Have a question? Want to report an issue? Contact JFrog support

Skip to end of metadata
Go to start of metadata

Overview

JFrog Xray offers a universal solution that supports all major package types. It includes various metadata databases such as those related to vulnerabilities, license compliance, component versions and others.

Xray breaks down artifacts according to their specific packaging. Unlike any other binary analysis product, it then adds them to a global components graph that represents the relationships between each other in the organization.

Xray understands each package type, knows how to unpack it and what every underlying layer contains. Each unpacked component is examined individually to uncover potential vulnerabilities and policy violations, mapped out and merged into Xray’s universal component graph that represents your entire organization’s software structure. This allows you to get maximum visibility into your software dependencies and truly understand the impact of every issue found.

Xray provides continuous protection by scanning your components on a regular basis, even though they may have already been found clean and are now exposed to newly discovered vulnerabilities.

Xray currently supports the following package formats with new formats added regularly.

Maven

Scan your Maven project dependencies using Xray and view vulnerabilities directly from within the IntelliJ IDE, with the JFrog IntelliJ Maven Plugin.

Gradle

Recursively scan the different layers of your Gradle packages and their dependencies, and use Xray's component graph to display the impact of any detected issues on your services and applications.

Ivy
Xray scans your Ivy packages and performs impact analysis to keeps all components in your organization safe from any violations.
SBT

Recursively scan your SBT packages and identify all components in your organization that are affected by a vulnerability, and monitor components for new issues and vulnerabilities that are detected.

npm
Xray identifies each Javascript file within your npm packages and performs matching and analysis on each one to ensure that your npm application is safe to use.
NuGet
Xray scans NuGet packages, recursively going through the layers of dependencies to discover issues and vulnerabilities at any depth.
PyPI
Xray recursively opens the different layers of your Python packages and their dependencies, discovering any issues and vulnerabilities that may affect your organization.
Docker
Xray identifies every component contained within every layer of your Docker images. This includes identifying the packages deployed on the OS in the base image layer.
Debian
Xray identifies the Debian packages deployed on your Debian or Ubuntu OS that’s running on the base layer of your Docker containers. Each component is scanned for issues and vulnerabilities giving you maximum visibility into your software dependencies.
RPM
Xray identifies the RPM packages deployed on your RedHat or CentOS OS that’s running on the base layer of your Docker containers. Each component is scanned for issues and vulnerabilities giving you maximum visibility into your software dependencies.
RubyGems

Xray provides transparency into your software architecture, recursively scanning RubyGems packages through all levels of dependency to discover issues and vulnerabilities.

Alpine
Xray identifies Alpine Linux packages in the OS base layer of your Docker images providing recursive analysis, component graph integration and detailed metadata information.
Page Contents

 

 

 

  • No labels