{"id":90,"date":"2026-03-18T11:47:08","date_gmt":"2026-03-18T11:47:08","guid":{"rendered":"https:\/\/www.almtoolbox.com\/cz\/blog\/?p=90"},"modified":"2026-03-19T14:22:28","modified_gmt":"2026-03-19T14:22:28","slug":"jfrog-curation-self-managed","status":"publish","type":"post","link":"https:\/\/www.almtoolbox.com\/cz\/blog\/jfrog-curation-self-managed\/","title":{"rendered":"JFrog Curation pro uzav\u0159en\u00e1 prost\u0159ed\u00ed: Jak blokovat \u0161kodliv\u00e9 bal\u00ed\u010dky d\u0159\u00edve, ne\u017e se dostanou do k\u00f3du"},"content":{"rendered":"\n
Modern\u00ed organizace stav\u00ed t\u00e9m\u011b\u0159 ka\u017ed\u00fd produkt na open source k\u00f3du a z\u00e1vislostech t\u0159et\u00edch stran. To urychluje v\u00fdvoj, ale tak\u00e9 p\u0159in\u00e1\u0161\u00ed rozm\u011br rizika: \u0161kodliv\u00e9 bal\u00ed\u010dky (malware), verze s kritick\u00fdmi bezpe\u010dnostn\u00edmi zranitelnostmi, probl\u00e9my s licencemi nebo nevyzr\u00e1l\u00e9 a neudr\u017eovan\u00e9 z\u00e1vislosti.<\/p>\n\n\n
\n<\/figure>\n<\/div>\n\n\n
\n<\/figure>\n
<\/p><\/div>\n\n\n\n
Ve v\u011bt\u0161in\u011b p\u0159\u00edpad\u016f se tradi\u010dn\u00ed bezpe\u010dnostn\u00ed n\u00e1stroje setk\u00e1vaj\u00ed s komponentou a\u017e pot\u00e9<\/span>, co se ji\u017e dostala do repozit\u00e1\u0159e, buildu nebo pipeline.<\/p>\n\n\n\n
A p\u0159esn\u011b zde p\u0159ich\u00e1z\u00ed na sc\u00e9nu JFrog Curation<\/strong>: m\u00edsto toho, abyste zp\u011btn\u011b zjistili, \u017ee se nebezpe\u010dn\u00e1 komponenta ji\u017e dostala do organizace, JFrog Curation funguje v bod\u011b po\u017eadavku a sta\u017een\u00ed bal\u00ed\u010dku a blokuje problematick\u00e9 komponenty je\u0161t\u011b d\u0159\u00edve, ne\u017e se stanou sou\u010d\u00e1st\u00ed k\u00f3du, buildu nebo aplikace.<\/p>\n\n\n\n
Co je JFrog Curation Package a co poskytuje?<\/h2>\n\n\n\n
JFrog Curation<\/strong> je vrstva spr\u00e1vy (governance) a prosazov\u00e1n\u00ed z\u00e1sad pro pou\u017e\u00edv\u00e1n\u00ed open source bal\u00ed\u010dk\u016f a z\u00e1vislost\u00ed t\u0159et\u00edch stran. M\u016f\u017eete si to p\u0159edstavit jako \u201evstupn\u00ed br\u00e1nu\u201c pro extern\u00ed bal\u00ed\u010dky: m\u00edsto aby ka\u017ed\u00e1 z\u00e1vislost (dependency) automaticky vstoupila do prost\u0159ed\u00ed, organizace definuje pravidla, kter\u00e1 ur\u010duj\u00ed, jak\u00e9 bal\u00ed\u010dky je povoleno st\u00e1hnout, kter\u00e9 by m\u011bly b\u00fdt zablokov\u00e1ny a kter\u00e9 vy\u017eaduj\u00ed dal\u0161\u00ed kontrolu.<\/p>\n\n\n\n
