What's New: Cloud

Support for Custom Webhooks

Custom Webhooks are Webhooks whose HTTP request headers and payload can be fully customized to adapt to any target service, such as GitHub actions, Gitlab pipelines, Jenkins jobs, Slack, and more. Custom Webhooks trigger events with the format expected by the vendor. 

Ability to Edit the Live Logs Buffer Size 

Support to Select Whether an Access Token Gets the "force revocable" Flag in the Access REST API 

The "force revocable" flag in the tokens has been removed as a default setting and is now a Boolean parameter called "force_revocable" in the Create Token REST API. When the "force_revocable" param is set to true, we will add the "force_revocable" flag to the token's extension.

In addition, a new configuration has been added that sets the default for setting the "force_revocable" default when creating a new token - the default of this configuration will be "false" to ensure that the Circle of Trust remains in place.

Conan Metadata Calculation has been Optimized

npm Login Method has been Updated

The Web Login method for npm is now supported

Generate Violations by Specific Vulnerabilities

You can now create a security policy with the ability to generate violations for specific vulnerabilities (CVEs). 

Jira Integration Enhancements

The Xray Jira Integration feature has been enhanced to support creating Jira tickets manually for any violation from Xray's UI. In addition, you can now create one Jira ticket for all the information regarding all affected components instead of creating a Jira ticket for each component. 

JFrog Advanced Security Scan Existing Artifacts 

You can now run Contextual Analysis and perform Exposures Scan on an existing artifact from the Scans List page. This feature is also supported through the REST API. 

Exposures Additional Scanners

UI Improvements

Added a number of UI improvements in the Scans List to the Vulnerabilities and Exposures categories screens.

preRun and postRun Steps

In the pipelines section in your pipelines YAML, you can now configure two optional steps:

• preRun: This is an optional step. When configured, this step will always run at the beginning of a pipeline. This is useful when you want to run some checks at the beginning of a run.
  

• postRun: This is an optional step. When configured, this step will always run at the end of a pipeline. This is useful when you want to run some checks at the end of a run.

UI for Adding Pipeline Source via Template Deprecated

As of this release, the From Template UI option for adding a pipeline source is deprecated. However, Global and system templates can now be added using pipelines YAML (see previous item)

New Templates Flow

With this release, Pipelines templates have been improved to offer more simplified and flexible user experience completely based on pipelines YAML.

Changes to the Node Pool

• Node Pool for Custom Run: When triggering a custom run, you now have the option of selecting the node pool for the pipeline and individual steps.
• Node Pool and Node Name and Stats on Run Dashboard: During a run, the run dashboard page will now display the name of the node pool and node as clickable links, and the status of the node being used for the run.
• Editable Kuberentes Node Pools Intervals: You can now edit node idle interval for custom Kubernetes node pools.

New Admin Views

Approval Gates Improvement

New Platform Security APIs 

These new Security APIs replace the previous Security APIs, which are planned to be deprecated at a later stage. The new APIs address aspects of JFrog Platform security and access, such as users, groups, permissions, tokens, and more. For more information, see Security REST APIs.

Platform-specific REST APIs Moved to a Dedicated Page

npm Deprecation Flow Improvements

Simplified the npm deprecation handling flow - npm deprecations will now be reflected in the package.json file, and the npm client will return an appropriate error in the case of lacking permissions (note that if you have a large number of deprecated npm packages, upgrading Artifactory will cause Artifactory to start with a few seconds delay).

Federated Repository Multi-Version Support

Multi-version support enables the members of a Federation to run different versions of Artifactory, even if the version at one site includes configuration features and values that are not supported on the versions running at other sites. Thanks to multi-version support, future upgrades after Artifactory 7.49.3 can be performed on one site at a time, eliminating the need for simultaneous upgrades across all locations.

Whenever an instance with a new Artifactory version is introduced to the Federation, the configurations of the other members are retrieved and a negotiation process checks for new and upgraded features that are not supported on the older versions. If there are new features that older versions do not support, the new feature is disabled. For upgraded features, a default value is chosen that is supported on all member versions. 

