Search


Cloud customer?
Upgrade in MyJFrog >


Working with an older version?

JFrog Artifactory 6.x
JFrog Xray 2.x
JFrog Mission Control 3.x
JFrog Distribution 1.x
JFrog Enterprise+ (Pre-Platform Release)




Overview

This page describes the general and JFrog product-specific changes applied in the JFrog Platform for Cloud (SaaS) users.

  • JFrog Artifactory 7.0
  • JFrog Xray 3.0
  • JFrog Mission Control 4.0
  • JFrog Distribution 2.0
  • JFrog Pipelines 1.0

JFrog on-prem customer?

If you are an on-prem user, check out what's new on-prem.

Get Started with the JFrog Platform >>

Page Contents


Features and Functionality

Unified Experience

The user interface provides a consistent experience across all JFrog products. It is designed to support the most commonly used workflows, including improved package management, security and compliance, and package distribution, continuing to provide you with full flexibility. To support this experience the internal architecture (defined as a JPD) is designed to provide JFrog users with the same user experience across the JFrog products that have been installed.

To support the different user workflows, the UI is divided into two main modules:

  • Application Module providing an easy to use interface for viewing your packages, builds and artifacts in Artifactory. Including Xray security vulnerabilities and violations, Dashboard topology and trends, Distribution release bundles and Pipelines DevOps automation.

  • Administration Module providing a consolidated place for configurations of all JFrog products (common and product specific). Including centralized settings, such as monitoring (storage, replication, service status), security and compliance, proxies, license and user management. As well as, property sets, backups, indexed resources, database sync and webhooks.

Both modules include an advanced search mechanism.

Flexible Permissions Model

Administrators get fine-grained permissions control over how users and groups access the different resources (repositories, builds, Release Bundles, destinations).

Security and Compliance Across your DevOps Pipeline

Fully integrated into the JFrog Platform, JFrog Xray protects your artifacts, repositories, builds and release bundles across the entire CI/CD pipeline.

  • Get JFrog's vulnerability database that is continuously updated with new component vulnerability data. Including VulnDB, the industry's most comprehensive security vulnerability database.
  • Identify security vulnerabilities and license violations according to your organization's needs. A dedicated Security and Compliance section in the UI allows you to set policies and watches on all your JFrog resources.
  • Configure watches and policies with the option to block artifact download, Release Bundle distribution to Edge nodes, and even break Builds.
  • Use advanced filtering that allows you to configure include /exclude patterns when setting indexed resources or when setting a Watch on the resources.

Secure Distribution Process

Manage the creation and distribution of Release Bundles to your Artifactory Edge Nodes. Gain better visibility and traceability into your distribution process with a complete view of all contents and package references of your Release Bundles.


User Interface

The following table is a quick reference to common functionalities in the JFrog Platform, including their new locations and any functional changes.

JFrog Product

Functionality

Location in the New UI

Comments 

Artifactory

Custom Base URL
Date Format
Look and Feel Settings
Custom Message
Administration module | General | Settings


Dedicated Artifactory Settings


Administration module | Artifactory

General: Settings, Property Sets
Services: Maven Indexer
Security: Anonymous access, Revoke API Keys, Signing Keys, Trusted Keys, Certificates


Xray

Xray Permissions

Administration module | Identity and Access | Permissions

As part of the JFrog Platform permissions unification, permission targets that were previously separated per product are now represented as one permission target with multiple permission options for the different JFrog products. Changes include:

  • Manage Components is now  Manage Xray Metadata

  • View Components is now included in the Read permission

As part of the permission migration process:

  • Users/Groups with Xray Admin and Artifactory Admin permissions will be converted to Administrators in the JFrog Platform. 
  • Users/Groups with only Xray Admin permissions will be converted to have Read, Manage, Manage Policies and Manage Watch permissions on all the resources.

Administration module | Identity and Access | Users

Administration module | Identity and Access | Groups

  • Manage Policies and Manage Watches are now a global permissions that are enabled on the user or group level. Previously this was a permission option in the permission target.
  • View Watches is now integrated with the Manage Watches global permission. It is not available as a separate permission.
Policies and Watches

Application module  | Security & Compliance 

  • Manually invoking a re-scan of a watch will apply on all resources defined in the watch. Previously you could set the re-scan on part of the resources.
Dedicated Xray Settings

Administration module | Xray

General: Indexed Resources, Webhooks, Integrations




Coming Soon

The following table describes features that are currently under development and will be available in later JFrog Platform releases.
Not available in the initial JFrog Platform release.

JFrog Product

Functionality

Artifactory

  • Artifactory Homepage: will be available in later JFrog Platform releases. For Mission Control installations, administrators can use the Topology page.
  • System Logs screen: will contain only Artifactory logs.
  • Native Tree Browser (from UI)The Artifactory native tree browser allows browsing the contents of a repository in a plain html structured tree.
    This will not be available via the new UI. 
    The old URL will still be available for clients who are relying on the tree browser. 
  • Public APIs / AQL for Metadata (service)
  • Unified REST API for permissions

Xray

  • Xray Logs: viewing Xray logs in the UI will not be available in the initial JFrog Platform release. JFrog logs are accessible via the REST API. Viewing Xray logs from the UI will be available in later JFrog Platform releases.
  • Xray Reports: the reporting section in the UI, providing trend reports, is deprecated. Reporting on a specific artifact or build from the UI will still be available. Advanced reporting capabilities will be available in later JFrog Platform releases.

All Products

  • System Logs: from the JFrog Platform release, only the Artifactory logs will be available from the UI.



Deprecated Features

JFrog Product

Feature

Artifactory

  • License Control is deprecated. Its functionality is included in the Xray integration and provides richer information and support for additional package types.
  • Stash Search Results: allowing you to save your search results and go back to them later, has been removed.

Xray

  • Out of the box integrations: with Aqua, WhiteSource and Black Duck, are deprecated. Custom integration are still available, supporting integrating to any external source of your choice. The VulnDB integration, now transparently integrated into Xray, provides the industry's most comprehensive security vulnerability database. This eliminates the need for these out of the box 3rd party integrations.

  • Xray Homepage: as part of the JFrog Platform UI unification, this page has been removed.
Browsers
Internet ExplorerThe Internet Explorer browser is not supported in the JFrog Platform. For a list of supported browsers, see Browsers.

Breaking Changes

CategoryFeature

JFrog Artifactory

  • Viewing Packages/Builds/Release Bundles: The UI will only load only up to 100 results and up to 100 versions per package/builds/Release Bundle. 

  • Removal of support for non-SNI clients
    For improved network security, support for non-SNI (Server Name Indication) clients is removed. If you are using HTTP clients that do not support SNI, your requests for download/upload will fail. To avoid failures, make sure to upgrade your clients to an officially supported version. 
  • Required support for 302 HTTP Redirects
    Download requests using clients that do not support 302 redirects will fail in most cases for the following list of package types. To avoid failures, make sure to upgrade your clients to a version that supports 302 redirects.
    Docker, Debian, Npm, RPM, Generic, Bower, Composer, Conan, Cran, Git LFS, Gradle, Helm, Maven, Pypi and Vagrant.
    See example use case hereSee list of approved client versions here.
  • Deprecated artifactoryonline.com domain
    Following previous notifications regarding the deprecation of the artifactoryonline.com domain, backward compatibility for the deprecated artifactoryonline.com domain will no longer be maintained. If you are still using artifactoryonline.com to access your cloud services, please make sure to use servername.jfrog.io/ instead.
  • Egress Traffic Whitelisting
    If you are limiting egress traffic from your network to JFrog Cloud services on AWS, or you have applied such a setting on any of your nodes that are accessing JFrog Cloud services, make sure to extend the list of whitelisted IPs to include the AWS S3 IP ranges.
    Continue to get updated with the latest AWS IP address range changes.

JFrog Xray

  • Component Search: searching for components that are not artifacts in your Artifactory instance, but are known to Xray as a result of its recursive scan capability. This functionality will be available in later JFrog Platform releases.
  • Xray Permissions
    • The Manage Watch permission is now available as a global permission on the user/group level. Previously manage watches was an option per permission target that was defined with a scope of resources. Now, users/groups with the Manage Watch permission will enable permissions for all resources. When upgrading to the JFrog Platform, the permission conversion will remove the Manage Watch permission for all users and groups. After upgrading, this permission will need to be reconfigured for all required users and groups. Defining a scope will be available in later JFrog Platform releases, as part of the Projects functionality.
    • The View Watches permission is deprecated. To view watches, enable the Manage Watches permission option for users/groups.

REST API Changes

New shared base url for all JFrog services

The JFrog Platform release introduces a new unified way to access all JFrog services using a single url, using the following format:

https://<Server Name>.jfrog.io/<Service Context>/

For example:

https://myservername.jfrog.io/artifactory/
https://myservername.jfrog.io/xray/

For backward compatibility, JFrog Artifactory and Xray will continue to work as before:

https://<Server Name>.jfrog.io/<Server Name>
https://<Server Name>-xray.jfrog.io/

The following table summarizes the list of changes from previous JFrog products versions to the JFrog Platform.

JFrog Product

Deprecated

NewUpdated
Artifactory



Xray
                                                                                                                                                                                                                                                                                                                                                                               
  • No labels
Copyright © 2020 JFrog Ltd.