Toto \u0159e\u0161en\u00ed mimo jin\u00e9 umo\u017e\u0148uje:<\/strong><\/p>\n\n\n\n\n
Blokovat bal\u00ed\u010dky ozna\u010den\u00e9 jako \u0161kodliv\u00e9.<\/li>\n\n\n\n
Blokovat verze s bezpe\u010dnostn\u00edmi zranitelnostmi na z\u00e1klad\u011b \u00farovn\u011b z\u00e1va\u017enosti nebo firemn\u00edch z\u00e1sad.<\/li>\n\n\n\n
Omezit pou\u017e\u00edv\u00e1n\u00ed bal\u00ed\u010dk\u016f, kter\u00e9 jsou p\u0159\u00edli\u0161 star\u00e9, nevyzr\u00e1l\u00e9 nebo neudr\u017eovan\u00e9.<\/li>\n\n\n\n
Pou\u017e\u00edvat allowlist a blocklist podle pot\u0159eb organizace.<\/li>\n\n\n\n
Vytv\u00e1\u0159et organizovan\u00fd audit trail pro ka\u017ed\u00e9 rozhodnut\u00ed o zablokov\u00e1n\u00ed nebo schv\u00e1len\u00ed.<\/li>\n<\/ol>\n\n\n\n
Obchodn\u00ed dopad je z\u0159ejm\u00fd: men\u0161\u00ed z\u00e1vislost na manu\u00e1ln\u00edch rozhodnut\u00edch, ni\u017e\u0161\u00ed riziko vniknut\u00ed nebezpe\u010dn\u00fdch komponent a v\u011bt\u0161\u00ed kontrola nad dodavatelsk\u00fdm \u0159et\u011bzcem softwaru.<\/p>\n\n\n\n
Jak funguje JFrog Curation v prost\u0159ed\u00ed Self-Hosted \/ Self-Managed?<\/h2>\n\n\n\n
V nez\u00e1visle spravovan\u00fdch prost\u0159ed\u00edch on-premises \/ self-hosted se JFrog Curation integruje s platformou JFrog, a zejm\u00e9na s n\u00e1stroji Artifactory a Xray.<\/p>\n\n\n\n
Model je pom\u011brn\u011b jednoduch\u00fd:<\/strong><\/p>\n\n\n\n\n
JFrog Curation zkontroluje po\u017eadavek proti firemn\u00edm z\u00e1sad\u00e1m.<\/li>\n\n\n\n
Pokud bal\u00ed\u010dek spl\u0148uje podm\u00ednky (policies) \u2013 sta\u017een\u00ed je povoleno.<\/li>\n\n\n\n
Pokud bal\u00ed\u010dek poru\u0161uje z\u00e1sady, p\u0159\u00edstup je zablokov\u00e1n je\u0161t\u011b d\u0159\u00edve, ne\u017e komponenta vstoup\u00ed do prost\u0159ed\u00ed.<\/li>\n<\/ol>\n\n\n\n
Jin\u00fdmi slovy, m\u00edsto pouh\u00e9ho skenov\u00e1n\u00ed po sta\u017een\u00ed z\u00edsk\u00e1 organizace mechanismus prevence (prevention<\/strong>) ji\u017e ve f\u00e1zi vstupu.<\/p>\n\n\n\n
To je z\u00e1sadn\u00ed zm\u011bna: m\u00e9n\u011b \u201en\u00e1sledn\u00e9ho \u00faklidu\u201c, v\u00edce prevence p\u0159edem.<\/p>\n\n\n\n
Co se re\u00e1ln\u011b stane p\u0159i po\u017eadavku na bal\u00ed\u010dek?<\/h3>\n\n\n\n
Kdy\u017e v\u00fdvoj\u00e1\u0159, pipeline nebo build po\u017eaduje z\u00e1vislost p\u0159es firemn\u00ed repozit\u00e1\u0159, syst\u00e9m zkontroluje, zda bal\u00ed\u010dek:<\/p>\n\n\n\n
