JFrog has launched a platform plugin for Anthropic‘s Claude Code, bringing enterprise-grade software supply chain governance, security and compliance controls directly into AI-assisted development workflows. The plugin is available immediately to all Claude Code users at claude.com/plugins/jfrog.

The integration addresses a gap that has grown more acute as AI coding agents become active participants in software development — making decisions about dependencies, builds and deployments at speed, but without visibility into software supply chain risks. JFrog’s platform currently manages over 18 billion software artefacts, a 136% increase year on year, and the company positions itself as the system of record for the rapidly expanding AI agent environment.

“AI agents are active participants in the software supply chain, making decisions about dependencies, builds, and deployments — but most of them are doing it blind, without any supply chain context. This is often how malicious packages, vulnerabilities, and ungoverned AI assets enter production today. AI-enabled innovation cannot come at the expense of security or compliance.” — Yoav Landman, Co-Founder and Chief Technology Officer, JFrog

What the Plugin Delivers

The JFrog Platform plugin for Claude Code is built around four capabilities. Real-time upstream governance enforces package security, licence compliance and provenance validation inside the development workflow — so policies are applied as code is written rather than after the fact. MCP and Agent Skills Governance ensures agents and developers only pull verified, secure MCP servers and agent skills, blocking rogue access to sensitive internal data.

The plugin also accelerates DevOps workflows by handling repository management, project provisioning and routine platform operations through natural language via JFrog Platform Skills — freeing developers from repetitive configuration tasks. End-to-end traceability from source commits to build artefacts completes the picture, giving security teams the audit trail needed to respond to incidents and prove compliance without manual reconstruction.

Three Layers of Agent Connectivity

JFrog frames the integration as part of a broader multi-agent architecture. The JFrog Platform Skills give agents deep, domain-specific knowledge to execute complex operations such as vulnerability scanning and curation checks through natural language. JFrog MCP Tools provide standardised access to security, compliance and artefact data across the platform. Native plugins — starting with Claude Code, alongside Cursor and VS Code Copilot — bring these capabilities into each agent’s development environment with streamlined deployment and simple authentication.

The launch builds on JFrog’s earlier announcements of a universal MCP Registry and an Agent Skills Registry in partnership with NVIDIA, positioning the platform as a foundational governance layer across multi-agent enterprise environments. Anthropic has itself noted that attack surfaces shift constantly as agents grow more capable and that agent-specific security investment — including shared benchmarks, identity standards and cross-vendor red-teaming — is needed industry-wide.