{"id":2892,"date":"2025-11-21T22:52:46","date_gmt":"2025-11-21T22:52:46","guid":{"rendered":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2025\/11\/21\/the-rising-importance-of-governance-at-swampup-berlin-2025\/"},"modified":"2025-11-21T22:52:46","modified_gmt":"2025-11-21T22:52:46","slug":"the-rising-importance-of-governance-at-swampup-berlin-2025","status":"publish","type":"post","link":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2025\/11\/21\/the-rising-importance-of-governance-at-swampup-berlin-2025\/","title":{"rendered":"The Rising Importance of Governance at SwampUP Berlin 2025"},"content":{"rendered":"<p>On November 12-14, the Docker team was out in numbers\u00a0at <a href=\"https:\/\/swampup.jfrog.com\/\" rel=\"nofollow noopener\" target=\"_blank\">JFrog SwampUP Berlin 2025<\/a>. We\u00a0joined technical sessions, put on a fireside chat, and had conversations with attendees there. We\u2019d like to thank the folks at JFrog for having us there and putting on such a great show!<\/p>\n<p>Here\u2019s our takeaways from the event about <strong>software supply chain security trends<\/strong>:<\/p>\n\n<h2 class=\"wp-block-heading\"><strong>Software supply chain attacks reach unprecedented scale leveraging open source packages<\/strong><\/h2>\n\n<p>An analysis of recent software supply chain attacks by JFrog\u2019s CTO Asaf Karas shed light on how malicious actors leverage AI and software supply chains on their exploits. Recent attacks combine existing techniques, like phishing, in combination with AI prompts that recursively\u00a0write and execute code in order to compromise hundreds of thousands of systems running popular open source packages. A few examples include Shai Hulud, Red Donkey, and the recent NPM package phishing attack. So far, despite these attacks\u2019 scale, damages have been limited due to the still rudimentary nature of these exploits. Expect more software supply chain attacks as well as more sophistication\u00a0in the coming year.<\/p>\n\n<h2 class=\"wp-block-heading\"><strong>New Roles of Governance as a Security Layer<\/strong><\/h2>\n\n<p>The best way to avoid software supply chain attacks is to not have malicious code entering software supply chains in the first place. That\u2019s where governance comes into play. Taking control of gate points during the software development lifecycle, for example during dependency scanning, build pipelines, and deployments is not enough. It is necessary to block malicious or risky code before it enters the software supply chain. Not only that, but also tools need increased interoperability to detect all potential attack vectors.<\/p>\n\n<h2 class=\"wp-block-heading\"><strong>Addressing MCP Challenges in AI Development<\/strong><\/h2>\n\n<p>MCP\u2019s ability to leverage both deterministic and non-deterministic outcomes by connecting an LLM client to many different servers seems to be the main reasons companies are betting on the technology to build applications that deliver value to customers. Moreover, because each server can run independently from one another, it becomes possible to add governance layers on MCP servers, reducing risks of hallucination or unexpected results. Overall, we agree with JFrog\u2019s assessment and look forward to opportunities where Docker and JFrog MCP technologies can work together for a safer and smoother enterprise AI developer experience.<\/p>\n\n<h2 class=\"wp-block-heading\"><strong>Building on Strong Open Source Foundations Is Core in the AI Era<\/strong><\/h2>\n\n<p>The fireside chat between Gal Marder, JFrog\u2019s Chief Strategy Officer, and Michael Donovan, Docker\u2019s VP of Product, explored how organizations can protect themselves from risks in unverified open source dependencies. They emphasized the importance of starting with strong foundations: using hardened images, maintaining them throughout their lifecycle, including those that have reached end of life, and ensuring visibility and governance across every stage. Strong third-party integrations are essential to manage this complexity effectively and extend security and trust from development to delivery.<\/p>\n\n<h2 class=\"wp-block-heading\"><strong>Conclusion: Build strong foundations, keep it consistent, stay ahead<\/strong><\/h2>\n\n<p>Software development is changing fast as AI becomes part of everyone\u2019s workflow, developers and attackers alike. The best way to stay ahead is to build protection early by starting with strong foundations and keep it consistent across every stage with governance, visibility, and strong partnerships. Only then can teams innovate with confidence and speed as the landscape evolves. Exciting times!<\/p>","protected":false},"excerpt":{"rendered":"<p>On November 12-14, the Docker team was out in numbers\u00a0at JFrog SwampUP Berlin 2025. We\u00a0joined technical sessions, put on a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":94,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[4],"tags":[],"class_list":["post-2892","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-docker"],"_links":{"self":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/2892","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/comments?post=2892"}],"version-history":[{"count":0,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/2892\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media\/94"}],"wp:attachment":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media?parent=2892"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/categories?post=2892"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/tags?post=2892"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}