EXHIBIT A: The frog that ate your build pipeline. (Yes, the J is for Java.)
Company Dossier // Sunnyvale, CA
JFrog
The plumbing under modern software. They keep the world's binaries in one place - and try to keep the bad ones out.
The plumbing under modern software. They keep the world's binaries in one place - and try to keep the bad ones out.
It is 3 a.m. on a continuous-integration server in a data center nobody visits. A pipeline wakes up, grabs four hundred dependencies, checks each one against a list of known-bad packages, signs the result, and pushes a container halfway around the world. The developer who triggered it is asleep. The thing that did the work is named after an amphibian.
That is JFrog on an ordinary night. The company sells what the industry calls a software supply chain platform, which is a tidy phrase for a messy job: holding every artifact a company builds - the libraries, the containers, the installers, and lately the AI models - in one trusted place, and proving none of them have been tampered with on the way to production.
Thousands of organizations run on it, including a large slice of the Fortune 100. In 2025 the company booked $531.8 million in revenue. Its stock trades on the NASDAQ under a ticker, FROG, that doubles as a personality.
Back in the late 2000s, Java developers had a private term for their suffering: "jar hell." A modern application was assembled from hundreds of small binary packages, each depending on others, each with a version, each capable of quietly breaking everything. There was no good place to keep them. Teams emailed files around. They committed binaries into source control, which is roughly like storing furniture in your mailbox.
Source code had Git. Binaries had nothing - no home, no memory, no security. And binaries, inconveniently, are the part that actually runs in production.
The wager underneath the whole company is almost embarrassingly simple. If the binary is what ships, then whoever owns the binary owns the most important real estate in software delivery. Own it well enough and you become unremovable infrastructure - the kind of vendor people forget is a vendor.
In 2008, three engineers from an Israeli consultancy called AlphaCSP - Shlomi Ben Haim, Yoav Landman, and Frederic Simon - decided the binary problem was worth a company. Landman had already written an open-source tool, Artifactory, to manage the chaos. The bet was that a free utility developers loved could become an enterprise standard they would pay for.
It was not an obviously good bet. Selling a "repository" sounds about as thrilling as selling filing cabinets. But the founders understood something the filing-cabinet comparison misses: once your every release flows through one system, switching becomes unthinkable. The boredom was the moat.
Co-founder and CEO. The face of the "Liquid Software" pitch and the company's NASDAQ debut.
Co-founder and CTO. Wrote the original open-source Artifactory that the entire company grew from.
Co-founder and chief architect. Helped turn a developer side-project into enterprise-grade software.
A frog. The "J" nods to Java. The amphibian, it turns out, has excellent product-market fit on conference swag.
Pictured above (in spirit): four boxes pretending to be a leadership photo. The frog declined to comment.
They moved the headquarters to Sunnyvale in 2012, raised a modest Series A, and then let the open-source flywheel do the persuading. By 2018 the company had raised $165 million and a $1.2 billion valuation. The filing cabinet, it turned out, was a unicorn.
Ben Haim, Landman, and Simon found JFrog to commercialize the open-source Artifactory.
Headquarters moves to Sunnyvale, California; $3.5M Series A from Gemini Israel Ventures.
$50M Series C led by Battery Ventures; valuation tops $400M as the platform expands.
$165M raise pushes the private valuation to ~$1.2 billion.
IPO on NASDAQ under ticker FROG, raising roughly $509 million.
Named GitHub's Technology Partner of the Year; deepens NVIDIA partnership for secure AI model delivery.
Q1 revenue of $154M, up 26% YoY; cloud revenue grows 50% and passes half of total revenue.
At the center sits Artifactory, the universal repository. It speaks more than 30 package formats - Docker, Maven, npm, PyPI, NuGet, Conan, and the rest - which means it does not care what language your team prefers. That neutrality is the entire point. The pantry holds everything.
Then the company layered on the part it actually wants to sell you next: security. Xray scans dependencies for vulnerabilities and license problems, even when the dangerous bit is buried six layers deep in a transitive dependency. Curation stops malicious open-source packages before they ever enter the building. AppTrust and Distribution handle provenance and large-scale, secure delivery to the edge.
The newest chapter is AI. As companies started treating machine-learning models like software - versioned, scanned, shipped - JFrog did the obvious thing and treated them like binaries too. A 2025 integration with NVIDIA made the platform a secure model registry for the NVIDIA AI Factory, letting teams push GPU-optimized models and LLMs to production with the same governance they apply to code. The pantry now stocks neural networks.
Skepticism is the correct posture toward any company that describes itself as "the single source of truth." So here is the evidence, stripped of adjectives.
A chart of a company quietly turning itself from a software vendor into a subscription. Note the absence of drama; subscriptions prefer it that way.
The relationships matter as much as the revenue. GitHub named JFrog its 2025 Technology Partner of the Year and wired Copilot into the platform so developers get curated packages and automated fixes inside the tools they already live in. NVIDIA made it a model registry. Hugging Face plugs in. The major clouds - AWS, Google Cloud, Azure - all host it. When everyone wants to integrate with your pantry, you are no longer just furniture.
JFrog calls its north star "Liquid Software" - the idea that updates should flow continuously and invisibly, like turning on a tap, instead of arriving as heavy, infrequent, risky releases. It is a tidy metaphor, and like all tidy metaphors it slightly oversells how tidy the reality is. Shipping software remains messy. The ambition is to make the mess move faster and break less.
What gives the slogan teeth is timing. Software supply chain attacks have moved from obscure to front-page, and regulators now ask companies to prove what is inside the things they ship. A platform that already holds every artifact and can scan, sign, and trace each one is suddenly standing exactly where the demand is. JFrog did not pivot to security so much as security walked over to where JFrog was already sitting.
Return to the data center. The build still runs at 3 a.m., still grabs its four hundred dependencies, still pushes a container nobody is awake to watch. But now one of those "dependencies" is a large language model, and the same system that once just stored a Java library checks the model for tampering, records where it came from, and signs it before it goes live.
That is the quiet expansion of the bet the founders made in 2008. The category was "where do we keep our binaries." The category is becoming "where do we keep, secure, and prove everything we ship - code, containers, and the models that now write the code." Same pantry. Bigger kitchen.
None of it is glamorous. That is rather the point. JFrog built a business on the unfashionable conviction that the boring layer - the one that simply has to work while everyone sleeps - is the one worth owning. The frog, as it happens, was awake the whole time.