JFrog Releases Curation
Written by Kay Ewbank   
Thursday, 13 July 2023

JFrog has introduced JFrog Curation, an automated DevSecOps solution that aims to vet and block malicious open source or third-party software packages and their respective dependencies before entering an organization’s software development environment.

JFrog provides an end-to-end DevOps platform for the software supply chain and has over 7K customers worldwide, including the majority (85%) of the Fortune 100.

The new tool is natively integrated with JFrog Artifactory binary repository, and the developers say it is unique in its use of binary metadata for identification of malicious packages with higher-severity CVEs, operational, or license compliance issues. The aim is that the technique removes the need to download each package for scanning before use.


The JFrog team says that existing DevSecOps platforms may provide advice, but none actively check packages against automated policies at request time without downloading them.

JFrog Curation also validates incoming software packages against JFrog’s Security Research library of recorded Critical Vulnerabilities Exposures (CVE) and publicly available information so organizations can set up a trusted repository of pre-approved, third-party software components for use in development.

JFrog Curation is designed to enable developers, security leaders, and DevSecOps engineers to vet and block open source software components without compromising the developer experience or speed. It provides central visibility and governance of every open source package requested by a developer or build tool with accurate, metadata-based insights on all infected packages, with actionable advice on ways to remediate.

The software creates a comprehensive and transparent audit trail to help organizations comply with current and emerging regulatory requirements.

JFrog says the tool means developers can be confident they're using trusted OSS packages, without their speed of application development being impaired, and DevSecOps teams can now streamline OSS package usage and approvals. JFrog Curation provides out-of-the-box templatized policies to assist application security teams with pre-built customized policies for malicious packages, CVEs, license types, and operational risk (packages that are aged, immature, or unmaintained).


More Information

JFrog Curation Webpage

Related Articles

JFrog Reveals The Popularity Of Software Technologies

JFrog Releases Conan 2

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.


Seasonal Deals From edX and Udacity

The season of discount deals has arrived early. edX is offering a 20% off selected courses and program bundles for Cyber Monday. Udacity has an even better Black Friday Deal with 50% off sub [ ... ]

Microsoft Windows Announced 40 Years Ago

Although it didn't launch until 1985, Microsoft Windows was announced in November 1983. It signaled the move for users from the command line to a GUI environment, something that some programmers still [ ... ]

More News




or email your comment to: comments@i-programmer.info

Last Updated ( Thursday, 13 July 2023 )