Blog Home

JFrog Xray Integration with AWS Security Hub

By Alex Hung, Sr. Software Developer & Daniel Miakotkin, Software Engineer

5 min read

SecOps demands vigilance, but it requires visibility, too. With JFrog’s latest integration for Xray with AWS Security Hub, you can help make sure that discovered vulnerabilities are not just seen, but quickly acted on.

AWS Security Hub is the cloud security posture management service available to AWS users. It provides central security administration across AWS accounts, performing security best practice checks, aggregating alerts, and enabling automated remediation.

Now you can bring alerts from Xray’s universal software composition analysis (SCA) into AWS Security Hub, to collect, analyze and respond to license policy violations and security vulnerabilities. This enables you to integrate Xray’s vigilance against threats into your overall cloud security posture.

JFrog AWS Security Hub Diagram

Integrated Cloud Security Posture

With this integration, AWS customers who rely on JFrog Xray for DevSecOps can:

  • Make visible vulnerability and compliance threats through AWS Security Hub.
  • Evaluate threats with enhanced vulnerability data from JFrog security research.
  • Contextualize and prioritize vulnerabilities as part of a cloud security posture.
  • Automate SOAR workflows to reduce mean time to remediation (MTTR).

When you set up your rules, policies, and watches in Xray, you choose what Artifactory repositories you want to monitor, and what threat conditions you want to be alerted to. When you integrate Xray with AWS Security Hub, those alerts get directed to the cloud security management service, where they can be evaluated and remediated.

You can integrate Xray with AWS Security Hub no matter where your JFrog Platform deployment runs – whether it’s on AWS or other infrastructure – and from either SaaS or self-hosted JFrog cloud or on-prem accounts. So you can see your alerts from Xray in AWS Security Hub even if your production repositories are hosted elsewhere.

Easy Install

The JFrog Xray integration for AWS Security Hub is available from the AWS Security Hub Integrations Console. You can enable the integration from within the AWS Security Hub Console associated with your AWS account, where you can also find detailed install instructions.

To make it easy, the integration is published to AWS Serverless Application Repository.  When you deploy the integration into your AWS account, you must enter the application settings (Deployment Environment, API auth token, etc.) to configure the integration.

 

Once the integration is installed in your AWS account, you must add a new webhook in your JFrog Platform for AWS Security Hub. Then, for each Xray policy you want to send a violation notification to Security Hub, configure its Policy Rule to Trigger Webhook as an automatic action, and select the Security Hub webhook that you created.

Zero-Day Cloud Security

AWS Security Hub helps ensure that the services running in your AWS cloud account are secure by enabling you to rapidly respond to threats.

JFrog Xray helps you to ensure that the microservice apps you build and promote through Artifactory are free of all known critical vulnerabilities before you deploy them. It’s common for CI pipelines to promote fully validated apps to “production” repositories, safe to be deployed to infrastructure such as clusters in AWS.

But one of the biggest threats to your operations in AWS is from zero-day issues – vulnerabilities that are discovered after an app is deployed. The recent log4j zero-day issue was one of these – a newly logged critical CVE in a widely used open source component that required immediate remediation.

The Xray integration with AWS Security Hub can help. You can configure Xray to continuously scan your production repos, and reveal any new CVEs that apply to your apps that may currently be in deployment.

When Xray sends an alert to AWS Security Hub, the cloud security posture manager can alert personnel, and perform an automated remediation response – such as terminating, limiting, or rolling back all instances of the service deployed in AWS that have the newly discovered vulnerability.

When the conditions are right, Xray can reduce your MTTR for zero-day bugs to zero hours.

Better With JFrog

With this new integration for AWS Security Hub, you can make your vigilance against emerging security threats in your applications a part of your cloud security management. Your Xray-powered vulnerabilities and license violations detection become visible in the tool you use to oversee the security of your AWS cloud. 

You’ll immediately gain the value of JFrog’s extended vulnerability data within AWS Security Hub. You’ll also have a ready link back to Xray, where you can dig even deeper into JFrog-enhanced intelligence on the issue, where contextual analysis can save you time by letting you know whether a vulnerability presents a true risk. 

With JFrog Xray, your cloud operations oversight is made even more powerful as Security Hub enables rapid manual or automated responses to block or mitigate threats, helping to secure your operations in AWS cloud.Want to learn more? Ask our solution engineers for a demo of Xray!

Popular Tags

Try the JFrog Platform

In the cloud or self-hosted

Start Free

or Book a Demo