Dependency Tracking

JFrog Xray is tightly coupled with JFrog Artifactory, and as a complementary product, has access to the wealth of metadata Artifactory stores. Artifactory indexes not only standard package metadata (such as those found in maven-metadata.xml or .nuspec files), but also custom and package properties, exhaustive build information, deploy information and more. This is much more than stateless metadata on specific binary signatures; it is metadata that reveals the context of the binary artifact within the organization, and its history in the software development lifecycle. JFrog Xrayโ€™s deep recursive scanning combined with the indexed metadata in JFrog Artifactory, as a system-of-record binary repository, puts Xray in a unique position to analyze the relationships between binary artifacts in an organization and understand the impact that a vulnerability in one component has on any other.

 

Dependency Tracking