JFrog

JFrog Curation REST API

API for managing package curation policies that automatically vet and block malicious, vulnerable, or risky open-source packages before they enter the development environment.

GitHub OpenAPI

Documentation

📖
Documentation
https://jfrog.com/help/r/jfrog-rest-apis/jfrog-curation-rest-apis
📖
Authentication
https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/jfrog/refs/heads/main/openapi/jfrog-curation-openapi.yml

Other Resources

🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/jfrog/refs/heads/main/capabilities/curation-audit.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/jfrog/refs/heads/main/capabilities/curation-policies.yaml

OpenAPI Specification

jfrog-curation-openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: JFrog Curation REST API
  description: >-
    API for managing package curation policies that automatically vet and block
    malicious, vulnerable, or risky open-source packages before they enter the
    development environment. JFrog Curation acts as a gateway between public
    package registries and your organization's repositories.
  version: 1.x
  contact:
    name: JFrog
    url: https://jfrog.com
  license:
    name: Proprietary
    url: https://jfrog.com/terms-of-service/
  termsOfService: https://jfrog.com/terms-of-service/
externalDocs:
  description: JFrog Curation REST API Documentation
  url: https://jfrog.com/help/r/jfrog-rest-apis/jfrog-curation-rest-apis
servers:
  - url: https://{server}.jfrog.io/curation/api
    description: JFrog Cloud
    variables:
      server:
        default: myserver
        description: Your JFrog server name
  - url: https://{host}/curation/api
    description: Self-hosted JFrog instance
    variables:
      host:
        default: localhost:8082
        description: Your self-hosted JFrog server host
security:
  - bearerAuth: []
  - basicAuth: []
tags:
  - name: Audit
    description: Curation audit and activity logs
  - name: Policies
    description: Curation policy management
paths:
  /v1/policies:
    get:
      operationId: listPolicies
      summary: JFrog List Curation Policies
      description: Returns a list of all curation policies.
      tags:
        - Policies
      responses:
        '200':
          description: Policies list retrieved
          content:
            application/json:
              schema:
                type: object
                properties:
                  policies:
                    type: array
                    items:
                      $ref: '#/components/schemas/CurationPolicy'
    post:
      operationId: createPolicy
      summary: JFrog Create Curation Policy
      description: Creates a new curation policy for blocking or allowing packages.
      tags:
        - Policies
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CurationPolicyRequest'
      responses:
        '201':
          description: Policy created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CurationPolicy'
        '400':
          description: Invalid policy configuration
  /v1/policies/{policyName}:
    get:
      operationId: getPolicy
      summary: JFrog Get Curation Policy
      description: Returns details for a specific curation policy.
      tags:
        - Policies
      parameters:
        - name: policyName
          in: path
          required: true
          schema:
            type: string
          description: Policy name
      responses:
        '200':
          description: Policy details retrieved
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CurationPolicy'
        '404':
          description: Policy not found
    put:
      operationId: updatePolicy
      summary: JFrog Update Curation Policy
      description: Updates an existing curation policy.
      tags:
        - Policies
      parameters:
        - name: policyName
          in: path
          required: true
          schema:
            type: string
          description: Policy name
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CurationPolicyRequest'
      responses:
        '200':
          description: Policy updated
    delete:
      operationId: deletePolicy
      summary: JFrog Delete Curation Policy
      description: Deletes a curation policy.
      tags:
        - Policies
      parameters:
        - name: policyName
          in: path
          required: true
          schema:
            type: string
          description: Policy name
      responses:
        '204':
          description: Policy deleted
  /v1/audit:
    get:
      operationId: getAuditLog
      summary: JFrog Get Curation Audit Log
      description: Returns the curation audit log showing blocked and allowed packages.
      tags:
        - Audit
      parameters:
        - name: from_date
          in: query
          schema:
            type: string
            format: date-time
          description: Start date for the audit log query
        - name: to_date
          in: query
          schema:
            type: string
            format: date-time
          description: End date for the audit log query
        - name: package_type
          in: query
          schema:
            type: string
          description: Filter by package type (npm, maven, pypi, etc.)
        - name: policy_name
          in: query
          schema:
            type: string
          description: Filter by policy name
        - name: action_taken
          in: query
          schema:
            type: string
            enum: [blocked, allowed, warned]
          description: Filter by action taken
        - name: limit
          in: query
          schema:
            type: integer
            default: 25
          description: Maximum number of results
        - name: offset
          in: query
          schema:
            type: integer
          description: Offset for pagination
      responses:
        '200':
          description: Audit log retrieved
          content:
            application/json:
              schema:
                type: object
                properties:
                  total_count:
                    type: integer
                  audit_entries:
                    type: array
                    items:
                      $ref: '#/components/schemas/AuditEntry'
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: Access token authentication
    basicAuth:
      type: http
      scheme: basic
      description: Basic username/password authentication
  schemas:
    CurationPolicy:
      type: object
      properties:
        policy_name:
          type: string
        description:
          type: string
        enabled:
          type: boolean
        policy_type:
          type: string
          enum:
            - block_malicious_packages
            - block_packages_with_vulnerabilities
            - block_packages_without_license
            - block_packages_by_name
            - block_packages_by_age
            - allow_only_approved_packages
            - custom
        repositories:
          type: array
          items:
            type: string
        package_types:
          type: array
          items:
            type: string
        conditions:
          type: object
          properties:
            min_severity:
              type: string
              enum: [Low, Medium, High, Critical]
            max_age_days:
              type: integer
            banned_package_names:
              type: array
              items:
                type: string
            banned_licenses:
              type: array
              items:
                type: string
            approved_packages:
              type: array
              items:
                type: object
                properties:
                  name:
                    type: string
                  version:
                    type: string
        actions:
          type: object
          properties:
            block:
              type: boolean
            notify:
              type: boolean
            notify_emails:
              type: array
              items:
                type: string
                format: email
            custom_message:
              type: string
        created:
          type: string
          format: date-time
        modified:
          type: string
          format: date-time
    CurationPolicyRequest:
      type: object
      properties:
        policy_name:
          type: string
        description:
          type: string
        enabled:
          type: boolean
        policy_type:
          type: string
        repositories:
          type: array
          items:
            type: string
        package_types:
          type: array
          items:
            type: string
        conditions:
          type: object
        actions:
          type: object
      required:
        - policy_name
        - policy_type
    AuditEntry:
      type: object
      properties:
        timestamp:
          type: string
          format: date-time
        package_name:
          type: string
        package_version:
          type: string
        package_type:
          type: string
        repository:
          type: string
        policy_name:
          type: string
        action_taken:
          type: string
          enum: [blocked, allowed, warned]
        reason:
          type: string
        requesting_user:
          type: string