diff --git a/buildscripts/update-jfrog-deps.sh b/buildscripts/update-jfrog-deps.sh
new file mode 100755
index 000000000..4767f9084
--- /dev/null
+++ b/buildscripts/update-jfrog-deps.sh
@@ -0,0 +1,172 @@
+#!/bin/bash
+set -euo pipefail
+
+BOLD="\033[1m"
+GREEN="\033[0;32m"
+YELLOW="\033[0;33m"
+CYAN="\033[0;36m"
+RED="\033[0;31m"
+RESET="\033[0m"
+
+GOMOD="go.mod"
+COMMENT_REPLACE=true
+# Used for go get / go mod tidy when resolving modules (override e.g. for a corporate proxy).
+JFROG_DEPS_GOPROXY="${JFROG_DEPS_GOPROXY:-direct}"
+
+usage() {
+    echo -e "${BOLD}Usage:${RESET} $0 [OPTIONS] [dep1 dep2 ...]"
+    echo
+    echo "Update JFrog Go dependencies to their latest versions."
+    echo "With no dependency names, updates all known JFrog modules; otherwise only those listed."
+    echo
+    echo -e "${BOLD}Options:${RESET}"
+    echo "  -a, --all            Explicitly update all JFrog dependencies (same as passing no names)"
+    echo "  --keep-replace       Don't comment out active 'replace' directives (default: comment them out)"
+    echo "  -h, --help           Show this help message"
+    echo
+    echo -e "${BOLD}Environment:${RESET}"
+    echo "  JFROG_DEPS_GOPROXY   GOPROXY for go get / go mod tidy (default: direct)"
+    echo
+    echo -e "${BOLD}Individual dependencies (pass one or more):${RESET}"
+    echo "  client-go        github.com/jfrog/jfrog-client-go        @master"
+    echo "  cli-core         github.com/jfrog/jfrog-cli-core/v2      @master"
+    echo "  cli-artifactory  github.com/jfrog/jfrog-cli-artifactory  @main"
+    echo "  build-info-go    github.com/jfrog/build-info-go          @main"
+    echo "  cli-security     github.com/jfrog/jfrog-cli-security      @latest (tag)"
+    echo "  froggit-go       github.com/jfrog/froggit-go             @latest (tag)"
+    echo "  gofrog           github.com/jfrog/gofrog                 @latest (tag)"
+    echo
+    echo -e "${BOLD}Examples:${RESET}"
+    echo "  $0                                # Update all JFrog deps"
+    echo "  $0 --all                          # Same as no arguments"
+    echo "  $0 client-go cli-core             # Update only those"
+    echo "  $0 --keep-replace                 # Update all, leave replace directives as-is"
+    echo "  JFROG_DEPS_GOPROXY=https://proxy.golang.org $0   # Use a different GOPROXY"
+}
+
+log_info()  { echo -e "${CYAN}[INFO]${RESET}  $*"; }
+log_ok()    { echo -e "${GREEN}[OK]${RESET}    $*"; }
+log_warn()  { echo -e "${YELLOW}[WARN]${RESET}  $*"; }
+log_error() { echo -e "${RED}[ERROR]${RESET} $*"; }
+
+ALL_KEYS="client-go cli-core cli-artifactory cli-security build-info-go froggit-go gofrog"
+
+resolve_dep() {
+    case "$1" in
+        client-go)       echo "github.com/jfrog/jfrog-client-go|master" ;;