Multi-version support requires Artifactory 7.49.3 and above. Therefore, it is a prerequisite of this feature to upgrade all Federated repository members to Artifactory 7.49.3. After this has been done, multi-version support is enabled for all versions going forward. 

Federated Repository Monitoring 

This new feature enables you to monitor the status of Federated repositories using a set of dedicated REST APIs. Use these APIs to get the status of the Federation for a specific repository, including task status, pending event status, server lag time, and the number of fully (binary and metadata) and artificially (metadata only) replicated artifacts. In addition, you can use these APIs to get a list of Federation mirror lag times and a list of unsynchronized mirrors.

The new monitoring features become available after the one-time database optimization process (which is part of the upgrade to this version) is complete.

New Variable for SCM Repository Name

A new variable, {{ sourceRepository }}, has been introduced to replace the SCM repository full path during Pipelines sync. For more information, see GitRepo.

New OOTB Global Template

Support for Multiple Operating Systems in Matrix Step

New Custom Views

Ability to Add Description

View Git Repo Event for Runs

New Status Icons

Red Hat SQLite Support

Xray OCI Container Scans Enhancement

Docker and OCI image tarballs built with Kaniko and Podman can now be scanned using JFrog CLI jf scan command.

Enhanced Reports Ignore Rules Info

Security Policy Enhancement

New OOTB Global Templates

The following global templates are now available for use out of the box:

• GoCI
• GradleCI
• MavenCI
• NpmCI

Share Integrations across Projects

Projects admins can now share integrations across multiple Pipelines to allow members in more than one project to use them.

New Utility Function

Conditional Workflow to Support Variable Conditions

Sync a Single Branch

Support for ARM64 Ubuntu 20.04 and MacOS 12 Static Build Nodes

Pipeline Source Page Enhancements

• Pipeline Sources page divided into two sections: Top-level page and a dedicated page for the Pipeline Source's branches.
• A new search API for Pipeline Sources with pagination support.
• Introduced more alignments with the new look and feel.
• More performance improvements to load the Pipeline Sources page faster.
• Updated the Pipeline Sources Admin page design to match the non-Admin page.

JFrog Advanced Security

Announcing JFrog Advanced Security Pack! The new security pack can be purchased with Cloud Enterprise X and Enterprise+ subscriptions, and contains the following features:

• Vulnerability Contextual Analysis: An industry first;  scan containers and packages to prioritize whether OSS vulnerabilities are actually exploitable.
• Exposed Secrets: Detect any secrets left exposed in any containers stored in Artifactory to stop accidental leaks of internal tokens or credentials.
• Insecure use of libraries and services: Detect whether common OSS libraries and services are used and configured securely so that containerized applications can be easily hardened by default.
• Infrastructure-as-Code (IAC): Scan IaC files stored in Artifactory for early detection of cloud and infrastructure misconfigurations. Xray scans Terraform states for AWS, Azure, and GCP cloud services.

Conda Packages Support

Xray can now scan Conda packages that contain python packages and their dependencies for security vulnerabilities, license compliance and operational risk.

On-Demand Scanning Enhancement 

Expand Support to Additional General Archive Types/Formats

Support for Multiple Pipeline Sources per Repository

Secure Project Integration Information

Project integration information is now protected when handling public Git repositories.

Allow Failure in Conditional Steps

A new boolean option called allowFailure has been introduced for conditional steps. The allowFailure option can be set for individual steps and can be used to ignore the current step’s failure while computing the final status of the run. 

New Utility Functions to Store and Restore Files between Steps in Affinity Group

New Runs Charts

Pipelines runs charts show the behavior of the runs for the selected number of runs.
The following charts show how the runs performed:

• Run Performance: Shows the median build time for the runs categorized based on the first and last build.
• Execution Frequency: Shows the average runs.
• Runs Status: Shows the run status and the time taken for each run.

Access Token Scope Added to the WebUI 

The scope of a user's access token (also known as a scoped token), has now been added to the JFrog Platform WebUI (in addition to the existing API endpoint) as a new column in the Security page. 

