JFrog Curation Lab - Protecting Your Supply Chain

This lab provides hands-on experience in setting up a robust curation process to protect your developers from malicious packages. You'll learn to configure JFrog Curation to monitor, block, and notify about harmful artifacts, ensuring a secure development environment and safeguarding your software supply chain.

Prerequisite:  You must complete the "Getting Started with Curation" self-paced course before diving into our [BETA] Self-Paced Curation Practice Labs.

Course Level: Intermediate

Upon completing this lab, you'll be able to:

• Set up Projects and Repositories: Create a new project and configure remote and virtual repositories specifically for curation, laying the groundwork for a secure development workflow.
• Generate Access Tokens: Create and manage access tokens for secure interaction with JFrog Artifactory and the CLI.
• Enable Curation Services: Activate and configure curation services to continuously monitor repositories for malicious packages.
• Create Curation Policies: Define and implement policies that identify malicious packages and trigger actions like blocking downloads and sending notifications.
• Test and Audit Policies: Validate your curation setup by attempting to download a known malicious package and reviewing the results in JFrog Artifactory, confirming your protection is fully functional.

Requirements - To get the most out of this lab, you should have: 

• A basic understanding of REST APIs and command-line operations.
• Familiarity with JFrog Artifactory's user interface (UI).
• Knowledge of common package managers (e.g., NPM).

Recommendation: For deeper insights and to practice these labs with expert guidance, we highly recommend registering for our live instructor-led course: JFrog Curation Mastery: Implementing Shift-Left Security (JFTC 506).