+        cli-core)        echo "github.com/jfrog/jfrog-cli-core/v2|master" ;;
+        cli-artifactory) echo "github.com/jfrog/jfrog-cli-artifactory|main" ;;
+        build-info-go)   echo "github.com/jfrog/build-info-go|main" ;;
+        cli-security)    echo "github.com/jfrog/jfrog-cli-security|latest" ;;
+        froggit-go)      echo "github.com/jfrog/froggit-go|latest" ;;
+        gofrog)          echo "github.com/jfrog/gofrog|latest" ;;
+        *)               return 1 ;;
+    esac
+}
+
+comment_out_jfrog_replaces() {
+    if [[ ! -f "$GOMOD" ]]; then
+        log_error "Cannot find $GOMOD"
+        return 1
+    fi
+
+    local count
+    count=$(grep -cE '^[[:space:]]*replace[[:space:]]+github\.com/jfrog/' "$GOMOD" 2>/dev/null || true)
+
+    if [[ "$count" -eq 0 ]]; then
+        log_info "No active jfrog replace directives found"
+        return 0
+    fi
+
+    log_warn "Found ${BOLD}${count}${RESET} active jfrog replace directive(s) — commenting out"
+
+    # macOS sed requires '' after -i; use a temp file for portability
+    local tmp
+    tmp=$(mktemp)
+    while IFS= read -r line; do
+        if echo "$line" | grep -qE '^[[:space:]]*replace[[:space:]]+github\.com/jfrog/'; then
+            log_info "  Commenting: ${line}"
+            echo "// ${line}" >> "$tmp"
+        else
+            echo "$line" >> "$tmp"
+        fi
+    done < "$GOMOD"
+    mv "$tmp" "$GOMOD"
+    log_ok "Replace directives commented out"
+}
+
+update_dep() {
+    local key="$1"
+    local entry
+    entry=$(resolve_dep "$key") || { log_error "Unknown dependency: ${key} (known: ${ALL_KEYS})"; return 1; }
+    local module="${entry%%|*}"
+    local ref="${entry##*|}"
+    log_info "Updating ${BOLD}${key}${RESET} → ${module}@${ref}"
+    if GOPROXY="$JFROG_DEPS_GOPROXY" go get "${module}@${ref}"; then
+        log_ok "${key} updated"
+    else
+        log_error "Failed to update ${key}"
+        return 1
+    fi
+}
+
+# --- Main ---
+
+explicit_all=false
+specific_deps=()
+
+while [[ $# -gt 0 ]]; do
+    case "$1" in
+        -a|--all)           explicit_all=true; shift ;;
+        --keep-replace)     COMMENT_REPLACE=false; shift ;;
+        -h|--help)          usage; exit 0 ;;
+        -*)                 log_error "Unknown option: $1"; usage; exit 1 ;;
+        *)                  specific_deps+=("$1"); shift ;;
+    esac
+done
+
+# Comment out active replace directives before updating
+if [[ "$COMMENT_REPLACE" == true ]]; then
+    comment_out_jfrog_replaces
+    echo
+fi
+
+failed=0
+keys_to_update=""
+
+if ((${#specific_deps[@]} > 0)); then
+    if [[ "$explicit_all" == true ]]; then
+        log_warn "${BOLD}--all${RESET} is ignored when dependency names are listed"
+    fi
+    log_info "Updating ${BOLD}${specific_deps[*]}${RESET}…"
+    echo
+    keys_to_update="${specific_deps[*]}"
