SwampUp New York 2026

SwampUp NY 2026 preview

SwampUp NY is JFrog's North American flagship user conference — bringing together DevOps, DevSecOps, and platform engineering leaders who run their software supply chain on the JFrog Platform. The New York venue draws JFrog's largest concentration of Fortune 500 customers and East Coast financial services, media, and regulated-industry enterprises, with a program built around scaled software delivery, supply chain governance, secure SDLC, and the integration of AI into the modern software supply chain.

SwampUp NY 2026 takes place August 31 through September 3, 2026 in New York. The agenda covers the issues defining enterprise software delivery going into the second half of 2026: software supply chain security, package and model artifact governance, multi-region distribution at scale, signing and provenance pipelines, and how to operationalize AI as both a productivity tool and a new class of supply chain artifact. For any organization running JFrog as the system of record for their software supply chain, SwampUp NY is the most concentrated source of practical, actionable content on the calendar.

Meet Echo at SwampUp NY

SwampUp NY attracts exactly the teams Echo is built for. JFrog Platform owners, DevSecOps engineers operationalizing Xray policy, security architects building signing and provenance infrastructure, and the regulated-industry teams (financial services, healthcare, federal-bound technology providers) who use the JFrog Platform as a system of record for compliance evidence — these are the people in the room. And for all of them, one of the most time-consuming and expensive parts of the job is dealing with the long tail of CVE findings that show up in Xray on every base image flowing through Artifactory.

Echo handles all of it. Every Echo image ships CVE-free, continuously rebuilt against patched upstream sources, FIPS-validated using a CMVP-validated cryptographic module, and pre-hardened against DISA STIG requirements — so your team inherits a clean baseline rather than building one from scratch. Echo supports the largest variety of FIPS-validated crypto modules available, including OpenSSL, BoringCrypto, and Bouncy Castle, meaning you are covered regardless of what your development stack has chosen. All images ship with full SBOM transparency in both SPDX and CycloneDX formats, plus signed provenance and attestation via cosign and sigstore — metadata that flows directly into the Curation, signing, and policy-as-code workflows JFrog customers already operate.

Echo also provides the audit evidence that makes the difference at authorization time. The STIG validation tool produces per-image reports covering every required STIG check, with images prebuilt to pass validation. The FIPS runtime tester verifies FIPS compliance at runtime by executing both approved and unapproved cryptographic algorithms and reporting observed behavior. And for continuous monitoring, Echo's ConMon and POA&M reporting automatically scans, documents, and forwards justifications for unfixed vulnerabilities to auditors in real time — eliminating the manual overhead that typically consumes security teams throughout the authorization lifecycle.

The results speak for themselves: teams using Echo eliminate 10,000 CVEs, save 4,000 engineering hours per year, bring average remediation time down to 3 days, and can report and triage new findings in under 24 hours. To see what this looks like in practice, read how Varonis used Echo to achieve FedRAMP authorization — with zero vulnerabilities showing up at audit and an experience their Deputy CTO described as "just a smooth ride."

At a conference dedicated to making the software supply chain genuinely trustworthy, that is a message worth hearing.

What to expect at SwampUp NY 2026

The SwampUp NY 2026 program is built around hands-on workshops, customer-led keynotes, and deep dives into the JFrog Platform — covering Xray policy design, Artifactory at scale, multi-region distribution, signing and provenance pipelines, and the operational disciplines required to run a modern software supply chain. The 2026 edition expands on the topics shaping enterprise SDLC priorities: AI/ML model governance, the regulatory frameworks reshaping supply chain documentation requirements (FedRAMP, CMMC, NIS2, DORA, the EU CRA), and the practical operationalization of SLSA-aligned attestation pipelines.

Customer keynotes and case studies — historically a defining strength of SwampUp NY — give attendees direct exposure to how peer organizations have solved the problems they are facing. Networking opportunities with JFrog product teams, partner ecosystem vendors, and fellow Platform owners make SwampUp NY one of the most efficient venues in the calendar for the relationships that move a supply chain program forward.

SwampUp NY 2026 passes and rates

SwampUp NY 2026 registration is now open. Early-bird pricing is available for those who register early — securing your spot early is the best way to lock in the best rate and guarantee access to the most in-demand workshops and hands-on sessions, which historically fill quickly. Full pass pricing and registration details are available directly from JFrog at jfrog.com/swampup.

SwampUp NY draws a deeply technical, mostly senior audience of JFrog Platform owners and the architects responsible for their software supply chain. The shared context makes every conversation efficient: these are practitioners who can move directly into discussions of policy gates, signing infrastructure, and SBOM consumption pipelines without needing the foundational concepts explained. Workshop and hands-on session slots are limited, so registering early is recommended for anyone planning to attend.

Meet Echo at SwampUp NY 2026

The Echo team will be in New York for SwampUp 2026 for 1:1 conversations about how Echo can transform the way your team handles base image security inside the JFrog Platform. Whether you are managing an established Artifactory program, building out signing and policy infrastructure, navigating FedRAMP or other regulated-market requirements, or trying to break through a remediation backlog showing up in Xray, come find us. We can walk you through exactly how Echo's CVE-free, FIPS-validated, STIG-hardened images change the picture — and what your Xray reports, audit evidence, and engineering capacity look like when your inputs are clean.