Xray

TRUST YOUR SOFTWARE

What is JFrog Xray?
Xray Features

Xray Features

Impact Analysis

Impact Analysis

JFrog Xray can help you discover and understand the impact of components to your overall system, where small changes can have a tremendous impact to performance and quality.
Deep Recursive Scanning

Deep Recursive Scanning

JFrog Xray allows you to inspect recursively within components down to the smallest binary component.  It serves as a universal component scanner for virtually any packaging format.
Automation Through an Open API

Automation Through an Open API

Unlike traditional binary analysis tools, JFrog Xray is a fully automated platform with a public REST API allowing integration with your CI/CD pipeline, and enabling other security analysis tools to build on the Xray platform to leverage its unique recursive scanning capabilities. This API also supports the addition of custom scanning capabilities, for performance, quality, popularity, or any other criteria required.
Dependency Tracking

Dependency Tracking

Through tight integration with JFrog Artifactory and access to the exhaustive metadata that Artifactory indexes, JFrog Xray is in a unique position to analyze the relationships between binary artifacts across an entire organization and analyze the impact that one component has on any other.
Continuous Synchronization

Continuous Synchronization

A powerful integration with user’s registry and repository allows full sync through all the CI/CD flow from build to production to distribution. This allows the Ops team to have full visibility into these containers and an automated way to point out changes that will impact their production environment and optimize the CI/CD flow.
Reports

Reports

Managing open source licenses can be easy. All you need to do is define a license policy, monitor all open source components in your organization, generate alerts if a component with a banned license happens to be downloaded, or just block its usage altogether. There’s only one tool that can do that for components and their dependencies at any level for all software package formats.
IDE Integration

IDE Integration

Through continuous analysis, Xray monitor artifacts in your production systems in case new issues and vulnerabilities are found. To prevent artifacts with known vulnerabilities from ever getting to your production systems, Xray also integrates with your CI/CD server to fail builds if they contain infected artifacts. With IDE integration, Xray manages to discover infected artifacts even earlier in the artifact lifecycle; during development.
CI-CD Integration

CI-CD Integration

Being able to detect issues and vulnerabilities in your production systems is a must, but can be too late. It would be better to be able to detect them when your artifacts are built. This is exactly what Xray can do. It integrates with your CI/CD server and can cause a build to break if it is discovered to include dependencies with known issues and vulnerabilities.