
JFrog Curation Lab - Protecting Your Supply Chain
Set up a robust curation process to protect your developers from malicious packages using JFrog Curation.
This lab provides hands-on experience in setting up a robust curation process to protect your developers from malicious packages. You'll learn to configure JFrog Curation to monitor, block, and notify about harmful artifacts, ensuring a secure development environment and safeguarding your software supply chain.
Prerequisite: You must complete the "Getting Started with Curation" self-paced course before diving into our [BETA] Self-Paced Curation Practice Labs.
Course Level: Intermediate
Upon completing this lab, you'll be able to:
- Set up Projects and Repositories: Create a new project and configure remote and virtual repositories specifically for curation, laying the groundwork for a secure development workflow.
- Generate Access Tokens: Create and manage access tokens for secure interaction with JFrog Artifactory and the CLI.
- Enable Curation Services: Activate and configure curation services to continuously monitor repositories for malicious packages.
- Create Curation Policies: Define and implement policies that identify malicious packages and trigger actions like blocking downloads and sending notifications.
- Test and Audit Policies: Validate your curation setup by attempting to download a known malicious package and reviewing the results in JFrog Artifactory, confirming your protection is fully functional.
Requirements - To get the most out of this lab, you should have:
- A basic understanding of REST APIs and command-line operations.
- Familiarity with JFrog Artifactory's user interface (UI).
- Knowledge of common package managers (e.g., NPM).
Recommendation: For deeper insights and to practice these labs with expert guidance, we highly recommend registering for our live instructor-led course: JFrog Curation Mastery: Implementing Shift-Left Security (JFTC 506).