JFrog SwampUp Europe 2025

JFrog SwampUp Europe recap

JFrog SwampUp Europe is JFrog's flagship European user conference, bringing together DevOps and DevSecOps teams who run their software supply chain on the JFrog Platform — Artifactory, Xray, Distribution, and the surrounding ecosystem. The European edition is more practitioner-dense than the larger US events, with a program weighted toward workshops, customer stories, and the deep technical content that long-time Artifactory operators come for.

The 2025 program covered the topics defining modern software supply chain management: secure software development at scale, supply chain attacks and how to defend against them, multi-cloud distribution architectures, signing and provenance, and the role of AI in package and artifact management.

Echo at JFrog SwampUp Europe

The SwampUp audience already understands the value of trusted artifacts — they are running the platform that makes artifact trust operational. The next frontier for those teams is the same frontier the rest of the industry is on: the base images that flow through their Artifactory instances arrive carrying hundreds of unfixed CVEs, and Xray dutifully reports every one of them. The volume of findings has become the bottleneck.

Echo gives JFrog customers a CVE-free input to that pipeline. Echo images flow through Artifactory like any other artifact, but with two big differences: Xray scan reports come back clean, and the metadata that comes with each image — full SPDX and CycloneDX SBOMs, cosign signatures, in-toto provenance — feeds directly into the policies and gates JFrog customers already operate.

We showed attendees how Echo's continuous rebuild model means their internal "blessed" registry never goes stale. As upstream maintainers patch CVEs, Echo images get rebuilt, signed, and republished — and the customer's Artifactory mirror picks up the updates automatically. The work that typically goes into curating an internal golden-image program disappears.

Highlights from JFrog SwampUp Europe

Workshops on Xray policy authoring, secure SDLC patterns, and Artifactory at scale drew the largest practitioner audiences. Customer stories from European enterprises — particularly in financial services and telecommunications — emphasized how supply chain governance has moved from a nice-to-have to a regulatory requirement, with NIS2 and DORA changing the calculus for how artifact provenance is managed.

The breakout track on AI in software supply chains explored both the opportunity (smarter prioritization, automated remediation suggestions) and the new risk (model artifacts as a new class of supply chain object). For the JFrog ecosystem, AI is becoming as much a governance question as a productivity one.

The JFrog SwampUp Europe audience

SwampUp Europe attracts a tight, technical audience of long-time JFrog customers and the architects responsible for their supply chain tooling. Conversations tend to start at a high level of shared context — these are people who can speak fluently about SLSA levels, signing infrastructure, and policy-as-code from minute one. For Echo, that meant every booth conversation could go straight to the technical depth that mattered.

Connect with Echo

If you operate on the JFrog Platform and your Xray dashboards are full of CVE findings rooted in the base images you cannot easily fix, Echo is the upstream answer. Reach out and we will run a focused trial on a slice of your image inventory and show you what your Xray reports look like when the inputs are clean.