JFrog Security Deprecations

The following deprecations have already been implemented in JFrog Xray.

Deprecation	Version/Date	Deprecation process and next steps	What has to be done?
Block Download feature for remote repositories in JFrog Xray	We are rolling this out in phases, from April 1, 2026, through November 2026. to ensure every customer has the support they need to migrate.	JFrog Curation makes automated, policy-driven decisions based on metadata before the download ever starts. This results in split-second decisions and clear, immediate feedback that keeps your developers moving. What is Changing (and What Isn’t): It is important to note that Xray is not going anywhere. It remains a gold standard for scanning (SCA) your software supply chain. Scanning & Visibility: What Happens to Remote Repos? - No Change. Xray will still perform deep scans for vulnerabilities. What Happens to Local Repos?- No Change. Block Download: What Happens to Remote Repos? - Moving to Curation. Active blocking at the gate is handled by our specialized perimeter tool. What Happens to Local Repos? - No Change. Xray will continue to block downloads for local repositories.	We want to make this transition as seamless as possible for your team. If you already use Curation: Review your Policies to ensure they mirror your previous Xray block settings. If you are not yet on Curation: Reach out to your JFrog account team or Support immediately. Every day without Curation is a day your pipelines rely solely on scanning rather than proactive prevention.
Deprecated integrations	Xray 3.0	Aqua, WhiteSource, and Black Duck out-of-the-box integrations have been deprecated in the Xray UI integrations page (Self-hosted)	Custom integrations are still available, supporting integrating to any external source of your choice. The VulnDB integration, now transparently integrated into Xray.
Xray homepage in the Platform UI (Self-hosted)	Xray 3.0	The Xray homepage, as part of the JFrog Platform UI unification, this page has been removed.
Xray 2.0 Reports functionality	Xray 3.0		The Xray 3.0 Reports, which are new a functionality, require new permissions.
REST API deprecations	Xray 3.0	AUTHENTICATION Get Token USER MANAGEMENT Create User Update User Delete User BINARY MANAGERS Add Binary Manager Update Binary Manager Delete Binary Manager LICENSE REPORTS Generate License Report Get License Report Get License Report Components SECURITY REPORTS Generate Security Report Get Security Report Get Top Vulnerabilities Security Report GRAFEAS Get Note Update Note Create Note Delete Note Get Occurrences by Note ID Get Occurrences by Component ID SYSTEM External Ping Request PERMISSIONS Get Permissions Get Permission Details Create Permission Delete Permission