: Once scanned, artifacts can be blocked based on specific criteria such as vulnerability severity (e.g., Critical, High), CVSS scores, or license non-compliance. How to Configure Block Download
To balance security with developer productivity, Xray provides several advanced settings : jfrog xray block download
: For remote repositories, you can use JFrog Curation to block malicious or vulnerable packages before they even enter your environment. Advanced Control and Fallbacks : Once scanned, artifacts can be blocked based
There are two primary levels of protection when configuring download blocking in Xray: Assign your previously created policy to this Watch
: Define the scope of resources (repositories or builds) you want to monitor. Assign your previously created policy to this Watch .
: Create a "Security" or "License" policy. Within the policy rules, select the Block Download automatic action.
Implementing download blocking involves a structured workflow within the JFrog Platform :