Before installing Catalog, here’s a brief explanation of the connection between Xray, Curation, and Catalog:
Catalog and Curation are interconnected products. Curation relies on the Catalog to access data about package vulnerabilities. Without the Catalog, Curation cannot function. Curation is a component of Xray. Curation is also installed when you install Xray. If you have the necessary Curation entitlement, you can enable it through the UI. Although part of the general Xray installation, the Catalog is installed separately on a SH environment.
Prevention at Entry (Curation + Catalog): Before any OSS package is introduced into your development pipeline, Curation consults the Catalog to assess its risk profile. This proactive approach ensures that only vetted and approved packages are allowed entry, minimizing the chance of introducing vulnerabilities or non-compliant components.
Continuous Monitoring (Xray): Once packages are part of your environment, Xray takes over by continuously scanning them for new vulnerabilities or compliance issues that may arise over time. This ensures that your software remains secure and compliant throughout its lifecycle.
In essence, Catalog provides the critical data, Curation acts as the initial filter to block risky components from entering your system, and Xray offers ongoing surveillance to detect and address issues in the components you are already using. This integrated approach fortifies your software supply chain, ensuring robust security and compliance from the outset and throughout the development process.
You can install JFrog Catalog by:
System Requirements
Processor: 6 cores
Memory: 24 GB
Disk Space: 500 GB