Catalog Installation

Before installing Catalog, review the connection between Xray, Curation, and Catalog:

How Catalog, Curation, and Xray Work Together

• Catalog and Curation are interconnected products. Curation relies on Catalog to access data about package vulnerabilities. Without Catalog, Curation cannot function.
• Curation is a component of Xray and is installed together with Xray. If you have the necessary Curation entitlement, you can enable it through the UI.
• Although part of the general Xray installation, the Catalog native self-managed installation must be deployed on separate VMs and must not be installed directly on the Xray VMs.

Although part of the general Xray installation, the Catalog native self-managed installation must be deployed on separate VMs and must not be installed directly on the Xray VMs.

• Prevention at Entry (Curation + Catalog): Before any OSS package is introduced into your development pipeline, Curation consults the Catalog to assess its risk profile. This proactive approach ensures that only vetted and approved packages are allowed entry, minimizing the chance of introducing vulnerabilities or non-compliant components.
• Continuous Monitoring (Xray): Once packages are part of your environment, Xray takes over by continuously scanning them for new vulnerabilities or compliance issues that may arise over time. This ensures that your software remains secure and compliant throughout its lifecycle.

In essence, Catalog provides the critical data, Curation acts as the initial filter to block risky components from entering your system, and Xray offers ongoing surveillance to detect and address issues in the components you are already using. This integrated approach fortifies your software supply chain, ensuring robust security and compliance from the outset and throughout the development process.

You can install JFrog Catalog by:

1. Interactive Script
2. Helm and OpenShift

System Requirements

• Processor: 6 cores
• Memory: 24 GB
• Disk Space: 500 GB