JFrog Curation defends your software supply chain, enabling early blocking of malicious or risky open-source packages before they even enter. Seamlessly identify harmful, vulnerable, or risky packages, ensuring increased security, compliance, and developer productivity.
Gain control and visibility over third-party package downloads. Drive organizational alignment, improve the developer and DevSecOps experience, and realize cost savings.
Track the open-source packages downloaded by your
organization to gain centralized visibility and control.
Prevent harmful packages from getting into your
software development pipelines as part of a holistic
software supply chain platform.
Protect against known and unknown threats, allowing only trusted software packages into your software development pipelines. Feel confident your development teams are developing with only pre-approved open-source components.
Automated policies block packages with known vulnerabilities, malicious code, operational risk, or license compliance issues. Select from predefined templates to drive governance over the open-source consumed in your organization.
Explore the metadata of the open-source packages you want to use with JFrog Catalog. Discover their version history, security vulnerabilities, OpenSSF score, license data, operational risk, and if they have any dependencies and transitive vulnerabilities. Over 4 million OSS packages have been cataloged for easy reference.
Transparency and accountability enable easy auditing of the open-source used by developers. Seamlessly-integrated vetting of software packages before entry into the SDLC, ensure a better developer experience with reduced remediation efforts and lower costs.
The largest data breach in history was due to a leaked access token. 1 billion records with personally identifiable information were stolen. Don't become the next data breach storyline and make sure you keep your credentials and secrets out of the hands of nefarious actors.
Our dedicated team of security engineers and researchers are committed to advancing software security through discovery, analysis, and exposure of new vulnerabilities and attack methods. They respond promptly with deep research and rapidly update our database.
Their research enhances the CVE data used in JFrog Xray, providing more details, context and developer step-by-step remediation. Their advanced algorithms are implemented in JFrog Xray, for example contextual CVE analysis.