User/Group WebUI Enhancements

Enhanced the User/Group WebUI with the following updates:

• Enable sorting users in tables by additional columns 
• Enable partial search by name/email in tables
• Improved the loading time of Users in the Groups page
• Improved the loading time of Users/Groups in Permission Targets

Webhooks WebUI Now Supports Using the Secret for Signing the Payload 

When creating Webhooks and defining a secret authentication token, the administrator can determine the way in which the Webhook's secret token should be used:

• As the X-JFrog-Event-Auth HTTP header, so that the token can be used by the service that receives the event to authenticate the event emitter.
• To sign the events payload- in which case the secret token must not be passed as a header.

To support both options, the backend was updated to also send an HTTP header containing the payload hash value calculated based on the secret token (this hash value should be computed based on SHA1 or SHA256). With this release, the JFrog Platform now supports setting the secret for payload signing through the WebUI. 

AQL Search Speed Improvements 

Improved AQL internal search mechanism to support running faster queries, from several days to seconds. 

Helm Indexing Improvements

Improved the speed when indexing Helm Charts in Helm repositories.

Native Browser Scrolling Enhancement 

Added an option to scroll through your artifacts and view all package contents in the Native browser. 

Cargo Indexing Enhancement 

Added support for alternative indexing in Cargo repositories based on the sparse index specifications, instead of jgit server

Newly-Designed Received Bundles Table

The Received Bundles table in the JFrog Platform has been updated to support easier search and filtering for Release Bundles. These updates include:

• Improved search that enables you to find any Release Bundle by name or by using a wildcard together with other Release Bundle details
• All Release Bundles are pulled using the REST API, ensuring that you can search for any Release Bundle regardless of when it was released
• Release Bundles can now be sorted according to name, latest version or creation date

Improved Distribution and XRay integration

The improved integration allows Distribution to retry triggering XRay scans for Release Bundles in cases where XRay is not available (previously this required manually triggering via API).

Allow Including/Excluding Patterns for Syncing User Entities with Access Federation

Selecting a Specific GPG Key to Sign a Release Bundle Version

When signing a Release Bundle version, you can now choose the signing key to use to sign the version through the Distribution UI (key selection was previously supported only through the APIs).

Release Bundles UI Enhancements

• Added a new filter search and the total count for both Distributable and Received Release Bundles.
• From this release, the checkbox Auto create missing repositories is displayed for all Release Bundle distributions (not only PDN), replacing the Target Repository Auto-Creation checkbox (the functionality remains the same). 

Storage Trends Label Update

The % change label in Insights has been updated to % change in space in the Storage Graph when you click on the Growth tab in the Storage Trends drill down.

New Scans List

The Scans List page combines the Xray scans list into a single screen and enables you to view details for repositories, builds, release bundles, and packages. For each of these items, you can drill down further to view the Policy Violations, software components, and security issues. We've also added REST APIs support for this feature 

Ignore Rules Improvement

Improved Impact Analysis Performance

Introduced the following performance improvements:

• When a new vulnerability is published or when its data is updated, the impact on your artifacts is analyzed and the results are updated. This may cause performance issues when there are many artifacts and components. To avoid performance issues the impacts analysis process is now only applied on High Profile CVEs (JFrog Security CVE Research and Enrichment) and will no longer be applied on all CVEs.
• When the license for a package is updated in Xray's DB, the new information is reflected only on scanned artifacts (or rescanned) after the DB is updated.

New UI enabled by default

The Pipeline and Run views now use the new UI by default. The new look and feel were introduced in June 2022. If required, you have the option of switching to the old UI.

Native Steps Enhancements

• All Pipelines native steps now support JFrog CLI v2.
• DockerBuild native step now supports multiple Image and FileSpec resource inputs. 
• Pipelines now allows other step types between DockerBuild and DockerPush native steps. These steps must still be in the same affinity group.
• Added optional namespace setting in the configuration section of HelmDeploy native step. 

Logstash Integration to reqKick

Added build node and Logstash integration for Pipelines agent logs.

Branch Dropdown Wildcard Support

In the Pipeline dashboard, the branch and pipeline dropdown now supports wildcard search. 

Test Tab Enhancements

In the Run view, the test tab has been enhanced as follows:

• Shows the test results summary, with an aggregate count for Success, Failure, Error, and Skipped
• Includes a tab for each of the test results section - Success, Failure, Error, and Skipped and each tab:
  • Includes a list of test suites and test cases with the test name, duration, and path details
  • Shows a summary of test statuses (Success, Failure, Error, and Skipped) at the test suite level
  • Shows error messages for error and failure tests

Re-Trigger Run Option

YAML Validator

Native Steps Enhanced to Utiliize Affinity Groups

A new get_affinity_group_step_names utility function has been introduced to find steps of a particular type in the same affinity group. In addition, NpmBuild and NpmPublish, and GoBuild and GoPublishBinary native steps will now store files locally when in the same affinity group to reduce the time required to run these steps.

Global Environment Variable in Pipelines

Hello World OOTB Template

A new global template called HelloWorld is now available for use out of the box. The template showcases a few of the basic features of Pipelines:

• Parallel steps
• Reading and writing variables that persist across different steps in your pipeline
• Reading from and writing to resources
• Setting environment variables
• Optional GitRepo resource so that users can experiment via the values.yml

Additionally, a sample pipeline that uses this template will be pre-installed for Pipelines users who have not yet created any pipeline source.

Custom Dynamic Nodes on Cloud 

Ability to Change Resource Static Fields

Added a Full Broadcast Function to the Access Federation UI

Added the option to trigger a full broadcast from a specific Access Federation source via the Access Federation UI. 

CRAN Local Repository Improvements

Aligned the CRAN Local repository to follow the CRAN spec when populating the Archive folder by introducing the following enhancements:

• Added the cran.archiveMover.enabled system property that will allow the storage of the archives in the correct hierarchy.

• Added a new Move Archives CRAN REST API,  which moves the existing archives to the correct location (if the system property is enabled). 

Swift Registry Supported on Self-Hosted deployment

Swift Registry support has been expanded to support both cloud and self-hosted deployments.

Debian Repository includes Support for Debian Snapshots 

From Artifactory 7.41.4, Debian repositories include support for Debian Snapshots and can be used in the following scenarios:

• As backups, allowing you to easily fall back to previous versions in case of package corruption due to dependency changes. 
• For release purposes, whereby the tested Packages file can be immutably saved and served.

Users with Repository Management/Deploy Permission can View/Use the Trash Can Repository 

With this release, two changes have been implemented to the Trash Can:

• Users who have deploy or manage permissions to any repository will be able to view the Trash Can and to view files in that repository of origin. 
• Users who also have delete permissions to their repository will now also be able to restore them without requiring admin assistance (they will not be able to view or restore any other repositories). 

Support for a New User Scoped Token for Distribution to the Source Artifactory (Breaking Change)

With this release, user permissions will be enforced when distributing to the source JPD. This means that only users with read and deploy permissions on the target repositories can distribute release bundles to the source Artifactory, and only users with delete permissions for the target repository can delete these bundles.

API Update

The API to

  propagate the GPG key pair to a newly added Distribution Edge has been updated.

Swift Registry Support

Artifactory now natively supports a dedicated Swift Registry, most widely used as the go-to language for iOS and all the other Apple OS-app development, which gives you full control of your deployment and resolution process of your Swift packages and their dependencies. With the introduction of Swift support by Artifactory, you can create secure and private local Swift repositories, remote Swift repositories to proxy remote Swift dependencies and cache downloaded Swift packages. 

Storage Summary Improvements

Rest API Enhancements

• Implemented a new V2 of the Get Issue Events REST API with the ability to get vulnerability details
• Added Operational Risk data to the Release Bundle Details REST API.

Introducing the New Pipeline and Run Views

Support for AWS USW1 Region

Trigger Pipeline Endpoint Enhancements

Bash and PowerShell Scripts Enhancements

Improved Extension Source Sync Logs

Specify Image Version in a Step as a String

New On-Demand Scan REST API

Introduced a new REST API that will enable you to delete on-demand scanning results using the JFrog CLI. 

Operational Risk Reports

TriggerPipeline Native Step (Beta Version)

System-level Control Setting for Non-root Users

Trigger Pipelines API

Introduced a new API to trigger a pipeline that enables you to:

• Trigger all the steps in the pipeline with default environment variables and the latest resources.
• Trigger specified steps in the pipeline with custom environment variables and resource versions.

Full JFrog Support for Terraform Packages

JFrog provides a fully-fledged Terraform repository solution, which gives you full control of your deployment and resolution process of Terraform Modules, Providers, and Backend packages. This solution includes both the Terraform Registry and the Terraform Backend Repository in the JFrog Platform.

Token Enhancements

Scoped Admin Access Tokens: From Artifactory release 7.38.4, JFrog enables companies to create their own admin-scoped access token without using the JFrog Platform UI or via another token. 

New Identity Token Format and API Key Replacement: Artifactory release 7.38.4, includes a new Identity Token format, also called a Reference Token, which can also be used to replace the API Keys that will be deprecated in a future version. The new Reference Token includes an option to create a "shortened," 128-character key, thereby providing an alias for the Identity Token. 

Added PKCE Support for OAuth Integrations

Artifactory now supports enabling the PKCE extension over OAuth to gain an additional level of security and serves as an alternative to the basic Secret mechanism. By selecting the Enabled PCKE field in the OAuth Provider dialog in the UI (see Enabling Authorization Code Flow with PKCE),  you will enable this feature and the Secret option will be automatically disabled. Please note that backward compatibility for the authorization Code Flow without PKCE is retained.

Enforce Internal Dynamic Search of Attributes in LDAP Groups 

Introducing the new functionality for the LDAP group dynamic strategy, which enforces dynamic internal search of attributes in a group by setting the <forceAttributeSearch>true</forceAttributeSearch> in the Config descriptor. 

Maven Non-Preemptive Authentication for Local, Remote, and Virtual Repositories

Anonymous Users can be Routed to Login Page by Default

GAVC Search REST API Supported on Virtual and Remote Repositories

Added Support for Custom Ports to be Exposed on the NGINX Pod 

New Webhook to Support Pull Replication from Remote Repositories   

Extended the Priority Resolution feature to Support RPM Packages

Support for Components Operational Risk

Xray can now provide information about the operational risk of using open source software components. These include the risk of using outdated versions or inactive open source software components in your projects. In the current version of this release, we provide operational risk information for Maven and npm packages.  

Artifactory as Your Symbol Server  

Cloud customers can now benefit from the following advanced Symbol Server features:

• Publishing while indexing your Symbol packages to Artifactory from your NuGet Client v3 together with your NuGet packages or as separate Symbol packages
• Resolving Symbol files (.pdb) from virtual and local repositories in the JFrog Platform
• Resolving Symbol files from remote proxies. For example, http://symbols.nuget.org/download/symbols.
• Debugging the Symbol files hosted on Artifactory using the Visual Studio debugger tool.

Build-Info Repositories can be Shared Across Federated Repositories

The Federated repository feature has been expanded to support adding Build-Info repositories as federated members within a Federation using a dedicated Convert Build-Info Repository to a Federated Repository command  . 

Components Physical Path

Xray now displays the physical path (location) of a vulnerable component in an artifact. This information is displayed in the impact path graph within the CVE, export formats of Xray scans, and in the Violations and Vulnerabilities Xray Reports.

Exclude Violations with No Available Fixed Version

Introducing a new capability in Xray Policies, whereby you can set a policy rule to not generate violations for security issues that do not contain a fixed version. This new capability will help you improve your security workflow in enabling you to exclude violations at the Policy level, by not failing builds for issues that do not contain a fixed version. Whenever a fixed version is available, the violation will be generated.

Rootless Docker Support

Pipelines now supports rootless docker for Ubuntu18/20 build nodes (AWS/GCP - Ubuntu 18/20, Azure - Ubuntu 20, Static nodes - Ubuntu 18/20). Rootless docker helps prevent providing the Docker container root access.

HelmDeploy Native Step Enhancement

Run Variables as Build Parameters

Announcing the Integration Microservice

Released the new Integration micro-service (as part of the JFrog platform), which is responsible for third-party authentication and event registration.

Binding Tokens

Introducing a new type of access token called a binding token, which allows trust to be bi-directional. Binding tokens provide a full self-service for Cloud Enterprise customers that can build customizable binding to the other JPDs on their own. 

Federated Repositories Now Supported for Cloud Customers 

With this release, using the new Binding Tokens, you can set up Federated Repositories in a JFrog Platform Cloud environment. 

Elasticsearch Improvement

CVE Enrichment REST API Support

The JFrog Security CVE Research and Enrichment feature is now supported in additional REST APIs. See Xray Release Notes for details.

JFrog Projects Feature is Available to All JFrog Users

JFrog Projects is a management entity for hosting your resources and for associating users/groups as members with specific entitlements. Using projects helps Platform Admins to offload part of their day-to-day management effort and to generate a better separation between the customer products to improve customer visibility on efficiency, scale, cost, and security. 

Pub Repository Support

Artifactory now natively supports Dart packages, giving you full control of your deployment and resolution process of Flutter, Angular Dart, and general Dart programs, which means that you can create secure and private local Pub Repositories with fine-grained access control.

High Availability in PostgreSQL Database

Artifactory introduces the ability to set up PostgreSQL databases in an high availability configuration to be used as the Artifactory database. 

Priority Resolution Supported on Federated Repositories

Added support for setting Priority Resolution on Federated repositories. Setting Priority Resolution takes precedence over the resolution order when resolving Federated repositories and will cause metadata to be merged only from repositories set with this field. If a package is not found in those repositories, Artifactory will merge metadata from the repositories that have not been set with the Priority Resolution field. 

Garbage Collection Improvements

To improve Garbage Collection performance, you can now disable size-based ordering of the GC query. As a result, artifacts will not necessarily be deleted from largest to smallest. 

Introducing npm SHA512 Support

From npm version 500, all npm packages published to Artifactory will support both SHA512 and SHA1 while using the strongest algorithm available, which will result in improved performance, robustness, and enhanced fault-tolerance. 

Generate Software Bills of Materials (SBOM) Report

Xray now can generate an Xray SBOM Report in both SPDX and CycloneDX standard formats. This will help DevSecOps teams to identify the software components in use, their dependencies, and associated license risks if any. 

On-Demand Binary Scan Docker Support and New UI

Xray Data Retention

Improve Xray performance and data usage by selecting which artifacts are important to scan and how long to retain their Xray data.

Sensitive Data Masked

Metrics Data

Pipelines now provides a new Metrics API, which can be used to get metrics data for Pipelines, such as CPU, memory, number of pipelines per project, and more. 

Pipelines Utility Functions Export

Pipelines utility functions are now exported. This means they can be called from scripts that are invoked from the build script without having to use the 'source' command.

Artifactory Edge Node Support

Support for Personal OAuth SSO

JFrog Cloud can now also join through an invite, and to then log in using Personal OAuth such as Google or GitHub. 

New Integration for JFrog Artifactory with Amazon's Elastic Cloud Kubernetes (EKS) Anywhere

Amazon's Elastic Cloud Kubernetes (EKS) Anywhere is a new deployment option for Amazon EKS, which allows customers to create and operate Kubernetes clusters on customer-managed infrastructure, supported by AWS. The deployment of JFrog Artifactory on Elastic Cloud Kubernetes (EKS), EKS Anywhere uses Helm Charts to leverage the AWS License Manager.

JFrog Projects Feature is Available to All JFrog Users 

The JFrog Projects feature is now supported on all JFrog Subscriptions. JFrog Projects is a management entity for hosting your resources (repositories, builds, Release Bundles, and Pipelines), and for associating users/groups as members with specific entitlements. Projects simplify the onboarding process for new users, create better visibility for LOBs and project stakeholders. 

S3 with Storage Sharding Support

Artifactory introduces S3 Sharding template (s3-sharding) that utilizes a new sub-provider, state-aware-s3, so that you can use multiple S3 buckets with sharding as the Artifactory filestore.

Custom VM Image

Pipelines now supports creating custom VM images. A custom VM image enables you to use your own image as a node in Pipelines, including all the customizations you made when you created the image. 

Share Node Pools across Projects

Change Machine Type in Dynamic Nodes Pool

Pipelines now supports changing machine image type in dynamic node pools.

Pipelines in Search Toolbar

Added the ability to select Pipelines and to search for pipelines using the main search toolbar. The search can be filtered using Name, Branch, Triggered Before, and Triggered After.

New Canvas and Butterfly Graphs

The graph view in Pipelines has now been updated to use canvas and butterfly graphs to provide a much smoother and faster experience.

New Hybrid Solution Provided through the Distribution Edge

The JFrog Distribution Edges Add-on is a commercial offering for self-hosted customers to leverage JFrog SaaS for software distribution, by enabling self-hosted customers to add cloud-based Edge nodes managed by JFrog (software-as-a-service) and to fully utilize them for content distribution. 

New Pairing Token UI

External ID Added to Support Azure Active Users 

To support Azure Active Directory users, the field External ID field was added to the group definition and can be set via the group creation UI.

New PyPi Public Remote Registry Supported    

For PyPi users, Artifactory now supports the public remote registry. URL https://download.pytorch.org/whl/torch_stable.html.

Jira Integration Dynamic Labels and Custom Fields

You can now use Xray-specific entities as dynamic labels and custom fields in your Jira issues.

Configurable Number of Remote Repositories in Remote Repository HTTP Connections Metrics

Top 10 API Calls in Remote Repository Requests Metrics

Enabling Log Collection 

Scan Status

You can now get information on the scan status of resources in the Xray data tab of Packages, Builds, and Release Bundles in Artifactory.

Scan Now REST API 

New REST API for Scan Status

Provision Status for Node Pools

The node pools list view now includes a new column called Provision Status, which provides a color representation of the provision status for each node and color represents one of the stages in the lifecycle of a node.

Carry Custom Configuration to all Steps in Pipeline Run

Custom configurations can configured at both the pipeline- and step-level.

LinuxVMDeploy Native Step

Introduced a new native step to support Blue/Green deployments on Pipelines, whereby the LinuxVMDeploy native step can upload files to VMs in a VmCluster resource and run commands on the VMs.

UploadArtifact Native Step

Introduced a new native step to upload artifacts to Artifactory using JFrog CLI. Optionally, it can also publish build information to Artifactory and trigger Xray Scans.

Support for Clone of Private Repos via HTTPS

Added support for cloning private repositories using HTTPS. Users can now toggle between SSH/HTTPS on their GitRepo resource, and when adding a new pipeline source. 

Cancel One or More Runs

Enhancements in the UI to cancel single or multiple runs. Also, added the ability to cancel a run with a single API call. 

JFrog Security CVE Research and Enrichment

Xray's integration with Vdoo introduces JFrog Security CVE Research and Enrichment, a new capability that provides additional CVE details by the JFrog security research team, which comprises security experts that perform manual research on CVEs and suggest a new JFrog Severity Score and a deep technical overview that allows you to better understand the actual risk posed by the CVEs.

Xray Integration with Jira

Xray now can be integrated with Atlassian’s Jira Software, enabling the automatic creation of Jira tickets based on Xray identified security threats and violations. 

Initial release of Insight 1.0.1 

Insight 1.0.1 includes all the trends and charts previously available with JFrog Mission Control.

New Dashboard Trends

Mission Control as a Microservice

From JFrog Artifactory version 7.27.3, Mission Control has been integrated directly into Artifactory as a service. You will no longer need to install Mission Control to use the features it provides, only to enable the service in Artifactory.

URL Normalization is Now Prevented for Remote Repositories

Remote repositories are now enabled with the new disableUrlNormalization parameter to prevent URL normalization from occurring. 

Added Namespace Support for Helm Virtual Repositories 

Build Info Supports Aggregated Builds

Aggregated builds are builds that contain multiple steps and can run on multiple machines. Aggregated builds are now represented by Build Info using the new 'type' parameter under the module section in the UI. 

Builds Info REST API Displays the VCS Parameter

PHP Composer V2 Support

Artifactory supports PHP Composer V2 in addition to V1. From Artifactory 7.24, Local PHP repositories will automatically be created in V2, which supports faster download times and enhanced performance. 

PHP Composer Drupal 7 and 8 Registry Support

You can now upload Drupal version 7 and 8 packages to PHP Composer remote repositories. 

Set a Grace Period before Failing Build

New Filter in Watches

Filter Ignore Rules

Xray Reports Clone

Release Bundle Details REST API

Support for Helm Blue-Green Deployments

Pipeline-level Integrations and Resources

Signed Pipelines Enhancements

• Added Signed Pipelines support for Docker images pushed in a DockerPush step and signed release bundles created in the CreateReleaseBundle native step. 
• Added support for PowerShell versions for signed pipelines in the MvnBuild and GradleBuild native steps.

Support for Adding Values Definition in the UI

Support for SSH/HTTPS Clone for GitRepo Resource

Branch Name in Run View

HTTPS Clone Support for BitBucket Server

SMTP Credentials Integration Enhancement

Additional Security Manager Role and Additional Scanning Capabilities in Project Functionality

Docker Enhancements

• Improved the Docker remote repository flow by reducing the number of requests to the remote repositories.
• Added Docker Buildx support, allowing you to easily build and push multi-architecture images using the Docker buildx CLI.
• Added support for promoting Docker images with a Docker manifest.list from one Docker local repository to another.

New Outbound Repository Request Log

Announcing a new Outbound Remote Repository Request Log, which allows you to track every request initiated by a remote repository including requests related to replication. 

Native Artifacts Browser Accessible from the UI

Support for Multiple HashiCorp Vault Connectors in the JFrog Platform UI

^{JFrog Subscriptions: Enterprise with Security Pack | Enterprise+}  

Managing Multiple Signing Keys

^{JFrog Subscriptions: Enterprise with Security Pack | Enterprise+}  

JFrog Platform now enables you to manage multiple RSA and GPG signing keys through the Keys Management UI and REST API. 

Generating an Identity Token through the Profile UI

Dependencies Scan 

The Xray Dependencies Scan feature enables you to scan your source code dependencies to find security vulnerabilities and licenses violations, with the ability to scan against your Xray policies, using the JFrog CLI.

On-Demand Binary Scan

Xray now provides on-demand binary scanning to address your needs using the CLI for fast results. You can point to a binary in your local file system and receive a report that contains a list of vulnerabilities, licenses, and policy violations for that binary prior to uploading the binary or build to Artifactory.

Approval Gates

The Approval Gates feature enables you to insert a manual approval process for a step in a pipeline. Approvers can approve or reject steps, and receive Slack and e-mail notifications for steps that require approval.

Improved Logs for Signed Pipelines

Conditional Workflow

JFrog Platform Integration with HashiCorp Vault

^{JFrog Subscriptions: ENTERPRISE WITH SECURITY PACK | ENTERPRISE +}

JFrog Platform SCIM Integration 

^{JFrog Subscriptions: ENTERPRISE WITH SECURITY PACK | ENTERPRISE+}

Signing Keys Management

^{JFrog Subscriptions: ENTERPRISE WITH SECURITY PACK | ENTERPRISE+}

Extended Flagging Safe Repositories Support

Declaring local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field for Local and Remote repositories has been extended to support Alpine, Bower, Conan, Conda, Cran, Go, Gradle, Ivy, Maven, Nuget, and SBT Packages.

Support for Controlling Signed URL Download Methods

You now have the option to set your signed URL redirects Direct Cloud Storage using one of these methods: S3, CloudFront, or using a direct download without a signed URL redirect. 

Distroless Scanning

Red Hat Vulnerability Scanner Certification

JFrog Xray is now certified with the Red Hat Vulnerability Scanner Certification. The certification recognizes Xray as a trusted Red Hat security partner.