Was Not !!link!! Downloaded Due To The !!link!! Download Blocking Policy Configured In Xray Guide
Policies can be set to block downloads if an artifact contains issues graded as Low, Medium, High, or Critical.
Using old versions of common libraries (e.g., commons-io 2.4) that have known CVEs.
If you need to know which rule is causing the block, you can use the JFrog Get Policies API to look for policies where block_download is set to true . How to Resolve the Block 1. Upgrade the Dependency (Recommended) Policies can be set to block downloads if
If scans are taking too long and blocking builds, you can set a . This keeps the download connection open for a set time (default 60 seconds) to give Xray a chance to finish scanning before failing the request. 3. Allow Downloads When Xray is Unavailable
The error message typically indicates that JFrog Xray has identified a security vulnerability or license violation in an artifact and is actively preventing its download from JFrog Artifactory. How to Resolve the Block 1
To ensure no "hidden" threats enter your environment, Xray can block artifacts that have not yet completed a scan. Common Triggers for the 403 Error
If an artifact must be used despite a violation, an administrator can: an administrator can: In some environments
In some environments, if the Xray service itself goes down, Artifactory defaults to blocking all downloads as a "fail-secure" measure. You can override this in by enabling "Allow download and distribute when Xray is unavailable" . 4. Explicit Overrides