Dependency Tracking

JFrog Xray is tightly coupled with JFrog Artifactory, and as a complementary product, has access to the wealth of metadata Artifactory stores. Artifactory indexes not only standard package metadata (such as those found in maven-metadata.xml or .nuspec files), but also custom and package properties, exhaustive build information, deploy information and more. This is much more than stateless metadata on specific binary signatures; it is metadata that reveals the context of the binary artifact within the organization, and its history in the software development lifecycle. JFrog Xray’s deep recursive scanning combined with the indexed metadata in JFrog Artifactory, as a system-of-record binary repository, puts Xray in a unique position to analyze the relationships between binary artifacts in an organization and understand the impact that a vulnerability in one component has on any other.

 

Dependency Tracking