Supported Technologies

Overview

JFrog Xray offers a universal solution that supports all major package types. It includes various metadata databases such as those related to vulnerabilities, license compliance, component versions and others.

Xray breaks down artifacts according to their specific packaging. Unlike any other binary analysis product, it then adds them to a global components graph that represents the relationships between each other in the organization.

Xray understands each package type, knows how to unpack it and what every underlying layer contains. Each unpacked component is examined individually to uncover potential vulnerabilities and policy violations, mapped out and merged into Xray’s universal component graph that represents your entire organization’s software structure. This allows you to get maximum visibility into your software dependencies and truly understand the impact of every issue found.

Xray provides continuous protection by scanning your components on a regular basis, even though they may have already been found clean and are now exposed to newly discovered vulnerabilities.

Xray currently supports the following package formats with new formats added regularly.

Go	Xray scans and indexes your Go Registries, Go Modules and Go packages including recursive analysis, component graph integration and providing detailed metadata information.
PHP	Xray recursively scans your PHP Composer packages in your registries, Zip files or Docker/Containers whether they are local or remote. Xray also checks for any dependencies in your PHP builds.
Maven	Scan your Maven project dependencies using Xray and view vulnerabilities directly from within the IntelliJ IDE, with the JFrog IntelliJ Maven Plugin.
Gradle	Recursively scan the different layers of your Gradle packages and their dependencies, and use Xray's component graph to display the impact of any detected issues on your services and applications.
Ivy	Xray scans your Ivy packages and performs impact analysis to keeps all components in your organization safe from any violations.
SBT	Recursively scan your SBT packages and identify all components in your organization that are affected by a vulnerability, and monitor components for new issues and vulnerabilities that are detected.
npm	Xray identifies each Javascript file within your npm packages and performs matching and analysis on each one to ensure that your npm application is safe to use. Learn more about the npm integration with Xray (`npm audit`).
NuGet	Xray scans NuGet packages, recursively going through the layers of dependencies to discover issues and vulnerabilities at any depth.
PyPI	Xray recursively opens the different layers of your Python packages and their dependencies, discovering any issues and vulnerabilities that may affect your organization.
Docker	Xray identifies every component contained within every layer of your Docker images. This includes identifying the packages deployed on the OS in the base image layer.
Debian	Xray identifies the Debian packages deployed on your Debian or Ubuntu OS that’s running on the base layer of your Docker containers. Each component is scanned for issues and vulnerabilities giving you maximum visibility into your software dependencies.
RPM	Xray identifies the RPM packages deployed on your RedHat or CentOS OS that’s running on the base layer of your Docker containers. Each component is scanned for issues and vulnerabilities giving you maximum visibility into your software dependencies.
RubyGems	Xray provides transparency into your software architecture, recursively scanning RubyGems packages through all levels of dependency to discover issues and vulnerabilities.
Alpine	Xray identifies Alpine Linux packages in the OS base layer of your Docker images providing recursive analysis, component graph integration and detailed metadata information.

Page Contents

Supported Technologies

Overview

Go

PHP

Maven

Gradle

Ivy

SBT

npm

NuGet

PyPI

Docker

Debian

RPM

RubyGems

Alpine