\n
Byl identifikov\u00e1n jako \u0161kodliv\u00fd.<\/li>\n\n\n\n
Obsahuje bezpe\u010dnostn\u00ed zranitelnosti podle z\u00e1sad.<\/li>\n\n\n\n
Nespl\u0148uje dal\u0161\u00ed intern\u00ed pravidla stanoven\u00e1 organizac\u00ed.<\/li>\n<\/ul>\n\n\n\n
Pokud je n\u011bkter\u00e1 z podm\u00ednek spln\u011bna, sta\u017een\u00ed m\u016f\u017ee b\u00fdt zablokov\u00e1no.<\/p>\n\n\n\n
V n\u011bkter\u00fdch sc\u00e9n\u00e1\u0159\u00edch lze tak\u00e9 umo\u017enit automatick\u00fd v\u00fdb\u011br vhodn\u011bj\u0161\u00ed verze nam\u00edsto selh\u00e1n\u00ed cel\u00e9ho procesu.<\/p>\n\n\n\n
Jak funguje JFrog Curation v prost\u0159ed\u00ed Air-Gapped?<\/h2>\n\n\n\n
V prost\u0159ed\u00edch Air-Gapped<\/strong> je v\u00fdzva jin\u00e1: neexistuje \u017e\u00e1dn\u00e9 p\u0159\u00edm\u00e9 p\u0159ipojen\u00ed k internetu, a proto se nelze spol\u00e9hat na otev\u0159en\u00fd p\u0159\u00edstup k ve\u0159ejn\u00fdm repozit\u00e1\u0159\u016fm.<\/p>\n\n\n\n
V t\u011bchto situac\u00edch je obvykl\u00e9 pracovat s kontrolovan\u00fdm procesem, kdy jsou z\u00e1vislosti stahov\u00e1ny do extern\u00ed oblasti nebo do DMZ, zkontrolov\u00e1ny a schv\u00e1leny, a teprve pot\u00e9 jsou p\u0159esunuty do izolovan\u00e9ho prost\u0159ed\u00ed.<\/p>\n\n\n\n
V tomto modelu je JFrog Curation integrov\u00e1n jako sou\u010d\u00e1st kontroln\u00edho mechanismu:<\/p>\n\n\n\n
\n
Extern\u00ed komponenty jsou nejprve sta\u017eeny do kontrolovan\u00e9ho prost\u0159ed\u00ed.<\/li>\n\n\n\n
Komponenty projdou skenov\u00e1n\u00edm, kontrolou z\u00e1sad a curation.<\/li>\n\n\n\n
Pouze schv\u00e1len\u00e9 bal\u00ed\u010dky jsou p\u0159esunuty do intern\u00edch repozit\u00e1\u0159\u016f.<\/li>\n\n\n\n
Uvnit\u0159 izolovan\u00e9ho prost\u0159ed\u00ed se nad\u00e1le pracuje pouze s komponentami, kter\u00e9 ji\u017e byly schv\u00e1leny.<\/li>\n<\/ul>\n\n\n\n
Organizace operuj\u00edc\u00ed v izolovan\u00fdch s\u00edt\u00edch tak mohou vyu\u017e\u00edvat v\u00fdhod p\u0159\u00edsn\u00e9 spr\u00e1vy nad open source bal\u00ed\u010dky, ani\u017e by musely samotn\u00e9 prost\u0159ed\u00ed vystavit internetu.<\/p>\n\n\n\n
Jak JFrog Curation zabra\u0148uje vniknut\u00ed \u0161kodliv\u00fdch bal\u00ed\u010dk\u016f do k\u00f3du a aplikace?<\/h2>\n\n\n\n
Jednou z hlavn\u00edch v\u00fdhod JFrog Curation je, \u017ee ne\u010dek\u00e1, a\u017e se probl\u00e9m objev\u00ed v produkci.<\/p>\n\n\n\n
