Developers

JFrog Security User Guide

ft:sourceType: Ftml

What is JFrog Security?
Products
Curation
Supported Technologies
Features and Capabilities
Configure Curation
Configure Curation for Self Hosted
Set User Roles and Permissions
General
Configure Repositories
Connect Remote Repositories to Curation
Enable Pass-Through for Specific Repositories
Create Policies
List of Available Conditions
Create Custom Conditions
Manage Curation
Manage Repositories
Manage Policies
Curated Packages Audit Events
Manage Waivers
View the Active Policies for a Repository
How-Tos
How to Block Malicious or Vulnerable Packages from Entering the Repository
How to Ensure Only Open-Source Packages with Approved Licenses Are Used
How to Prevent the Use of Deprecated or Outdated Packages in Development
How to Use JFrog Curation as a Developer with the JFrog CLI
How to Utilize JFrog Catalog for Curation
How to Manage Virtual Repository Behavior and Curation in JFrog Xray
How to Assess and Optimize Your Curation Settings
Xray
Supported Technologies
Features and Capabilities
SCA
Security
JFrog Security Research
Malicious Package Detection
Detect Malicious AI Models
Legal
Custom Software Licenses
Operational Risk
SBOM
SBOM Import
SBOM Export
Export Scan Results
Understanding and Analyzing Xray Scan Results
Builds Security Overview
Comparing Build Versions
Policies in JFrog Xray
Watches in JFrog Xray
Ignoring Violations in JFrog Xray: Understanding Ignore Rules
Violations Handling and Notifications
Jira Integration
Setup Xray Jira Integration
View Jira Tickets Created with Xray Integration
Manually Create a Jira Ticket
Ticket Status
Best Practices
Xray Jira Integration REST API Support
Webhooks
Xray Reports
Quick Start
Configure Xray
Index Xray Resources
Configure Indexing in JFrog Xray
Set a Retention Period for Xray Indexed Resources
Create Watches
Create Policies
Manage Xray
Xray and JFrog External DB Sync
Migration Guide for Self-Hosted Customers: Upgrading from DBSync V1 to V3
Advanced Settings
System Monitoring
TLS Certificates
Secure PostgreSQL with TLS Support on Xray
Secure RabbitMQ with TLS Support on Xray
Trust Self Signed Certificates en
System Messages
CI-CD Integration with Xray
Add Custom Xray Integrations
How-Tos
How to Filter Out Your 1st Party Components in CycloneDX SBOM report
How to Assign Supplier to your resources in SBOM reports
How to Block Malicious Packages in your SDLC
How to Block Critical and High Vulnerabilities Before Promotion
How to Create a Violation for a Specific Package Version
How to Send Email Notifications for Each Critical Vulnerability Found in Resource
How to Generate a Report with All Vulnerabilities in a Distributed Bundle
How to Generate a Report with All Used Licenses in Your Environment Using JFrog Xray
How to Exclude Specific File Names from Scans
Advanced Security
Supported Technologies
Features and Capabilities
Contextual Analysis of CVEs
Secrets Scans
Misconfigurations Scans
Advanced Security Reports
SAST
Prerequisites
List of SAST Rules
Configure Advanced Security
Initiate Advanced Scans
Repositories
Artifacts
Custom Secrets Scanner
Create Advanced Security Policies
Contextual Analysis Policy
Exposures Policy
SAST
Ignore Violations
How-Tos
Create an Uber JAR for Contextual Analysis
Secrets Scans
Runtime
Supported Technologies
Runtime Integrity
Runtime Impact
Features and Capabilities
Configure Runtime
Sensor
OpenShift SCC
Certificate Verification
Workload Automation Service
Manage Runtime
How-Tos
Inspecting Live Software Components
Reducing Noise in Risk Management
Fast Exposure Window Closing
Strengthening Runtime Trust Through Image Verification
Detecting Your Live Artifacts in Artifactory
APIs
List Image Tags
Get Clusters List
Get Cluster
List Workloads
Catalog
Supported Technologies
Features and Capabilities
Configure Catalog
Configure and Manage Labels
GraphQL APIs
How-Tos
How to Identify and Mitigate Vulnerable OSS Packages in Your Repository
How to Enforce Compliance Policies Using Catalog Labels
How to Compare and Select the Best OSS Package for Your Project
Shift Left on Security
IDEs
Visual Studio Code
Package Manager Prerequisites
Supported Technologies
Installation
Manage
Quick Start
How-Tos
JetBrains
Supported Technologies
Installation
Manage
Quick Start
How-Tos
Troubleshooting
Eclipse
Supported Technologies
Installation
Quick Start
How-Tos
Visual Studio
Supported Technologies
Installation
Quick Start
Frogbot
Supported Technologies
Package Manager Prerequisites
Features and Capabilities
Installation
GitHub Actions
Installation
OpenID Connect Authentication
GitLab CI
Azure DevOps
Jenkins
Configure Frogbot
Advanced Configuration
YAML File
The frogbot-config.yml File Structure
Frogbot Configuration Parameters (Optional)
Frogbot Offline
Troubleshooting
Git Repository Scans and Results
Git Repository Configuration
Create a Git Repository Policy
Create a Git Repository Watch
Export Scan Results
Working in Air-Gapped Environments
Developers
CLI
Platform Maintenance
Download Updates for Xray's Vulnerability Database
Count Contributing Developers
Scan Your Source Code
Scan Your Binaries
Scan Published Builds
Enrich your SBOM JSONs & XMLs
Curation Compliance Check

Back to home page