JFrog Curation 3.82.6

JFrog Release Information

Content Type
Release Notes
ft:sourceType
Paligo

Released: September 10 , 2023

Note

JFrog Curation requires Xray version 3.82.6.Xray 3.82.6

Highlights

Approved/Blocked Audit REST API

Introduced a new Curation API to extract the Curation package download approve/block audit events.Get Approved/Blocked Audit Logs API

Curation support for Docker Hub

Support Docker Hub as a new public repository that can be curated using Curation.        

Supported conditions for Docker Hub images:

  • Image is not a Docker Hub Official Image: Block download of images from Docker Hub that do not have the Docker Hub official image badge.

  • Is Malicious: Block download of images from Docker Hub incase they are identified by JFrog as malicious.

New Curation Dashboard

Introduced new widgets that provide the following:

  • Detail the coverage of Curation by risk categories (malicious, security, legal, operational) on all the remote repositories that can be curated.

  • Detail the last events of malicious package downloads blocked

  • Trends of package downloads blocked by risk category (security, legal, operational)

New Policy Conditions

Introduced new Policy conditions:

  • Package with High risk CVE (CVSS range 7-8.9)

  • Package with Medium risk CVE (CVSS range 4-6.9)