M\u00edsto toho pom\u00e1h\u00e1 identifikovat a blokovat nebezpe\u010dn\u00e9 bal\u00ed\u010dky je\u0161t\u011b p\u0159edt\u00edm, ne\u017e jsou pou\u017eity v\u00fdvoj\u00e1\u0159i nebo CI\/CD procesy.<\/p>\n\n\n\n
To zahrnuje ochranu p\u0159ed sc\u00e9n\u00e1\u0159i jako:<\/p>\n\n\n\n
\n
\u0160kodliv\u00e9 bal\u00ed\u010dky z\u00e1m\u011brn\u011b nahran\u00e9 do ve\u0159ejn\u00fdch repozit\u00e1\u0159\u016f.<\/li>\n\n\n\n
Typosquatting \u2013 bal\u00ed\u010dky s podobn\u00fdm n\u00e1zvem jako legitimn\u00ed bal\u00ed\u010dek.<\/li>\n\n\n\n
Verze s nebezpe\u010dn\u00fdm k\u00f3dem nebo podez\u0159el\u00fdm chov\u00e1n\u00edm.<\/li>\n\n\n\n
Zraniteln\u00e9 verze se zn\u00e1m\u00fdmi chybami.<\/li>\n<\/ul>\n\n\n\n
V praxi to znamen\u00e1, \u017ee organizace sni\u017euje pravd\u011bpodobnost, \u017ee se \u0161kodliv\u00e1 komponenta dostane do buildu, bude integrov\u00e1na do aplikace a nakonec se dostane do testovac\u00edho nebo produk\u010dn\u00edho prost\u0159ed\u00ed.<\/p>\n\n\n\n
Jak JFrog Curation zlep\u0161uje zabezpe\u010den\u00ed a chr\u00e1n\u00ed prost\u0159ed\u00ed?<\/h2>\n\n\n\n
P\u0159\u00ednos JFrog Curation nespo\u010d\u00edv\u00e1 pouze v blokov\u00e1n\u00ed \u0161kodliv\u00fdch bal\u00ed\u010dk\u016f. Zlep\u0161uje celkovou \u00farove\u0148 ochrany v n\u011bkolika vrstv\u00e1ch:<\/p>\n\n\n\n
M\u00edsto objeven\u00ed nebezpe\u010dn\u00e9 komponenty pot\u00e9, co se ji\u017e dostala do organizace, je zablokov\u00e1na hned ve f\u00e1zi stahov\u00e1n\u00ed.<\/p>\n\n\n\n
2. Sn\u00ed\u017een\u00ed plochy \u00fatoku (Attack Surface)<\/h3>\n\n\n\n
\u010c\u00edm m\u00e9n\u011b problematick\u00fdch komponent se dostane dovnit\u0159, t\u00edm men\u0161\u00ed je riziko zneu\u017eit\u00ed, \u00faniku dat nebo po\u0161kozen\u00ed dodavatelsk\u00e9ho \u0159et\u011bzce.<\/p>\n\n\n\n
V\u0161echny v\u00fdvojov\u00e9 t\u00fdmy nap\u0159\u00ed\u010d v\u0161emi projekty pracuj\u00ed podle stejn\u00fdch pravidel. To je d\u016fle\u017eit\u00e9 zejm\u00e9na ve velk\u00fdch nebo decentralizovan\u00fdch organizac\u00edch.<\/p>\n\n\n\n
4. Zlep\u0161en\u00ed shody s p\u0159edpisy (Compliance)<\/h3>\n\n\n\n
Krom\u011b bezpe\u010dnosti lze prosazovat i licence, pou\u017e\u00edv\u00e1n\u00ed schv\u00e1len\u00fdch verz\u00ed a intern\u00ed z\u00e1sady t\u00fdkaj\u00edc\u00ed se povolen\u00fdch a zak\u00e1zan\u00fdch komponent.<\/p>\n\n\n\n
5. Transparentnost a kontrola<\/h3>\n\n\n\n
S p\u0159ehledn\u00fdm audit trailem m\u016f\u017eete zjistit, kdo co po\u017eadoval, co bylo zablokov\u00e1no, co bylo schv\u00e1leno a pro\u010d bylo u\u010din\u011bno konkr\u00e9tn\u00ed rozhodnut\u00ed.<\/p>\n\n\n\n
