JFrog Xray offers a universal solution that supports all major package types. It includes various metadata databases such as those related to vulnerabilities, license compliance, component versions and others.
Xray breaks down artifacts according to their specific packaging. Unlike any other binary analysis product, it then adds them to a global components graph that represents the relationships between each other in the organization.
Xray understands each package type, knows how to unpack it and what every underlying layer contains. Each unpacked component is examined individually to uncover potential vulnerabilities and policy violations, mapped out and merged into Xray’s universal component graph that represents your entire organization’s software structure. This allows you to get maximum visibility into your software dependencies and truly understand the impact of every issue found.
Xray provides continuous protection by scanning your components on a regular basis, even though they may have already been found clean and are now exposed to newly discovered vulnerabilities.
Xray currently supports the following package formats with new formats added regularly.
Xray scans and indexes your Go Registries, Go Modules and Go packages including recursive analysis, component graph integration and providing detailed metadata information.
Xray recursively scans your PHP Composer packages in your registries, Zip files or Docker/Containers whether they are local or remote. Xray also checks for any dependencies in your PHP builds.
Scan your Maven project dependencies using Xray and view vulnerabilities directly from within the IntelliJ IDE, with the JFrog IntelliJ Maven Plugin.
Recursively scan the different layers of your Gradle packages and their dependencies, and use Xray's component graph to display the impact of any detected issues on your services and applications.
Xray scans your Ivy packages and performs impact analysis to keeps all components in your organization safe from any violations.
Recursively scan your SBT packages and identify all components in your organization that are affected by a vulnerability, and monitor components for new issues and vulnerabilities that are detected.
Xray scans NuGet packages, recursively going through the layers of dependencies to discover issues and vulnerabilities at any depth.
Xray recursively opens the different layers of your Python packages and their dependencies, discovering any issues and vulnerabilities that may affect your organization.
Xray identifies every component contained within every layer of your Docker images. This includes identifying the packages deployed on the OS in the base image layer.
Xray identifies the Debian packages deployed on your Debian or Ubuntu OS that’s running on the base layer of your Docker containers. Each component is scanned for issues and vulnerabilities giving you maximum visibility into your software dependencies.
Xray identifies the RPM packages deployed on your RedHat or CentOS OS that’s running on the base layer of your Docker containers. Each component is scanned for issues and vulnerabilities giving you maximum visibility into your software dependencies.
Xray provides transparency into your software architecture, recursively scanning RubyGems packages through all levels of dependency to discover issues and vulnerabilities.
Xray identifies Alpine Linux packages in the OS base layer of your Docker images providing recursive analysis, component graph integration and detailed metadata information.