JFrog Xray works with JFrog Artifactory to perform universal analysis of binary software components at any stage of the application lifecycle providing radical transparency that leads to trust in your software. By scanning binary components and their metadata, recursively going through dependencies at any level, JFrog Xray provides unprecedented visibility into issues lurking in components anywhere in your organization. Xray’s interface with Artifactory gives it the exclusive advantage of combining any number of data feeds with the exhaustive metadata stored within Artifactory to detect different issues without needing access to source code. JFrog Xray is also fully automated through a rich REST API that lets it integrate with a CI/CD pipeline and allows other binary analysis tools to build on its unique capabilities.
JFrog Xray is the only product that takes a dual approach to protecting you against issues using a unique combination of:
JFrog Xray recursively scans components in your system, recursively drilling down to analyze even the smallest binary component that affects your software.
JFrog Xray continuously scans and analyzes existing components, even those long since deployed to production, and provides alerts and notifications for just-discovered vulnerabilities.
Through an open REST API, JFrog Xray lets you define a custom regimen of automated analysis for all components in your system.
Xray performs two types of analysis:
Xray monitors builds or repositories in Artifactory for policy violations. Each time a monitored build is updated, or an artifact is deployed to a monitored repository, Xray will scan it and its dependencies and trigger a violation if any policy is met.
Xray listens to all providers currently streaming feeds regarding issues. If any provider notifies Xray of a new issue with an artifact, Xray looks up the artifact in its database. If the artifact is already in the database, Xray will perform an impact analysis to determine all the artifacts in Artifactory that are ultimately affected by the issue by virtue of their including the problematic artifact. The results are displayed in an impact analysis graph.
As a complementary product to JFrog Artifactory, JFrog Xray has access to the wealth of metadata Artifactory stores which, combined with deep recursive scanning, puts Xray in a unique position to analyze the relationships between binary artifacts and provide radical transparency into your component architecture to reveal the impact that a vulnerability in one component has on any other.
The Xray User Guide is available for download in PDF format. Click this link to download the latest version: <a href='https://bintray.com/jfrog/jfrog-docs/Xray-User-Guide/_latestVersion'><img src='https://api.bintray.com/packages/jfrog/jfrog-docs/Xray-User-Guide/images/download.svg'></a>
Note that the online version may be more up-to-date.