SUMMARY.md

Table of contents

• What is JFrog Security?
• Products
  • Curation
    • Supported Technologies
    • Features and Capabilities
    • Configure Curation
      • Configure Curation for Self Hosted
      • Set User Roles and Permissions
      • General
      • Configure Repositories
        • Connect Remote Repositories to Curation
        • Enable Pass-Through for Specific Repositories
      • Create Policies
        • List of Available Conditions
      • Create Custom Conditions
    • Manage Curation
      • Manage Repositories
      • View the Active Policies for a Repository
      • Manage Policies
      • Manage Waivers
      • Audit Events
    • How-Tos
      • How to Block Malicious or Vulnerable Packages from Entering the Repository
      • How to Ensure Only Open-Source Packages with Approved Licenses Are Used
      • How to Prevent the Use of Deprecated or Outdated Packages in Development
      • How to Use JFrog Curation as a Developer with the JFrog CLI
      • How to Utilize JFrog Catalog for Curation
      • How to Manage Virtual Repository Behavior and Curation in JFrog Xray
  • Xray
    • Supported Technologies
    • Features and Capabilities
      • SCA
        • Security
          • JFrog Security Research
          • Malicious Package Detection
          • Detect Malicious AI Models
        • Legal
          • Custom Software Licenses
        • Operational Risk
        • SBOM
          • SBOM Import
          • SBOM Export
        • Export Scan Results
        • Understanding and Analyzing Xray Scan Results
          • Builds Security Overview
          • Comparing Build Versions
      • Policies in JFrog Xray
        • Watches in JFrog Xray
        • Ignoring Violations in JFrog Xray: Understanding Ignore Rules
        • Violations Handling and Notifications
          • Jira Integration
            • Setup Xray Jira Integration
            • View Jira Tickets Created with Xray Integration
            • Manually Create a Jira Ticket
            • Ticket Status
            • Best Practices
            • Xray Jira Integration REST API Support
          • Webhooks
      • Xray Reports
    • Quick Start
    • Configure Xray
      • Index Xray Resources
        • Configure Indexing in JFrog Xray
        • Set a Retention Period for Xray Indexed Resources
      • Create Watches
      • Create Policies
    • Manage Xray
      • Xray and JFrog External DB Sync
        • Migration Guide for Self-Hosted Customers: Upgrading from DBSync V1 to V3
      • Advanced Settings
      • System Monitoring
      • TLS Certificates
        • Secure PostgreSQL with TLS Support on Xray
        • Secure RabbitMQ with TLS Support on Xray
        • Trust Self Signed Certificates en
      • System Messages
      • CI-CD Integration with Xray
      • Add Custom Xray Integrations
    • How-Tos
      • How to Filter Out Your 1st Party Components in CycloneDX SBOM report
      • How to Assign Supplier to your resources in SBOM reports
      • How to Block Malicious Packages in your SDLC
      • How to Block Critical and High Vulnerabilities Before Promotion
      • How to Create a Violation for a Specific Package Version
      • How to Send Email Notifications for Each Critical Vulnerability Found in Resource
      • How to Generate a Report with All Vulnerabilities in a Distributed Bundle
      • How to Generate a Report with All Used Licenses in Your Environment Using JFrog Xray
  • Advanced Security
    • Supported Technologies
    • Features and Capabilities
      • Contextual Analysis of CVEs
      • Secrets Scans
      • Misconfigurations Scans
      • SAST
        • Prerequisites
        • List of SAST Rules
    • Set Up Advanced Security
      • Initiate Advanced Scans
        • Repositories
        • Artifacts
        • Custom Secrets Scanner
      • Create Advanced Security Policies
        • Contextual Analysis Policy
        • Exposures Policy
      • Ignore Violations
    • How-Tos
      • Create an Uber JAR for Contextual Analysis
      • Secrets Scans
  • Runtime
    • Supported Technologies
      • Runtime Integrity
      • Runtime Impact
    • Features and Capabilities
    • Configure Runtime
      • Sensor
      • OpenShift SCC
      • Certificate Verification
      • Workload Automation Service
    • Manage Runtime
    • How-Tos
      • Inspecting Live Software Components
      • Reducing Noise in Risk Management
      • Fast Exposure Window Closing
      • Strengthening Runtime Trust Through Image Verification
      • Detecting Your Live Artifacts in Artifactory
    • APIs
      • List Image Tags
      • Get Clusters List
      • Get Cluster
      • List Workloads
  • Catalog
    • Supported Technologies
    • Features and Capabilities
    • Configure Catalog
      • Configure and Manage Labels
      • GraphQL APIs
    • How-Tos
      • How to Identify and Mitigate Vulnerable OSS Packages in Your Repository
      • How to Enforce Compliance Policies Using Catalog Labels
      • How to Compare and Select the Best OSS Package for Your Project
• Developers
  • CLI
    • Platform Maintenance
      • Download Updates for Xray's Vulnerability Database
      • Count Contributing Developers
    • Scan Your Source Code
    • Scan Your Binaries
    • Scan Published Builds
    • Enrich your SBOM JSONs & XMLs
    • Curation Compliance Check
  • IDEs
    • Visual Studio Code
      • Package Manager Prerequisites
      • Supported Technologies
      • Installation
      • Manage
      • Quick Start
      • How-Tos
    • JetBrains
      • Supported Technologies
      • Installation
      • Manage
      • Quick Start
      • How-Tos
      • Troubleshooting
    • Eclipse
      • Supported Technologies
      • Installation
      • Quick Start
      • How-Tos
    • Visual Studio
      • Supported Technologies
      • Installation
      • Quick Start
  • Frogbot
    • Supported Technologies
    • Package Manager Prerequisites
    • Features and Capabilities
    • Advanced Frogbot Configuration (Optional)
    • Set Up Frogbot by CI
      • GitHub Actions
        • Installation
        • OpenID Connect Authentication
      • GitLab CI
      • Azure DevOps
      • Jenkins
    • Frogbot Optional Configuration Parameters
    • Frogbot Offline
    • Troubleshooting
  • Working in Air-Gapped Environments