JFrog, the company whose platform sits at the center of how enterprises move software artifacts from build to production, announced a new plugin for Claude Code on June 10. The integration connects JFrog's artifact management and security scanning capabilities directly into the AI coding agent, letting developers query package safety, trigger curation policies, and review license compliance without leaving a Claude Code session.

The plugin is available immediately to all Claude Code users with an existing JFrog Platform license. JFrog described the release as a first phase, with plans to expose deeper platform capabilities over time.

Bringing Governance Into the Coding Loop

Claude Code has grown into one of the primary ways enterprise developers write, review, and ship code. But that growth has outpaced the governance tooling around it. When an AI agent autonomously installs packages and manages build artifacts, it can pull in a vulnerable library, consume an unlicensed component, or generate binaries that have never passed through a security scan. JFrog's plugin targets that gap.

Through a set of Claude Code Skills, developers can instruct Claude to query the JFrog Platform for information on a specific artifact, trigger a security scan, or route a package through curation policies before a build continues. The instructions use plain English; no JFrog CLI syntax or API familiarity is required. That parity matters for teams where not every developer has deep platform expertise.

JFrog Platform + Claude Code: Key Numbers

  • Artifacts under management18 billion+
  • Year-over-year artifact growth136%
  • Plugin availabilityImmediate, all Claude Code users
  • Key capabilitiesVulnerability scan, license check, curation policy
  • Supported package formatsnpm, PyPI, Maven, Go, Docker, and more

AI Agents Are Accelerating the Build Rate

The scale of the problem the plugin targets is visible in JFrog's own data. The JFrog Platform currently manages over 18 billion artifacts, up 136 percent year over year. The company attributes the surge primarily to AI coding agents generating and pulling packages at rates no human development team could match.

That pace creates new risk surfaces. A developer using Claude Code to scaffold a new backend service might accept dozens of package suggestions in a single conversation. Each one carries a potential supply chain exposure if it has not been validated against known vulnerability databases, checked for license compatibility, or cleared by the organization's internal curation rules. The traditional approach, checking packages manually before adding them to a lockfile, does not scale to the rate at which agents operate.

AI coding agents are driving a surge of binaries. The JFrog Platform plugin for Claude Code gives developers and their agents the ability to execute platform operations using natural language.JFrog press release, June 10, 2026

A Growing Security Layer Around Claude Code

JFrog's plugin arrives as a broader security ecosystem takes shape around Claude Code. Anthropic's own security guidance plugin reviews changes for vulnerabilities as they are written. The Wiz integration extends oversight to cloud environments and enterprise data. JFrog slots into the dependency layer: the part of the stack between what an agent writes and what actually runs in production.

Together, these tools reflect a shift in how enterprise teams approach AI coding. The conversation has moved from "can Claude Code ship features?" to "how do we ensure what it ships doesn't introduce risk?" The answer, increasingly, is a set of modular plugins that watch different parts of the pipeline independently, rather than a single monolithic security gate.

For enterprises that have standardized on JFrog for their build infrastructure, the plugin offers a path to keeping AI-generated artifacts inside the same governance framework that governs human-written code. That consistency is what compliance and security teams in regulated sectors have been asking for before they can approve agentic development at scale.

Audit Trails for the Agent Era

One underappreciated aspect of the integration is auditability. JFrog maintains detailed logs of which artifacts were pulled, when, and from which context. Extending that record-keeping to Claude Code sessions means organizations can, for the first time, trace a security incident back to a specific agent conversation. That traceability is a prerequisite for financial services and healthcare teams whose compliance frameworks require knowing exactly how a build was assembled.

JFrog said the current release covers the core use case: a developer asks Claude to check a package, and Claude queries the JFrog Platform in real time. Future phases will add multi-repo scanning, advanced security policy enforcement, and tighter integration with CI pipelines. The company has positioned the partnership with Anthropic as long-term, not a one-off integration announcement.

Whether other build-system vendors follow JFrog's lead is now a practical question. With Claude Code's share of enterprise development workflows expanding, integrating with it is becoming a requirement for any tool that wants to remain in the modern development pipeline. JFrog's move sets the model for what that kind of integration should look like, and for how Anthropic's push to dominate enterprise coding translates into real developer toolchains.

Further reading: Learn more about Claude's model family, read our background on Anthropic, or browse the latest Claude AI news.