+else
+    log_info "Updating ${BOLD}all${RESET} JFrog dependencies…"
+    echo
+    keys_to_update="$ALL_KEYS"
+fi
+
+for dep in $keys_to_update; do
+    update_dep "$dep" || ((failed++)) || true
+done
+
+echo
+if [[ $failed -gt 0 ]]; then
+    log_warn "${failed} update(s) failed"
+else
+    log_ok "All updates succeeded"
+fi
+
+log_info "Running go mod tidy…"
+GOPROXY="$JFROG_DEPS_GOPROXY" go mod tidy
+log_ok "go mod tidy done"
+
+log_info "Running go vet ./…"
+if ! go vet ./...; then
+    log_error "go vet failed"
+    exit 1
+fi
+log_ok "go vet passed"
+
+exit "$failed"
diff --git a/go.mod b/go.mod
index a44727d93..06f21472a 100644
--- a/go.mod
+++ b/go.mod
@@ -7,13 +7,13 @@ require (
 	github.com/go-git/go-git/v5 v5.18.0
 	github.com/golang/mock v1.6.0
 	github.com/google/go-github/v45 v45.2.0
-	github.com/jfrog/build-info-go v1.13.1-0.20260331040230-c3b53d1a24ac
-	github.com/jfrog/froggit-go v1.21.1
+	github.com/jfrog/build-info-go v1.13.1-0.20260429070557-93b98034d295
+	github.com/jfrog/froggit-go v1.22.0
 	github.com/jfrog/gofrog v1.7.6
-	github.com/jfrog/jfrog-cli-artifactory v0.8.1-0.20260423195010-d7aa2c437305
-	github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20260427010241-873f53d940b3
-	github.com/jfrog/jfrog-cli-security v1.28.0
-	github.com/jfrog/jfrog-client-go v1.55.1-0.20260428070955-750b933dc5c7
+	github.com/jfrog/jfrog-cli-artifactory v0.8.1-0.20260508123058-25d218a0eca9
+	github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20260504054219-ba16d20c7b0f
+	github.com/jfrog/jfrog-cli-security v1.29.0
+	github.com/jfrog/jfrog-client-go v1.55.1-0.20260508101905-a17af78a38d7
 	github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible
 	github.com/owenrumney/go-sarif/v3 v3.2.3
 	github.com/stretchr/testify v1.11.1
diff --git a/go.sum b/go.sum
index 2d20ff376..1f005546b 100644
--- a/go.sum
+++ b/go.sum
@@ -138,22 +138,22 @@ github.com/jedib0t/go-pretty/v6 v6.7.8 h1:BVYrDy5DPBA3Qn9ICT+PokP9cvCv1KaHv2i+Hc
 github.com/jedib0t/go-pretty/v6 v6.7.8/go.mod h1:YwC5CE4fJ1HFUDeivSV1r//AmANFHyqczZk+U6BDALU=
 github.com/jfrog/archiver/v3 v3.6.3 h1:hkAmPjBw393tPmQ07JknLNWFNZjXdy2xFEnOW9wwOxI=
 github.com/jfrog/archiver/v3 v3.6.3/go.mod h1:5V9l+Fte30Y4qe9dUOAd3yNTf8lmtVNuhKNrvI8PMhg=
-github.com/jfrog/build-info-go v1.13.1-0.20260331040230-c3b53d1a24ac h1:VKZar+MKKcCoEnT3f1Nq0DkHV07PuI18NEPjlnJCh7M=
-github.com/jfrog/build-info-go v1.13.1-0.20260331040230-c3b53d1a24ac/go.mod h1:+OCtMb22/D+u7Wne5lzkjJjaWr0LRZcHlDwTH86Mpwo=
-github.com/jfrog/froggit-go v1.21.1 h1:I/XUOO6GQ1d/rmBlM361F8T654C3ohIWrpw23xNL9JY=
-github.com/jfrog/froggit-go v1.21.1/go.mod h1:umBiakJB0CSPFfe0AHVaC3n9xsmUT7NGkDCny3bRchI=
+github.com/jfrog/build-info-go v1.13.1-0.20260429070557-93b98034d295 h1:EH0h86KwGvNHWyEBQoHoU9WfMMKy1GJ6jJQNmfy6E0U=
