Still using Xray 1.x ?
JFrog Xray 1.x User Guide
Need help with other JFrog products ?
Have a question? Want to report an issue? Contact JFrog support
At the top of the Components module you can enter a variety of parameters to search for specific components. Click search to run the query.
|A free-text term to search for in the name of the component.|
|Specifies when the component was last modified in Xray. You can select one of the preset time ranges, or specify a custom range.|
|Specifies whether you are searching for a Package, a Build or a File.|
|Restricts search results to the specified package type.|
|Only components with vulnerabilities with the specified severity and above will be displayed.|
|Only components scanned and detected to include the specified CVE will be displayed.|
The search results are displayed in a table showing the following parameters
|Indicates if the component is a package, a build or a file|
|The name of the component|
|The latest version of the component where applicable ("files" don't have versions)|
|Indicates when the component was last modified in Xray (e.g., last indexed or status changed)|
|Indicates the highest severity of any of the issues found for the component. .|
To drill down and view the details about a component, click its name in the list of search results. The Component Details view is split up into three panels:
The strip at the top of the Component Details view varies slightly depending on whether the component is a package, a build or a file, and displays a summary of the components most basic information.
For a package, the summary strip displays:
For a build, the summary strip displays:
For a file, the summary strip displays:
The Versions panel displays all the versions of the selected component that have been indexed by Xray. Select any of these versions to display detailed information about them. If publicly available versions of the selected component are available, Xray will display the Include Public checkbox. When set, Xray will also display those versions in the list, however, note that when selecting one of these versions, Xray may not be able to display additional information.
Select any version displayed in the Versions panel to get a list of issues detected in that specific version.
The details panel displays several details about the selected component including:
To focus on specific violations, you may filter the list displayed using the Filter by Summary field.
For root components, to avoid screen clutter, you can choose to ignore violations by selecting the Ignore All Violations link.
Ignore Once: Removes the current violations displayed for the selected version of the component.
Ignore Permanently: Removes the violations currently displayed and does not display them in the future.
The Violations tab of the Details panel provides the set of versions that are infected with the violation. The set can include a range of versions and specific versions in any combination. For example,
"2.0ga, 2.0_rc9, 2.0_rc10, 2.0_rc11, 2.0.1, 2.1.0 ≤ version ≤ 184.108.40.206".
The Fix Versions tab of the Details panel provides remediation information for the violation. This field indicates in which version of the selected components the violation has been fixed giving you the opportunity to upgrade to that version and thus remedy the violation.
The Actions menu in the Details panel lets you perform the following actions on the selected component:
Scan for Violations: Scans the current component for violations
Assign Custom Issue: Lets you specify a custom issue and assign it to the component:
|A descriptive title for the issue.|
|The ID of the component to which the issue was assigned.|
|A more description of the issue.|
|The issue severity|
|The issue type|
|Allows you to add custom properties to the issue|
Assign a Custom License: Lets you assign a custom license to a component:
A license created by a user is tagged as a Custom license and can be deleted by users assigned with the Manage Components permission. The custom license is assigned to a specific version and is propagated to parent components and is part of their license list. It triggers an impact analysis and generates violations in case it matches criteria of any existing Watches.
The new license is included in the scan the next time a security report is generated.
The Locations tab allows you to easily navigate from Xray directly to the component in Artifactory, by hovering over the component and clicking on More Info.
Using the Actions menu, you can export full details for the selected component and version including violations, security issues and licenses. From the Details screen Actions menu, select Export Data.
In the following Select Data to Export popup, specify the component parameters that should be exported and the export format.
The file is downloaded to your local drive.
Below are some examples of exported files in different formats.
You can also automate exporting component details using the Export Component Details REST API endpoint.
To examine the details of a violation, click the violation in the list displayed on the Component Details panel to display the Violation Details popup.
The Impact panel of the Violoation Details popup provides a list of all components which are impacted by this violation. Select any component in the list to view the full hierarchy of components affected.
Watch this screencast to learn how to use Xray's component-centric navigation.