JFrog Curation REST API
API for managing package curation policies that automatically vet and block malicious, vulnerable, or risky open-source packages before they enter the development environment.
OpenAPI Specification
openapi: 3.1.0
info:
title: JFrog Curation REST API
description: >-
API for managing package curation policies that automatically vet and block
malicious, vulnerable, or risky open-source packages before they enter the
development environment. JFrog Curation acts as a gateway between public
package registries and your organization's repositories.
version: 1.x
contact:
name: JFrog
url: https://jfrog.com
license:
name: Proprietary
url: https://jfrog.com/terms-of-service/
termsOfService: https://jfrog.com/terms-of-service/
externalDocs:
description: JFrog Curation REST API Documentation
url: https://jfrog.com/help/r/jfrog-rest-apis/jfrog-curation-rest-apis
servers:
- url: https://{server}.jfrog.io/curation/api
description: JFrog Cloud
variables:
server:
default: myserver
description: Your JFrog server name
- url: https://{host}/curation/api
description: Self-hosted JFrog instance
variables:
host:
default: localhost:8082
description: Your self-hosted JFrog server host
security:
- bearerAuth: []
- basicAuth: []
tags:
- name: Audit
description: Curation audit and activity logs
- name: Policies
description: Curation policy management
paths:
/v1/policies:
get:
operationId: listPolicies
summary: JFrog List Curation Policies
description: Returns a list of all curation policies.
tags:
- Policies
responses:
'200':
description: Policies list retrieved
content:
application/json:
schema:
type: object
properties:
policies:
type: array
items:
$ref: '#/components/schemas/CurationPolicy'
post:
operationId: createPolicy
summary: JFrog Create Curation Policy
description: Creates a new curation policy for blocking or allowing packages.
tags:
- Policies
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CurationPolicyRequest'
responses:
'201':
description: Policy created
content:
application/json:
schema:
$ref: '#/components/schemas/CurationPolicy'
'400':
description: Invalid policy configuration
/v1/policies/{policyName}:
get:
operationId: getPolicy
summary: JFrog Get Curation Policy
description: Returns details for a specific curation policy.
tags:
- Policies
parameters:
- name: policyName
in: path
required: true
schema:
type: string
description: Policy name
responses:
'200':
description: Policy details retrieved
content:
application/json:
schema:
$ref: '#/components/schemas/CurationPolicy'
'404':
description: Policy not found
put:
operationId: updatePolicy
summary: JFrog Update Curation Policy
description: Updates an existing curation policy.
tags:
- Policies
parameters:
- name: policyName
in: path
required: true
schema:
type: string
description: Policy name
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CurationPolicyRequest'
responses:
'200':
description: Policy updated
delete:
operationId: deletePolicy
summary: JFrog Delete Curation Policy
description: Deletes a curation policy.
tags:
- Policies
parameters:
- name: policyName
in: path
required: true
schema:
type: string
description: Policy name
responses:
'204':
description: Policy deleted
/v1/audit:
get:
operationId: getAuditLog
summary: JFrog Get Curation Audit Log
description: Returns the curation audit log showing blocked and allowed packages.
tags:
- Audit
parameters:
- name: from_date
in: query
schema:
type: string
format: date-time
description: Start date for the audit log query
- name: to_date
in: query
schema:
type: string
format: date-time
description: End date for the audit log query
- name: package_type
in: query
schema:
type: string
description: Filter by package type (npm, maven, pypi, etc.)
- name: policy_name
in: query
schema:
type: string
description: Filter by policy name
- name: action_taken
in: query
schema:
type: string
enum: [blocked, allowed, warned]
description: Filter by action taken
- name: limit
in: query
schema:
type: integer
default: 25
description: Maximum number of results
- name: offset
in: query
schema:
type: integer
description: Offset for pagination
responses:
'200':
description: Audit log retrieved
content:
application/json:
schema:
type: object
properties:
total_count:
type: integer
audit_entries:
type: array
items:
$ref: '#/components/schemas/AuditEntry'
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
description: Access token authentication
basicAuth:
type: http
scheme: basic
description: Basic username/password authentication
schemas:
CurationPolicy:
type: object
properties:
policy_name:
type: string
description:
type: string
enabled:
type: boolean
policy_type:
type: string
enum:
- block_malicious_packages
- block_packages_with_vulnerabilities
- block_packages_without_license
- block_packages_by_name
- block_packages_by_age
- allow_only_approved_packages
- custom
repositories:
type: array
items:
type: string
package_types:
type: array
items:
type: string
conditions:
type: object
properties:
min_severity:
type: string
enum: [Low, Medium, High, Critical]
max_age_days:
type: integer
banned_package_names:
type: array
items:
type: string
banned_licenses:
type: array
items:
type: string
approved_packages:
type: array
items:
type: object
properties:
name:
type: string
version:
type: string
actions:
type: object
properties:
block:
type: boolean
notify:
type: boolean
notify_emails:
type: array
items:
type: string
format: email
custom_message:
type: string
created:
type: string
format: date-time
modified:
type: string
format: date-time
CurationPolicyRequest:
type: object
properties:
policy_name:
type: string
description:
type: string
enabled:
type: boolean
policy_type:
type: string
repositories:
type: array
items:
type: string
package_types:
type: array
items:
type: string
conditions:
type: object
actions:
type: object
required:
- policy_name
- policy_type
AuditEntry:
type: object
properties:
timestamp:
type: string
format: date-time
package_name:
type: string
package_version:
type: string
package_type:
type: string
repository:
type: string
policy_name:
type: string
action_taken:
type: string
enum: [blocked, allowed, warned]
reason:
type: string
requesting_user:
type: string