JFrog has unveiled JFrog Curation, a devsecops system designed to prevent malicious or risky open source or third-party software packages from entering an organization’s software development pipeline.
JFrog Curation blocks the use of risky open source software packages without compromising development speed or the developer experience, JFrog said. It uses binary metadata for identifying malicious packages with higher-severity CVEs (Critical Vulnerabilities and Exposures), operational, or license compliance issues. This removes the need to download each package for scanning before use, thus preserving developer ease and speed, JFrog said.