+github.com/jfrog/build-info-go v1.13.1-0.20260429070557-93b98034d295/go.mod h1:+OCtMb22/D+u7Wne5lzkjJjaWr0LRZcHlDwTH86Mpwo=
+github.com/jfrog/froggit-go v1.22.0 h1:eeN5F8sOUo+h2cXkzArAu4nvSdjkDTAZtgqwrct70qg=
+github.com/jfrog/froggit-go v1.22.0/go.mod h1:wRDryqyp3oe+eHgME2mpnEQmO8XBECIPagFwj0nHmdI=
 github.com/jfrog/gofrog v1.7.6 h1:QmfAiRzVyaI7JYGsB7cxfAJePAZTzFz0gRWZSE27c6s=
 github.com/jfrog/gofrog v1.7.6/go.mod h1:ntr1txqNOZtHplmaNd7rS4f8jpA5Apx8em70oYEe7+4=
 github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY=
 github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w=
-github.com/jfrog/jfrog-cli-artifactory v0.8.1-0.20260423195010-d7aa2c437305 h1:wSoVNwbZ2Scm/q2MEfcf+vCUuq41wejk3+rlgnF56jE=
-github.com/jfrog/jfrog-cli-artifactory v0.8.1-0.20260423195010-d7aa2c437305/go.mod h1:6QJFQvde/CLnFeIIFOvm/6QuQr8OT1QWiTJAkQ+1Mnc=
-github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20260427010241-873f53d940b3 h1:LdLQQmhOMUfU+3x7wbtB7kY/Dd2LXKHz7CCUpHWn7uM=
-github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20260427010241-873f53d940b3/go.mod h1:qpD7einonjqskDTEyqeG3NzAbZO6se0s0Pet0ObBQ3I=
-github.com/jfrog/jfrog-cli-security v1.28.0 h1:A/xxwbnjCfQOGT8LqtjYsPXmGg2kpcjlABw2DMFgId8=
-github.com/jfrog/jfrog-cli-security v1.28.0/go.mod h1:+eO5IgCkfiz0/8fCf6UwBg1KWXoDbOQ/E2V8DR9Ziq8=
-github.com/jfrog/jfrog-client-go v1.55.1-0.20260428070955-750b933dc5c7 h1:MvHnFczVntYB/USj7/RRANvdWbTUcwEvXcIGr7lOyTc=
-github.com/jfrog/jfrog-client-go v1.55.1-0.20260428070955-750b933dc5c7/go.mod h1:sCE06+GngPoyrGO0c+vmhgMoVSP83UMNiZnIuNPzU8U=
+github.com/jfrog/jfrog-cli-artifactory v0.8.1-0.20260508123058-25d218a0eca9 h1:UsdbnrhIVDSoKtM07RAnQxiX4+/XstAwRdBQHh8NlVU=
+github.com/jfrog/jfrog-cli-artifactory v0.8.1-0.20260508123058-25d218a0eca9/go.mod h1:7d1o1iidDBY9cFf0S9818JMu1zn/lXoW4hf5SfDEd6s=
+github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20260504054219-ba16d20c7b0f h1:l5BPLF8GYBSvXmNqurqAP291lVHr1iCo4nwc5xe7KNM=
+github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20260504054219-ba16d20c7b0f/go.mod h1:bjAkVD8c2W+jg4whqy10bSXDC/c+Se8/ll/GPp5F/+0=
+github.com/jfrog/jfrog-cli-security v1.29.0 h1:TN2OCA5i/iPbikQWzSwVqGvySvIvw1P6rPga+DbVBOI=
+github.com/jfrog/jfrog-cli-security v1.29.0/go.mod h1:q38TPlxortIJvbyD3u9P9UhHwyx007tEb9WbXlXw2E0=
+github.com/jfrog/jfrog-client-go v1.55.1-0.20260508101905-a17af78a38d7 h1:o8fk4yWLqNMldarXyh/4NbmdbYbuM+lKYobdJK7shqM=
+github.com/jfrog/jfrog-client-go v1.55.1-0.20260508101905-a17af78a38d7/go.mod h1:sCE06+GngPoyrGO0c+vmhgMoVSP83UMNiZnIuNPzU8U=
 github.com/jhump/protoreflect v1.15.1 h1:HUMERORf3I3ZdX05WaQ6MIpd/NJ434hTp5YiKgfCL6c=
 github.com/jhump/protoreflect v1.15.1/go.mod h1:jD/2GMKKE6OqX8qTjhADU1e6DShO+gavG9e0Q693nKo=
 github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA=