Problem: Many are pointing public repos. This is not good practice.
Setup JFrog QA and Prod repos in organization.
JFrog QA pulls files from public repos on demand basis or periodic basis.
Builds will be tested and make sure that there are no corrupted jars and all are having proper required license.
Developers can point JFrog QA repo.
When build need to happen in Junkins/Hudson…it uses JFrog Prod.
Developers need to inform admins about required files.
Admins assure integrity of required jars to push to JFrog prod.
Also they will validated required licensing issues for given jars.
This is more safest and controlled way to control final artifacts which are going into production.