Try JFrog
Contact Support
JFrog.com
For AI agents: visit https://docs.jfrog.com/llms.txt for an index of all pages formatted in Markdown and endpoints in OpenAPI.
Jump to Content
Guides
Recipes
API Reference
Discussions
Release Notes
Contact Support
Try JFrog
Guides
Contact Support
Try JFrog
Guides
Recipes
API Reference
Discussions
Release Notes
How To Consume Results
Get Started
End-to-End Experience
Products/Concepts
Curation
Features and Capabilities
Catalog
Features and Capabilities
Xray
Features and Capabilities
Advanced Security
Features and Capabilities
Runtime
Features and Capabilities
Source Code
JFrog Security Implementation Guides
Curation Workshop
Part 1: Curation Rollout Overview
Part 2: Prepare for Curation Rollout
Part 3: Block Malicious Packages
Part 4: Estimate Policy Impact Using Dry Run
Part 5: Apply Organization-Wide Blocking Policies
Part 6: Apply Scoped and Project-Level Policies
Part 7: Operate and Monitor Curation
Xray Workshop
Part 1: Xray and DevSecOps Overview
Part 2: Plan Your Xray Rollout
Part 3: Prepare and Configure Xray
Part 4: Run Xray in Notification Mode (Dry Run)
Part 5: Enforce Policies and Monitor Risk
Part 6: Operate Xray as Part of DevSecOps
Glossary
curation
Supported Technologies
Compliant Version Selection
Behavior By Package
Curation Federation
Configure Curation
Configure Curation for Self-Managed
Set User Roles and Permissions
General
Configure Repositories
Connect Remote Repositories to Curation
Enable Pass-Through for Specific Repositories
Create Policies
List of Available Conditions
Create Custom Conditions
Fallback Behavior for Blocked Packages
Block Downloads from Cached Remote Repositories
On-Demand Curation
Curation Webhooks
Package Traffic Controller (PTC)
PTC Quick Start
Deploy and Roll Out PTC
Review PTC Prerequisites and Installation Script
Configure Artifactory for PTC
Configure Zscaler ZIA
Configuration by Package Type
Limitations and Troubleshooting
Manage Curation
Manage Repositories
Manage Policies
Curated Packages Audit Events
Manage Waivers
View the Active Policies for a Repository
How-Tos
How to Curate VS Code Remote Repositories
How to Block Malicious or Vulnerable Packages from Entering the Repository
How to Ensure Only Open-Source Packages with Approved Licenses Are Used
How to Prevent the Use of Deprecated or Outdated Packages in Development
How to Use JFrog Curation as a Developer with the JFrog CLI
How to Utilize JFrog Catalog for Curation
How to Manage Virtual Repository Behavior and Curation in JFrog Xray
How to Assess and Optimize Your Curation Settings
How to Manage “Package Pending Catalog” Events in JFrog Curation
xray
Supported Technologies
Java / Kotlin
JavaScript / TypeScript
Python
Go
C# / .NET
C/C++
Conan
PHP
Rust
Ruby
R
Scala
Swift / Objective-C (iOS)
Dart / Pub
Docker / OCI
Helm / HelmOCI
ML Models
Security
Xray Overview Page
Malicious Package Detection
Detect Malicious AI Models
Scanning AI Agent Skills
JFrog Security Research
Understanding and Analyzing Xray Scan Results
Builds Security Overview
Comparing Build Versions
License Compliance
License Attribution Report
License Conclusion
Custom Software Licenses
License Studio
Operational Risk
Snippet Detection
How to Run Snippet Detection
SBOM
Base Image Detection
SBOM Import
SBOM Export
CBOM
Transitive SBOM
Policy and Governance
Watches in JFrog Xray
Ignoring Violations in JFrog Xray: Understanding Ignore Rules
Violations Handling and Notifications
Audit Events
Webhooks
Observability and Search
Export Scan Results
Xray Reports
Impact Search
Configure Xray
Index Xray Resources
Configure Indexing in JFrog Xray
Set a Retention Period for Xray Indexed Resources
Create Watches
Create Policies
Manage Xray
Xray and JFrog External DB Sync
Migration Guide for Self-Hosted Customers: Upgrading from DBSync V1 to V3
Advanced Settings
System Monitoring
TLS Certificates
Secure PostgreSQL with TLS Support on Xray
Secure RabbitMQ with TLS Support on Xray
Trust Self Signed Certificates en
System Messages
