JFrog is the software supply chain platform of record for organizations that need to control every binary, package, container, and AI model from build to deployment — providing universal artifact management, continuous vulnerability scanning via JFrog Xray, and automated SBOM generation in SPDX and CycloneDX formats. For Canadian federal departments navigating PSPC’s Software Supply Chain Risk Mandate, Bill C-26, and TBS cyber directives, JFrog’s platform addresses the full compliance stack: artifact provenance, real-time CVE detection, policy-as-code enforcement, and audit-ready evidence capture aligned to NIST SP 800-218 (SSDF). JFrog Artifactory and Xray are accredited in the U.S. Department of Defense Iron Bank and available on AWS GovCloud and Azure Government — the same infrastructure underpinning Canada’s PBMM-compliant cloud deployments. JFrog’s own 2026 Software Supply Chain State of the Union report documented a 451% surge in malicious npm packages and the emergence of weaponized AI agent skills and malicious models on public registries — the exact attack surface that Canadian departments face as they accelerate AI adoption under the Federal AI Strategy. In May 2026, PSPC awarded DCI a Software Licensing Supply Arrangement (SLSA) for JFrog, making DCI the authorized Canadian public sector reseller and establishing a direct procurement path for federal departments to access JFrog’s full platform under established federal terms and pricing.

Content Development Hooks:

Procurement Vehicles

Featured Procurement Vehicles

Artificial Intelligence Scribe
DIVA
SLSA
Learning Management VOR
OECM
IT Security Products and Services
SaaS SA
Mandates

Featured Mandates

Resources

Related Content

Delivering Solutions to Canadian Government — Quickly, Compliantly

Looking for additional information? DCI can provide guidance on procurement pathways, solution alignment, and public sector engagement.

  • Procurement expertise
  • Solution alignment
  • Public sector insight
  • Strategic guidance
Speak with our team