Released: September 10 , 2023
Note
JFrog Curation requires Xray version 3.82.6.
Highlights
Approved/Blocked Audit REST API
Introduced a new Curation API to extract the Curation package download approve/block audit events.
Curation support for Docker Hub
Support Docker Hub as a new public repository that can be curated using Curation.
Supported conditions for Docker Hub images:
Image is not a Docker Hub Official Image: Block download of images from Docker Hub that do not have the Docker Hub official image badge.
Is Malicious: Block download of images from Docker Hub incase they are identified by JFrog as malicious.
New Curation Dashboard
Introduced new widgets that provide the following:
Detail the coverage of Curation by risk categories (malicious, security, legal, operational) on all the remote repositories that can be curated.
Detail the last events of malicious package downloads blocked
Trends of package downloads blocked by risk category (security, legal, operational)
New Policy Conditions
Introduced new Policy conditions:
Package with High risk CVE (CVSS range 7-8.9)
Package with Medium risk CVE (CVSS range 4-6.9)