JFrog Curation & Xray — Two Lines of Defense
Curation guards the gate. Xray watches what's inside.
Outside · Public Registries
Inside · Your Artifactory
External Sources
npm · public
PyPI · public
Maven · central
Docker Hub
evil-pkg
cool-lib
old-jquery
✕
✓
Trusted Repository
Curation
Door Guard
📦
lodash
📦
axios
⚛
react
🐍
numpy
☕
log4j
📦
redis
☕
spring
🧠
tensorflow
🐍
requests
📦
kafka
Xray
Internal Patrol
CVE-2021-44228 · Log4Shell detected
JFrog Curation · Door Guard (Shift-Left)
Blocks external packages before they enter your repository, based on policy. Malicious, license-violating, and vulnerable versions are rejected at the door.
JFrog Xray · Internal Patrol (Continuous Scan)
Continuously scans artifacts already in your repository. When a new CVE is disclosed, it instantly identifies and flags any affected packages.