Catalog Labels

JFrog Catalog

ft:sourceType
Paligo

Note

Requires Xray version 3.104.x and above

Catalog Labels is a management system that enables customers to group packages/versions and use this group to define Curation Policies and queries. In JFrog Curation, this enables you to do the following:

  • Accept only pre-checked packages or ML models (allow list)

  • Block unwanted packages at scale (block list)

  • Bypass the Curation Policies with a waiver for pre-checked packages

Permissions The creation and management of the labels are done through the GraphQL API or in the JFrog Platform with administrator permission only. View of the labels is permitted to all users.

Create a Label in JFrog Catalog

  1. Navigate to Package/Version > Labels, click the Add a Label button, and provide a name for the label.

    image__3_.png

    If the label does not exist, the system will suggest creating one (the labels are case-sensitive).

    A sidebar with a description appears to allow you to describe the label (recommended to helps users later in the process to understand the label).

    image__4_.png
  2. Select the version you want to apply this label to.

    JFrog Catalog supports the following:

    • Version-specific: The label applied to a version or list of package versions. This limits the label to the close list defined by you in advance.

    • All-versions: Includes all the versions of a specific package, including past versions, and will automatically include any future version released by the vendor.

  3. Click Save Label.

    Saving the label will create a new label in the system and apply it to the selected version for this package.

    image__5_.png

You can see the description and the scope of the label by hovering over it:

image__6_.png

You can add as many labels as you need and apply them to packages.

Apply Existing Label on a Package Version

In case a label already exists, you can add more packages to it by simply selecting it from the list after clicking + add label:

image__7_.png

Remove a Label from the Package

Clicking the (X) next to the Label will remove the label from the package/version. Take note, this will not delete the label, it will remove it from the package.

image__5_.png

Apply Curation Policies on Labels

Blocking policies can be created based on the predefined labels in JFrog Catalog that allow your organization to bring in or keep out a preselected list of packages.

Create a Curation Condition Based on Labels:

There are two types of conditions supported in Curation that use labels as a base for blocking packages:

  • Package assigned to a label that is banned: Used to define a list of packages that are not wanted by the organization. This template creates conditions that block third-party packages based on their labels. Labeling is a prequel action done in JFrog Catalog, where users apply a label to multiple packages/versions. Any package assigned to a label from the banned list will be blocked.

  • Block package unless it's on the allowed list: Used to define a list of packages allowed in the organization. This template creates conditions that allow only third-party packages based on their labels. Labeling is a prequel action done in JFrog Catalog, where users apply a label to multiple packages/versions. Only packages assigned to labels that are present on the allowed label list will be permitted.

image__8_.png

Select one or more labels that are relevant for you:

image__9_.png

Select the newly created condition in the policy creation to apply this to the desired scope.

image__10_.png

You can see the effect of the policy on the package in JFrog Catalog:

image__11_.png