CI-CD Integration with Xray
Jira Integration
Setup Integration
View Jira Tickets
Manually Create a Jira Ticket
Assign/Unassign Jira Tickets
Best Practices
REST API Support
How-Tos
How to Filter Out Your 1st Party Components in CycloneDX SBOM report
How to Assign Supplier to your resources in SBOM reports
How to Block Malicious Packages in your SDLC
How to Block Critical and High Vulnerabilities Before Promotion
How to Create a Violation for a Specific Package Version
How to Send Email Notifications for Each Critical Vulnerability Found in Resource
How to Generate a Report with All Vulnerabilities in a Distributed Bundle
How to Generate a Report with All Used Licenses in Your Environment Using JFrog Xray
How to Exclude Specific File Names from Scans
How to Enable and Monitor SBOM Migration in Xray
How to View and Modify Licenses in the SBOM Tab
How to Identify Affected Artifacts Using Impact Search
advanced-security
Supported Technologies
Contextual Analysis of CVEs
Secrets Scans
Misconfigurations Scans
GitHub Actions Workflow Scanner: Pwn-Request Detection
Advanced Security Reports
SAST
Configure Advanced Security
Enable Advanced Scans
Enable Advanced Scans for Repositories
Enable Advanced Scans for Artifacts
Initiate Advanced Scans
Create Advanced Security Policies
Contextual Analysis Policy
Exposures Policy
SAST
ML Model Policy
Ignore Advanced Security Violations
Create Custom Secrets Scanner
How-Tos
Create an Uber JAR for Contextual Analysis
Secrets Scans
Prevent the Use of Unsecured ML Models
How to Scan Terraform State Files for IaC Misconfigurations
catalog
Supported Technologies
Configure Catalog
Configure and Manage Labels
GraphQL APIs
How-Tos
How to Identify and Mitigate Vulnerable OSS Packages in Your Repository
How to Enforce Compliance Policies Using Catalog Labels
How to Compare and Select the Best OSS Package for Your Project
How to Request a License Review in JFrog Catalog
How to Migrate to the Standalone JFrog Catalog Service
source-code
Frogbot V2
Supported Technologies
Package Manager Prerequisites
Features and Capabilities
Installation
GitHub Actions
GitLab CI
Azure DevOps
Jenkins
Configure Frogbot
The frogbot-config.yml File Structure
Frogbot Optional Configuration Parameters
Frogbot Offline
Troubleshooting
Frogbot Scan Results in GitHub
View Scan Results in GitHub Security
View SBOM in GitHub Dependency Graph
Frogbot V3
Scanning Commits and Pull Requests
GitHub
GitLab
Bitbucket
Jenkins
Azure DevOps
How To Consume Results
JFrog Platform
Github Advnaced Security
GitLab
Advanced Management and Configuration
Frogbot Scan Results
GitHub
GitLab
Git Repository Scans and Results
Git Repository Configuration
Create a Git Repository Policy
Create a Git Repository Watch
View Git Repository Scan Results
Export Scan Results
Ignore Git Repository Violations
Working in Air-Gapped Environments
Developers
IDEs
Visual Studio Code
Cursor
Windsurf Editor
JetBrains
Eclipse
Visual Studio
Local SAST MCP
CLI
Platform Maintenance
Curation Compliance Check
Scan Your Binaries
Scan Published Builds
Enrich your SBOM JSONs & XMLs
Scan Your Source Code
Scan Your ML Models
runtime
Supported Technologies
Runtime Impact
Runtime Integrity
Integrity Violation Explainability
Configure Runtime
Sensor
OpenShift SCC
Certificate Verification
Workload Automation Service
Configure AWS ECS Fargate
Manage Runtime
How-Tos
Prioritizing Runtime Vulnerabilities Using Xray Dashboard
Inspecting Live Software Components
Reducing Noise in Risk Management
Fast Exposure Window Closing
Strengthening Runtime Trust Through Image Verification
Detecting Your Live Artifacts in Artifactory
Ensure Security Scanning for Runtime-Detected Images in a Cluster Use Case A DevSecOps engineer
Renewing Registration Tokens
APIs
List Image Tags
Get Clusters List
Get Cluster
List Workloads
Get Registration Token
Revoke and Create Registration Token
Powered by
source-code
Frogbot V3
How To Consume Results
JFrog Platform GitHub Advanced Security GitLab
Copy Page
