AppTrust, AI Catalog, and Advanced Security, the experience between modules still feels disjointed. A more unified interface would help daily usability.
Pricing Transparency — It's not always clear which newer features are included in existing plans versus requiring upgrades, making budgeting harder for smaller teams.
Documentation for Advanced Use Cases — Complex setups like multi-repo configurations or custom SBOM workflows often require piecing together answers from community forums rather than official docs.
Uptrust Timeline — JFrog's supply chain trust product isn't expected until September 2026 Investing.com, leaving a gap for teams who need those capabilities now.
What problems is the product solving and how is that benefiting you?
JFrog solves the challenge of managing and distributing software artifacts by providing a centralized repository. It helps track versions, manage dependencies, and integrate with CI/CD pipelines, which improves collaboration and speeds up the software delivery process.
Ugnius A.
Streamlined Dependency Management with Robust Features
Reviewed on Mar 04, 2026
Review provided by G2
What do you like best about the product?
I use JFrog mainly as an artifactory for Docker images and npm packages. I love its universal package management, and my favorite feature is virtual repositories, which provide my team with a single URL for all our dependencies. I really appreciate how well JFrog integrates with the rest of our 2026 stack, especially GitHub Copilot. JFrog's curation is excellent for blocking malicious zero-day packages before they can even hit our local cache. Using the JFrog app for GitHub, I can link my source code directly to the final binary, making traceability automatic. The 2026 stack integration allows me to see security alerts directly in my IDE, so I don't have to switch to a dashboard. Lastly, the technical setup through Docker was a breeze.
What do you dislike about the product?
I dislike the false positives and high entry fee. The configuration setup was a bit of a maze.
What problems is the product solving and how is that benefiting you?
I use JFrog to prevent outages by caching dependencies and solving 'worked on my machine' issues with binary linking to commits. It integrates well with my stack, blocks malicious packages, and streamlines dependency management with virtual repositories.