Today I’d like to show you how you can leverage WhiteSource integration with JFrog Artifactory to block open source components not meeting your company’s policies from entering your repository.
This additional capability of automatically enforcing security, license and quality policies on your repository can help your engineering, DevOps and security teams to better control their open source usage.
Once you’ll integrate the two environments, every time you deploy a new artifact or run a cron based job, JFrog will pull information on all your open source components from the WhiteSource database automatically.
Just click on each artifact’s property tab to see the open source license, security vulnerabilities, including CVE number and severity and a brief description with relevant links provided by WhiteSource. You can also see whether the artifact is rejected by one of your WhiteSource policies
To automate policies enforcement on your repository, we recommend your team to set up a Quarantine Repository in your Artifactory. Once defined, all artifacts rejected by your policies will be moved to that repository, making sure your team does not use artifacts that don’t fit with your organizational policies.
Your DevOps or Engineering team can then go over all quarantine artifacts and selectively decide which components can be ‘unquarantined’ and which should be remained blocked.
Thanks for watchin g!