What is JFrog Curation Pass-Through?
CLI for JFrog Curation enables a developer to get a complete view of any JFrog Curation violations in their development projects (packages that will be blocked by Curation) and obtain fix recommendations if available.
CLI for JFrog Curation uses the developer build system/package manager to conclude on the project’s entire 3rd party dependencies and adds on top of their Curation violation status from the Curation service.
Some package managers/build systems such as Maven CLI for JFrog Curation require a complete download of the project’s 3rd party dependencies (including violating packages) to perform its audit task. To allow such audit analysis while ensuring the violating packages will not be cached/stored in any Artifactory in case downloaded for the audit, JFrog Curation introduces Curation Pass-through. Curation Pass-through is a remote repository-level configuration that allows the remote repository to download violating packages and send them to the requester while ensuring the package will not be cached/stored in the remote repository.
CLI for JFrog Curation places the downloaded packages in their dedicated temp store, away from the developer’s 3rd party dependencies store. CLI for JFrog Curation will use the packages for the audit task. The violating packages will not be stored in any Artifactory and thus will not impact the development and build jobs. We call it pass-through because the violating packages are only passing through Artifactory and not stored/cached.
Package managers / build systems that require pass-through for Curation audit to work
Maven
Curation deployment models supported for pass-through
Direct Curated remote repository communication
Curated remote repository communication through smart remote
When to enable Curation Pass-through in a remote repository
Curation Pass-through is supported and needed when you wish to support CLI for JFrog Curation for the package managers that require it.
Based on your JFrog Curation deployment model you will need to enable pass-through in:
The curated remote repository (remote repository connected to the Curation service).
Smart remote connected to the Curated remote (if used). Smart remote connected to Curated remote must have the Add user context for Curation enabled for pass-through to be supported
Enable Curation Pass-through on the needed remote repositories
Enable on the Curated remote repository
Log in to your Artifactory server.
Navigate to the settings page of the Curated remote you wish to enable the Curation Pass-through on.
Scroll down to the bottom of the page and look for the Enable Curation Pass-through toggle.
Enable the pass-through feature.
Enable on the Smart remote repository
Log in to your Artifactory server
Navigate to the settings page of the smart remote you wish to enable the Curation Pass-through on.
Scroll down to the bottom of the page and look in the Smart Remote Repository configurations section for the Enable Pass-through for Curation Audit and look for the Enable Curation Pass-through toggle.
Enable the pass-through feature
Validating your setup once all remotes needed are pass-through enabled
Run the CLI for JFrog Curation
If the Curation Pass-through was enabled successfully:
The expected response for the curation audit command which contains the results of blocked packages with all curation details
If the Curation Pass-through was not enabled you will receive the following response:
Failed to retrieve the dependencies tree for the <pkg_type> project. Please contact your Artifactory administrator to verify pass-through for Curation audit is enabled for your project.