JFrog Ltd. introduced its new Model Context Protocol (MCP) Server, a framework that allows Large Language Models (LLMs) and AI agents to securely access tools and data within the JFrog Platform via MCP clients. This includes widely used agentic coding environments and IDEs, enhancing developer efficiency and simplifying workflows.
“The developer tool stack and product architecture has fundamentally changed in the AI era. With the launch of the JFrog MCP Server, we’re expanding the open integration capabilities of the JFrog Platform to seamlessly connect with LLMs and agentic tools,” said Yoav Landman, Co-Founder and CTO, JFrog. “This allows developers to natively integrate their MCP-enabled AI tools and coding agents with our Platform, enabling self-service AI across the entire development lifecycle, which helps increase productivity and build smarter, more secure applications faster.”
Securely Powering the JFrog Software Supply Chain Platform with Agentic AI
The Model Context Protocol (MCP) is an open, industry-standard integration framework designed to connect AI systems with external tools, data, and services. With JFrog’s MCP Server, developers can now use natural language commands like “Create a new local repository” or “Do we have this package in our organization?” to interact with the JFrog Platform directly from their IDE or AI assistant. Teams gain immediate awareness of open-source vulnerabilities and software package usage without context switching, saving developers time. AI automation also helps simplify complex queries that previously required advanced developer knowledge, helping all teams work smarter and faster.
While remote MCP servers can help facilitate rapid code iteration and improve software reliability, they are not without risk. The JFrog Security Research Team recently discovered vulnerabilities, such as CVE-2025-6514 that could hijack MCP clients and execute remote code, potentially leading to severe consequences. This is another reason why JFrog’s MCP Server is designed with security in mind and relies exclusively on trusted connection methods, such as HTTPS.
JFrog’s MCP Server securely provides:
- Essential Tools for Gaining Software Package Insights: Users can leverage a base toolset to create and manage projects, repositories, view build status, and query detailed package and vulnerability information.
- Centralized, Cloud-Native MCP Server with Automatic Updates: Available to JFrog SaaS customers and multi-tenant environments, JFrog’s MCP server is implemented as a remote, secure server available in all JFrog cloud environments, providing automatic version updates and improvements with less maintenance.
- Secure OAuth 2.1 Authentication: Enforcing modern token-based authorization with scoped access per tenant and tool, making sure all operations are authenticated and performed under the identity of the end user.
- Production-Grade Monitoring: Comprehensive logging and event tracking for actionable insights into tool usage.
For more information on JFrog’s MCP Server for the JFrog Platform that is now available for developers to test and provide feedback during a preview period, visit the website here.
Related News:
JFrog Acquires Qwak to Simplify AI Models from Development to Deployment
Zoho Unveils Zia LLM, Expands AI with Agents, Builder, MCP, and Marketplace
