JFrog Xray Drives DevSecOps, Announces Inclusion of the Industry’s Broadest Software Security Vulnerability Dataset via VulnDB

Partnership with Risk Based Security ensures JFrog customers are protected well beyond the NVD or any open solutions

SUNNYVALE, California, Jan. 24, 2019 /PRNewswire/ — JFrog, the DevOps technology leader known for enabling liquid software via Continuous Update flows, is announcing that Xray, JFrog’s flagship security and compliance scanning solution, will now provide the most comprehensive, integrated security solution in the market through a partnership with Risk Based Security [RBS]. RBS is the provider of VulnDB, which contains the world’s broadest set of vulnerability intelligence. As a result of the partnership, all JFrog Xray customers will now be protected from more than 194,000 unique vulnerabilities, as they monitor their pipelines from code through production.

Famous data breaches at companies like Marriott, Equifax and others have highlighted the importance of discovering software vulnerabilities early and often. By detecting software vulnerabilities late or in an incomplete manner, companies risk being in the headlines and are therefore turning to software security scanning products to assist them.

Risk Based Security

While most software security solutions utilize the vulnerabilities made public through online resources, such as the National Vulnerability Database (NVD), JFrog, by embedding VulnDB into Xray, will provide customers industry-leading vulnerability intelligence that includes over 64,000 vulnerabilities and data not found in the NVD. The intelligence from VulnDB, coupled with JFrog’s deep, universal understanding of software package types will provide the broadest-reaching protection of any security scanning product, spanning from developer code commits all the way through production software in a Kubernetes cluster.

“We are excited to include the world’s richest vulnerability intelligence database in Xray, and provide our users with the best tool in the DevSecOps market with Risk Based Security’s VulnDB,” said Shlomi Ben Haim, JFrog Co-Founder and CEO. “900% growth YoY and over 2,200 Xray installations tell us that JFrog Xray answers developers’ real security concerns by offering a deep, recursive scanning and impact analysis solution. JFrog offers developers the two fundamental pillars of DevOps: Speed and Security. Therefore, when it comes to our customers’ CI/CD pipelines, we are determined to build more than just a ‘security-alarm-system’ – we are committed to offering a first-class, universal, automated solution to support DevOps at scale.”

The full breadth, depth, and timeliness of vulnerability intelligence from the VulnDB database will be automatically added to Xray in stages starting immediately, with full integration between VulnDB and Xray expected in mid-2019. All updates will also be made available offline for JFrog customers who run datacenters without access to the internet.

“Identifying and mitigating vulnerabilities in a timely fashion is a critical component of managing risk in today’s enterprises,” said Barry Kouns, Co-Founder and CEO of Risk Based Security. “VulnDB is the only comprehensive vulnerability intelligence feed that is able to provide actionable insight as quickly as organizations need it to address vulnerabilities in their code. We are excited to partner with JFrog to seamlessly deliver this critical intelligence into the DevSecOps market through JFrog Xray.”

VulnDB is included in JFrog Xray at no additional charge, and users will be able to take full advantage of this new functionality starting with Xray’s next release. VulnDB intelligence is available in both on-premise and SaaS versions of JFrog Xray.

About JFrog – the Liquid Software Company

JFrog is on a mission to enable continuous updates through liquid software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. JFrog is the creator of Artifactory, the heart of the end-to-end Universal DevOps platform for automating, managing, securing, distributing, and monitoring all type of binaries. JFrog products are available as open-source, on-premise, and on the cloud on AWS, Microsoft Azure, and Google Cloud. As the leading universal, highly available enterprise DevOps Solution, the JFrog platform empowers customers with trusted and expedited software releases from code-to-production. Trusted by more than 4,700 customers, the world’s top brands, such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify depend on JFrog to manage their binaries for their mission-critical applications. JFrog is privately held with offices across North America, Europe, and Asia. Learn more at jfrog.com.

About Risk Based Security and VulnDB:

Risk Based Security is a recognized leader in vulnerability intelligence, organizational ratings, and on-demand security solutions. Founded in 2011, RBS’ mission is to provide action-quality, comprehensive and timely vulnerability intelligence and in-depth organizational security ratings through innovative, technology enabled solutions. RBS has developed VulnDB, the largest and most comprehensive vulnerability intelligence database available, to provide customers the vulnerability intelligence to address points of risk across the entire organization – from application development, security operations, vendor risk management and procurement. RBS’ Cyber Risk Analytics, (CRA), the most comprehensive data breach and cyber exposure knowledge base available, supports fact-based procurement due diligence, vendor performance monitoring, organizational ratings, and prioritized remediation for high-risk vendors. Leveraging CRA’s risk ratings with VulnDB’s vulnerability intelligence produces the most comprehensive organization security assessment available. RBS products are available via a SaaS Portal, RESTful APIs, and a customized Alerting system. For more information, please visit: https://vulndb.cyberriskanalytics.com/ https://www.riskbasedsecurity.com/

JFrog Media Contact:
Alona Stein
Blonde 2.0 for JFrog