Try JFrog
Guides
Contact SupportTry JFrog
Start typing to search…
  1. Get Started
  2. JFrog Security Workshop

Curation Workshop

This workshop provides a guided, hands-on walkthrough for rolling out JFrog Curation in a controlled and phased manner. It follows a proven approach used by Customer Success teams to help organizations introduce dependency controls safely, without disrupting developer workflows.

You will progress through a series of structured steps that demonstrate how to enable Curation, evaluate policy impact, enforce controls, and operate Curation at scale.

What you’ll accomplish in this workshop

By the end of this workshop, you will be able to:

  • Understand how JFrog Curation fits into the software supply chain
  • Enable Curation in a controlled environment
  • Block known malicious packages with minimal risk
  • Evaluate security and license policies using dry run mode
  • Apply enforcement gradually across your organization
  • Handle exceptions using waivers
  • Monitor and operate Curation as part of day-to-day security operations

Who this workshop is for

This workshop is intended for:

  • Platform administrators
  • Security and DevSecOps teams
  • Technical owners responsible for dependency governance

It assumes familiarity with Artifactory and basic CI/CD concepts, but does not require prior experience with JFrog Curation.

Before you begin

Before starting the workshop, ensure that:

  • JFrog Xray is enabled in your environment
  • JFrog Catalog is available
  • You have permissions to manage security policies and settings
  • You have access to a test repository or project where enforcement can be safely evaluated

Important This workshop demonstrates policy enforcement behavior. It is strongly recommended to run it in a non-production or limited-scope environment.

How this workshop is structured

This workshop is divided into sequential parts. Each part builds on the previous one and represents a recommended phase in a real-world Curation rollout.

You can stop after any part and resume later.

Workshop flow:

  1. Understand the Curation rollout model
  2. Prepare your environment
  3. Block malicious packages
  4. Estimate policy impact using dry run
  5. Apply organization-wide blocking
  6. Apply scoped and project-level policies
  7. Operate and monitor Curation
  8. Decide what to do next

What this workshop is — and is not

This workshop is:

  • A guided, hands-on experience
  • Opinionated and phased
  • Focused on safe adoption

This workshop is not:

  • A full reference for all Curation features
  • A production hardening guide
  • A replacement for detailed product documentation

Links to deeper documentation are provided throughout the workshop.

Ready to begin?

Start with Part 1: Curation Rollout Overview to understand the phased approach used throughout this workshop.

Updated 3 months ago