A co licence a ceny?<\/h2>\n\n\n\n
\u0158e\u0161en\u00ed Curation od JFrog je placen\u00e9 a je obvykle sou\u010d\u00e1st\u00ed \u0161ir\u0161\u00edho \u0159e\u0161en\u00ed pro spr\u00e1vu a bezpe\u010dnost dodavatelsk\u00e9ho \u0159et\u011bzce softwaru.<\/p>\n\n\n\n
Cena Curation z\u00e1vis\u00ed na po\u010dtu u\u017eivatel\u016f, typu licence, rozsahu pou\u017eit\u00ed a dal\u0161\u00edm. Pro p\u0159esn\u00e9 ceny a cenovou nab\u00eddku n\u00e1s m\u016f\u017eete kontaktovat (podrobnosti n\u00ed\u017ee).<\/p>\n\n\n\n
Jak JFrog Curation \u0161et\u0159\u00ed pen\u00edze a jak se m\u011b\u0159\u00ed ROI?<\/h2>\n\n\n\n
Ji\u017e brzy (Mezit\u00edm n\u00e1s pro v\u00edce podrobnost\u00ed m\u016f\u017eete kontaktovat e-mailem)<\/p>\n\n\n\n
Shrnut\u00ed:<\/h2>\n\n\n\n
JFrog Curation<\/em><\/strong> poskytuje organizac\u00edm praktick\u00fd zp\u016fsob, jak p\u0159estat \u0159e\u0161it rizika open source pouze zp\u011btn\u011b, a za\u010d\u00edt prosazovat z\u00e1sady ji\u017e ve f\u00e1zi vstupu komponenty do prost\u0159ed\u00ed. Pro organizace s prost\u0159ed\u00edm Self-Hosted nebo Air-Gapped se jedn\u00e1 o v\u00fdznamn\u00fd krok ke zlep\u0161en\u00ed bezpe\u010dnosti, sn\u00ed\u017een\u00ed rizik v dodavatelsk\u00e9m \u0159et\u011bzci (supply chain), pos\u00edlen\u00ed shody s p\u0159edpisy a dlouhodob\u00e9mu sn\u00ed\u017een\u00ed provozn\u00edch n\u00e1klad\u016f.<\/p>\n\n\n\n
M\u00edsto objevov\u00e1n\u00ed probl\u00e9m\u016f a\u017e ve chv\u00edli, kdy jsou u\u017e uvnit\u0159, je m\u016f\u017eete zastavit p\u0159edem.<\/p>\n\n\n\n
Spole\u010dnost ALM Toolbox je ofici\u00e1ln\u00edm z\u00e1stupcem spole\u010dnosti JFrog a poskytuje podporu a licence pro \u0159e\u0161en\u00ed JFrog, v\u010detn\u011b Artifactory, Xray, Curation a dal\u0161\u00edch, a tak\u00e9 pomoc s infrastrukturou DevOps a DevSecOps \/ AppSec k vybudov\u00e1n\u00ed bezpe\u010dn\u00e9ho dodavatelsk\u00e9ho \u0159et\u011bzce pro bezpe\u010dn\u00fd v\u00fdvoj k\u00f3du a aplikac\u00ed a propojen\u00ed s v\u00fdvojov\u00fdmi procesy (SDLC \/ ALM) a v\u00fdvojov\u00fdmi n\u00e1stroji. Pro v\u00edce podrobnost\u00ed n\u00e1s m\u016f\u017eete kontaktovat: jfrog@almtoolbox.com<\/a> nebo telefonicky 072-240-5222<\/em><\/p>\n\n\n\n
![\"jfrog](\"https:\/\/www.almtoolbox.com\/blog_he\/wp-content\/uploads\/2026\/03\/jfrog-curation-centralized-visibility-control.jpg\")
<\/figure>\n<\/div>\n\n\n