NVIDIA 
Cursor 
GitHub 
Docker 
Maven 
Finanzdienstleistungen 
Öffentlicher Sektor 
Technologie 
Gesundheitswesen 
Gaming 
Automobilbranche 
Enterprise 
Curation
Block risky Open Source Components Before They Enter Your Software Supply Chain
Enforce security, operational, and compliance policies on every open-source package, AI model, and IDE extension at the point of request so only trusted components reach your developers.
THE CHALLENGESupply chain attacks have fundamentally changed the threat landscape. Attackers no longer just exploit known vulnerabilities. They poison the components developers trust, injecting malicious code before traditional scanners ever see it. Meanwhile, the explosion of open-source packages, AI models, and IDE Extensions has made manual vetting impossible at scale. Every unvetted download is an open door, and reactive security tools were not built to close it. |
THE SOLUTIONJFrog Curation closes the gap that reactive tools leave open. It automatically intercepts and evaluates every third-party request at the gate, stopping poisoned components before they enter your environment. Policy enforcement is fully automated, eliminating manual vetting at any scale. And unlike tools that only scan new downloads, Curation continuously governs your local cache, so yesterday’s safe package does not become tomorrow’s breach. |
Block Risky Components Before They Reach Your Developers
“With JFrog Curation, we’re truly shifting left because we’re now able to block malicious packages and risky components before they even enter our cloud instance, easing the minds of our security leadership team.”
Head of Software Engineering, IT
JFrog Customer: Leading Healthcare Provider, EMEA
Build Fast, Stay Secure and Remain Complaint
Build Without Bottlenecks
End the waiting game. Developers get instant access to compliant components without security tickets or manual reviews. When a package is blocked, Curation automaticallyserves a safe, vetted version of that component.
Prevent Fires, Don’t Fight Them
Stop threats before they cost you. Curation intercepts and evaluates every third-party request at the gate, blocking malicious components before they enter your environment. Forrester reports a 65% reduction in critical vulnerabilities breaching production
Set Policy Once. Enforce It Everywhere
Define your security, operational, and compliance policies once and Curation enforces them automatically across every request, every team, and every repository. Every decision is logged, giving you a complete auditable trail for compliance reporting.
Figure 1: Insights Overview Dashboard: Gain instant visibility into all open-source package requests, including what was approved, blocked, or flagged by your policies
Figure 2: Set and Review Automated Policies: Block specific risks and enforce security standards across your organization
Key Features and Benefits
| Key Features | Benefits |
| AUTOMATED POLICY ENFORCEMENT | Gain a consistent, 100% enforceable security standard that automatically blocks malicious packages and license risk, freeing your team from slow, error-prone manual approvals. |
| RECOMMENDED PACKAGE ALTERNATIVES | Maintain developer productivity by automatically offering a compliant version of a blocked package, preventing “blocked workflows” and work interruptions. |
| CENTRALIZED AUDIT LOG | Simplify compliance audits by instantly providing a complete log of every package request, block and approval. |
| BLOCK IMMATURE PACKAGES | Reduce the risk of zero-day attacks by blocking newly published packages, before a threat is publicly discovered. |
| BLOCK RISKY CACHED PACKAGES | Validates all cached packages against the latest policies, protecting the organization from new vulnerabilities found in previously safe components. |
| JFROG CATALOG | Make every policy decision count with an intelligence layer of 15M+ packages, continuously enriched by a dedicated security research team. |
“Our Curation deployment provides effective and efficient supply chain protection. We were able to shut down recent provider attacks in mere minutes once discovered and the control has proven 100% successful since.”
Sr. Cybersecurity Executive
Leading Financial Services Company
The Leading Software Supply Chain Governance Platform
JFrog empowers DevSecOps organizations globally to curate, secure, manage, and deliver the building blocks of all their mission-critical applications at scale – at deployment locations anywhere in the world.
