Requires Xray version 3.78.9 and above, and Artifactory version 7.63.5 and above. Requires Enterprise X and Enterprise + subscriptions with Software Package Curation.
JFrog Curation addresses the threat of software supply chain attacks by enabling organizations to ensure packages are vetted before they are included in their software. JFrog Curation works as a complement to Xray by enforcing a set of rules that determine which packages cannot be accessed by developers. These rules prevent packages with potential security or licensing problems from being downloaded from a public repository to your remote repository.
JFrog Curation is a policy-driven process. Whenever developers attempt to download a software package from a curated public repository to a remote repository in their organization, the package is checked against the relevant curation policy and either approved or rejected based on the conditions defined in the policy. If multiple relevant policies exist, the package is checked against each of them and will be blocked if it fails any one of them. Only if the package is approved by all relevant policies is it downloaded to the remote repository.
Note
Any package or artifact that resides in the JFrog Platform other than the one with Curation should be governed by JFrog Xray.