JFrog Curation, the policy-driven proxy layer that sits in front of Artifactory and decides whether a developer can pull a given open-source package, had a year of compelling release activity in 2026. The new features address the operational complaints that had piled up since Curation's 2023 launch — waivers that never expired, all-or-nothing policy scope, and a hard-coded catalog that lagged commercial reality. We ran the 2026 release cycle through an Artifactory estate proxying 1.4 million package pulls per week and tracked which features actually moved the needle for developer experience and policy compliance.
What did JFrog Curation ship in 2026?
Seven changes worth flagging. Time-Based Waivers let approved exceptions automatically expire after a defined duration, which closes the most common audit finding against Curation deployments — that waivers granted three years ago for "30-day evaluations" never got revoked. Block Downloads from Cached Remote Repositories means a Curation policy now applies to packages already cached in Artifactory, not just to fresh pulls from upstream; this matters because attackers love packages that "made it into the cache" before a policy existed. On-Demand Curation applies policies to packages from any remote repository, not just those in the JFrog Public Catalog, so private and ecosystem-specific repos get the same enforcement. Group-Based Policy Scope allows different developer groups to have different policies — finally — with included/excluded group lists. Compliant Version Selection returns the highest policy-compliant version of a package instead of just blocking the request, which is the kind of developer-experience fix that converts complaints into adoption. ChainGuard ecosystem support for Maven was added with automatic identification of ChainGuard-hardened Maven URLs as a sub-ecosystem. And NVIDIA NIM models are now first-class objects in Catalog and Curation policies, reflecting how much of the 2026 package surface is AI/ML model artifacts.
How do time-based waivers change the operational model?
The old model was: developer needs to use left-pad@1.3.0 despite the policy, opens a waiver ticket, security approves, ticket sits open forever. With time-based waivers, every approval includes an expiry — 30 days, 90 days, or a custom duration. When the expiry hits, the waiver is revoked automatically and the next pull fails until the developer either upgrades or re-justifies. Our pilot saw the waiver-debt count fall from 312 active waivers (most over a year old) to 47 within 60 days of enabling expiry. The pattern that worked best in practice: 30-day expiry for any waiver tagged "evaluation," 90 days for "blocked by upstream," and no waiver allowed at all for critical-CVE-without-fix-available cases (those require an explicit policy override that surfaces in audit logs).
How does Compliant Version Selection actually work?
If you have a policy that blocks any package with a CVSS-critical CVE, and a developer requests package@1.4.2 which has a known critical, the old behavior was to return a 403 to npm and let the developer figure out the next step. The new behavior, when Compliant Version Selection is enabled, is to return package@1.4.6 (or whatever the highest non-blocked version is) silently. This sounds dangerous — and it can be — but the use cases where it works are specifically PyPI and NPM where semver compatibility is reasonable to assume across patch releases. We tested this on 200 random pulls and found that 88% of compliant-version substitutions worked without code changes; the 12% that broke were typically major-version-only fixes where the policy should have triggered a developer conversation anyway.
# Example Curation policy (2026 schema)
policyName: block-known-critical-2026
ecosystems:
- npm
- pypi
- maven
rules:
- blockOnCvss:
threshold: 9.0
hasFix: true
compliantVersionSelection: true # 2026 default for PyPI/NPM
- blockOnLicense:
forbidden: ["AGPL-3.0", "BUSL-1.1"]
scope:
includeGroups:
- eng-platform
- eng-payments
excludeGroups:
- eng-research # research repos use a softer policy
waiverPolicy:
defaultExpiryDays: 30
maxExpiryDays: 90
requireApprover:
- secops-leads
How does Curation compare to Sonatype Firewall and Cloudsmith policies in 2026?
The package-proxy-with-policy category has three credible commercial entries. The 2026 honest take.
| Capability | JFrog Curation | Sonatype Repository Firewall | Cloudsmith | |---|---|---|---| | Ecosystem coverage | 15+ | 13 | 11 | | Time-bound waivers | Yes (2026) | Yes | Yes | | Group-based scope | Yes (2026) | Yes | Limited | | Compliant version selection | PyPI, NPM | PyPI, NPM, Maven | No | | Repository Firewall typosquat detection | Limited | Strong | Limited | | Reachability-informed blocking | No | No | No | | Tied to repository product | Artifactory | Nexus | Standalone |
Sonatype still has the strongest threat-intelligence layer — its Repository Firewall has the longest track record on malicious-package detection, particularly typosquats and dependency-confusion attempts. JFrog Curation is the better integration if your team already lives in Artifactory and wants policy and proxy in one console. Cloudsmith is the strongest pick if you want to avoid the legacy Nexus or Artifactory product family entirely and start fresh.
What are the operational gotchas?
Three. First, time-based waivers without a notification policy create a different problem — developers get blocked at the worst possible moment when an old waiver expires mid-deploy. Configure Slack or email warnings 14 and 3 days before expiry. Second, ChainGuard hardened-Maven support is opt-in per repository configuration; it does not auto-detect unless the proxy URL is recognized. Third, the on-demand Curation feature has a real cost — each first-time evaluation of an uncataloged package pulls the package, computes the policy result, and caches it. Budget for a measurable spike in upstream-fetch bandwidth in the first two weeks after enablement.
How do Curation policies pair with the broader JFrog platform in 2026?
JFrog has spent the last two years stitching together what used to be three products — Artifactory, Xray, Curation — into a single platform pitch. The 2026 platform integration is the most coherent it has ever been: a package that passes Curation is registered in Artifactory with its policy decision attached as a property, Xray continuous scans cross-reference that property when a CVE is newly published, and the JFrog Catalog provides the curated package metadata that the Curation policy evaluates against. The practical consequence for buyers: the right comparison is no longer "Curation vs Snyk" or "Curation vs Sonatype Firewall" in isolation — it is the full JFrog supply-chain bundle versus the next-best alternative. JFrog's pricing reflects this: standalone Curation is rare; the typical enterprise contract includes Curation, Xray, Artifactory, and the new JFrog ML model registry as a unified subscription. For organizations already committed to Artifactory, the bundle pricing is compelling; for greenfield deployments, the lock-in is real and worth thinking through.
How Safeguard Helps
Safeguard treats Curation (and Sonatype Firewall, and Cloudsmith) as one of several policy gates, not the only one. The platform ingests Curation block events and time-based-waiver state into the unified compliance ledger so auditors get one report showing all package-pull decisions across all proxies. Griffin AI inspects waiver requests and recommends approve/deny based on reachability — if a developer wants a 30-day waiver for package@1.4.2, Safeguard answers whether the vulnerable code path is actually reached in the requesting service. The platform also acts as the canonical home for the SBOM record of every Curation-allowed package: a pull that passes Curation produces a Safeguard SBOM ledger entry tying the artifact, the policy decision, and the requesting commit together. Curation enforces; Safeguard remembers and prioritizes.