Better Health for All

JFrog Ltd. is a DevOps company whose core products are software development and delivery platforms. These products do not directly provide health benefits or cause health harm, nor do they involve health-related pricing, vulnerable populations, or direct safety implications for physical or mental health. The company's operations do not directly intersect with health innovation, externalities, equity programs, workforce support, preventative measures, crisis response, mental health initiatives, pharmaceutical patents, nutrition, food safety, education, addiction mitigation, or clinical trials. While JFrog's platform is used by healthcare organizations, including 9 out of 10 top healthcare companies,

and helps secure software in the medical device industry, its principal goods and services are not inherently health-related. Therefore, its direct impact on health outcomes is neutral, and it does not collect or manage health-related data.

Fair Money & Economic Opportunity

JFrog Ltd. is a DevOps company specializing in software development and delivery, not a financial institution.

The 'Fair Money & Economic Opportunity' value assesses companies involved in lending, insuring, moving, or storing money, and evaluates their impact on financial inclusion and economic opportunity for marginalized populations. The provided articles focus on JFrog's financial performance, its software platform's capabilities for financial services companies (as clients), and general sustainability efforts. No specific, concrete data points were found in the articles that are relevant to any of the KPIs in this rubric, such as underserved client share, pricing fairness, exploitative fees, inclusion initiatives, or debt burden ratio.

Fair Pay & Worker Respect

For the 2023 fiscal year, JFrog's CEO to median employee pay ratio was 32:1, with the CEO's total compensation at $7,165,030 and the median employee compensation at $225,180.

Employee engagement is reflected in Glassdoor reviews, which show an average rating of 4.1 out of 5 stars from 473 reviews, and 82% of employees would recommend the company to a friend.

Fair Trade & Ethical Sourcing

The provided articles, including JFrog's Global Code of Business Conduct and Ethics

and Supplier Code of Conduct, outline the company's commitments to ethical conduct, human rights, labor standards, and responsible sourcing, including conflict minerals. However, none of the documents contain specific quantitative data points for any of the KPIs related to Fair Trade & Ethical Sourcing, such as the percentage of spend covered by fair-trade certifications, supplier audit frequency, number of forced or child labor incidents, traceability coverage, remediation speed, ethical clause coverage in contracts, share of spend on high-risk materials, or supplier diversity spend. Therefore, no KPIs can be scored based on the evidence provided.

Honest & Fair Business

JFrog has a comprehensive Whistleblower Policy, overseen by the Audit Committee, which explicitly states a non-retaliation policy.

An independent, anonymous reporting hotline (web portal and telephone) is available 24/7 in multiple languages and countries, operated by a third party, and is tested quarterly by the VP of Internal Audit. The company has not reported any financial restatements in the past five years. Six of the nine board members are independent, which is 66.7% of the board. JFrog has a standalone Global Anti-Corruption Compliance Policy, which is reviewed annually, and covers topics including anti-corruption and anti-bribery, with training on these topics. The company's information security controls and practices are certified to ISO 27001, 27701, and 27017, SOC 2 Type II, TISAX, CSA start level 1, and KY3P by S&P Global.

Kind to Animals

JFrog Ltd. is a DevOps software company, and its core business model does not involve animal products, animal testing, or animal agriculture. The provided articles do not contain any specific, concrete data points related to cruelty-free certification, alternative testing methods, humane certifications for operations, ethical input substitution, supplier audits for welfare, cage-free sourcing, animal testing policy or volume, innovation investment in animal-free technologies, animal agriculture ethics, or animal-free R&D collaboration.

Therefore, these KPIs cannot be scored. While the company engages in some environmental activities like tree-planting, cleaning, and donations to protected wetlands and forest conservation, the articles do not provide measurable biodiversity impact or the percentage of revenue invested in these initiatives, which are required for scoring the 'wildlife_conservation_impact' KPI. Similarly, JFrog's participation in open-source industry initiatives is not relevant to animal welfare policy improvement, leading to the omission of the 'public_policy_engagement' KPI.

Respect for Cultures & Communities

The company made a $1.5 million donation towards the restoration of southern Israeli communities.

However, the articles do not provide this as a percentage of revenue, nor do they specify if these communities are considered cultural heritage organizations as per the KPI definition. Therefore, it aligns with the 'General charitable giving without cultural heritage focus' tier.

Safe & Smart Tech

JFrog is not aware of any cybersecurity threats that have materially affected the company as of February 2025.

The company has established Responsible AI Principles and partnered with Hugging Face to certify models for security and safety, including scanning for malicious code. JFrog holds multiple certifications, including ISO 27001, ISO 27701, ISO 27017, SOC 2 Type II, SOC 3, CSA STAR Level 1, TISAX, and KY3P by S&P Global. Employees undertake cybersecurity and data privacy training during onboarding, and the majority complete annual refresher modules. Quarterly phishing simulations are conducted, with additional training required for employees who do not meet performance expectations. JFrog's Distribution service provides the ability to create immutable Release Bundles that are signed/encrypted using GPG keys. JFrog Artifactory protects artifacts stored in repositories with role-based access control and a fine-grained permission model. The company has a private bug bounty program hosted on HackerOne, with valid reports granting an invitation and bounty award. JFrog uses JFrog Xray for continuous, multilayer analysis to detect vulnerabilities and license compliance issues, with an internal policy to fail builds on certain security vulnerabilities and remediate them according to an industry-standard SLA. Critical vulnerabilities are patched within 7-14 days on average. The company incorporates SAST and DAST tools, running scans every time code is checked in and released, and conducts ongoing internal and external penetration testing. JFrog helps Federal Agencies and other enterprises achieve compliance with NIST SP 800-218 and other security regulations, and engages Ernst & Young for an annual SOC 2 Type II audit.