Have a question? Want to report an issue? Contact JFrog support

Skip to end of metadata
Go to start of metadata

Overview

JFrog Xray is a universal binary analysis product that works with JFrog Artifactory to analyze software components, and reveal a variety of issues at any stage of the software application lifecycle. By scanning binary components and their metadata, recursively going through dependencies at any level, JFrog Xray provides unprecedented visibility into issues lurking in components anywhere in your organization. Xray’s interface with Artifactory gives it the exclusive advantage of combining any number of data feeds with the exhaustive metadata stored within Artifactory to detect different issues without needing access to source code. JFrog Xray is also fully automated through a rich REST API that lets it integrate with a CI/CD pipeline and allows other binary analysis tools to build on its unique capabilities.

  • Universal 
    In line with JFrog’s universal approach, Xray supports most package types supported by Artifactory.
     
  • Open for integration 
    While Xray comes with its own database of software components and vulnerabilities out-of-the-box, it is also open to integration with other databases and tools. Xray comes built-in with integration to tools such Whitesource, Aqua and Blackduck hub. In addition, using Xray's open API, customers can integrate Xray with their own systems and data feeds.
     
  • Open for different issue types
    Xray is not limited to security vulnerabilities; it can receive any type of information about software component that can help you make decisions. For example, you can provide Xray with information about components that have performance issues or severe defects and the impact that these components have on your software.

  • Deep scanning
    Xray performs a deep scan of artifacts, recursively going through dependencies at any level and creating a graph of relationships between software components. For example, when analyzing a Docker image, if Xray finds that it contains a Java application it will also analyze all the .jar files used in this application.

  • Impact analysis 
    Xray analyzes how an issue in one component affects all others in your company and displays the chain of impact in a component graph.

  • Native integration with Artifactory
    Xray is the only tool that is natively integrated with JFrog Artifactory.

 

Home Screen

 Once you have installed Xray, to start analyzing your repositories and reveal vulnerabilities in your system, please refer to Configuring Xray.

How Does JFrog Xray Protect You

JFrog Xray is the only product that takes a dual approach to protecting you against issues using a unique combination of:

Deep Recursive Scanning

JFrog Xray recursively scans components in your system, recursively drilling down to analyze even the smallest binary component that affects your software. 

Continuous Impact Analysis

JFrog Xray continuously scans and analyzes existing components, even those long since deployed to production, and provides alerts and notifications for just-discovered vulnerabilities.

Custom API-Driven Automation

Through an open REST API, JFrog Xray lets you define a custom regimen of automated analysis for all components in your system.

The Xray-Artifactory Edge

As a complementary product to JFrog Artifactory, JFrog Xray has access to the wealth of metadata Artifactory stores which, combined with deep recursive scanning, puts Xray in a unique position to analyze the relationships between binary artifacts and provide radical transparency into your component architecture to reveal the impact that a vulnerability in one component has on any other.

PDF Download

The Xray User Guide is available for download in PDF format. Click this link to download the latest version:

Note that the online version may be more up-to-date.

 


 


Page Contents

 

Recently Updated

 

 

 

  • No labels