Try JFrog
Guides
Contact SupportTry JFrog
  1. Get Started
  2. JFrog Security Implementation Guides

Curation Workshop

This workshop provides a guided, hands-on walkthrough for rolling out JFrog Curation in a controlled and phased manner. It follows a proven approach used by Customer Success teams to help organizations introduce dependency controls safely, without disrupting developer workflows.

You will progress through a series of structured steps that demonstrate how to enable Curation, evaluate policy impact, enforce controls, and operate Curation at scale.

🐸

Learn more about Software Supply Chain Security: Curation, Policies, and Catalog Management at JFrog Academy!

What you’ll accomplish in this workshop

By the end of this workshop, you will be able to:

  • Understand how JFrog Curation fits into the software supply chain
  • Enable Curation in a controlled environment
  • Block known malicious packages with minimal risk
  • Evaluate security and license policies using dry run mode
  • Apply enforcement gradually across your organization
  • Handle exceptions using waivers
  • Monitor and operate Curation as part of day-to-day security operations

Who this workshop is for

This workshop is intended for:

  • Platform administrators
  • Security and DevSecOps teams
  • Technical owners responsible for dependency governance

It assumes familiarity with Artifactory and basic CI/CD concepts, but does not require prior experience with JFrog Curation.

Before you begin

Before starting the workshop, ensure that:

  • JFrog Xray is enabled in your environment
  • JFrog Catalog is available
  • You have permissions to manage security policies and settings
  • You have access to a test repository or project where enforcement can be safely evaluated

Important This workshop demonstrates policy enforcement behavior. It is strongly recommended to run it in a non-production or limited-scope environment.

How this workshop is structured

This workshop is divided into sequential parts. Each part builds on the previous one and represents a recommended phase in a real-world Curation rollout.

You can stop after any part and resume later.

Workshop flow:

  1. Understand the Curation rollout model
  2. Prepare your environment
  3. Block malicious packages
  4. Estimate policy impact using dry run
  5. Apply organization-wide blocking
  6. Apply scoped and project-level policies
  7. Operate and monitor Curation
  8. Decide what to do next

What this workshop is — and is not

This workshop is:

  • A guided, hands-on experience
  • Opinionated and phased
  • Focused on safe adoption

This workshop is not:

  • A full reference for all Curation features
  • A production hardening guide
  • A replacement for detailed product documentation

Links to deeper documentation are provided throughout the workshop.

Ready to begin?

Start with Part 1: Curation Rollout Overview to understand the phased approach used throughout this workshop.