Released: July 11, 2023
Requires Artifactory version 7.63.5 and above.
JFrog Curation requires Enterprise X and Enterprise + subscriptions.
Introducing JFrog Curation, a new JFrog Security product that enables you to block malicious or risky open-source packages entering your software supply chain, preventing consumption in any software pipeline. Package metadata is used for identification of malicious or risky packages removing the need to download components to scan, saving time and increasing security. It enables organizations to have control and visibility over third-party package downloads.
What can you do with Curation?
Track the open-source packages downloaded by your organization to gain centralized visibility and control.
Prevent harmful packages from getting into your software development pipelines.
Protect against known and unknown threats, allowing only trusted software packages into your SDLC.
Create policies to block packages with known vulnerabilities, malicious code, operational risk, or license compliance issues.
Xray now supports PostgreSQL version 15.x.
Xray SBOM Report
The SBOM report now includes PURL and bom-ref fields in CycloneDX and SPDX.
Exposures Expanded Package Support
In addition to Docker, Exposures now also supports Maven, npm, and PyPI packages.
Fixed an issue whereby, in the Scan lists page, Builds that are not contained in the project are being displayed.
Fixed an issue whereby, in some cases, report progress displayed was more than 100%.
Fixed an issue whereby zone-info files with '.zi' extension were misidentified, resulting in an indexing error.
Fixed an issue whereby, in some cases, when attempting to assign a custom issue for a Debian component, it lead to a 404 Page Not Found error.