Universal analysis of binary software components has become an integral part of modern software development. This has been triggered by the growing need to trust the software you consume, and by the capabilities that various products offer in this space.
JFrog Xray Integration with Artifactory
With the release of JFrog Xray 1.12, you can experience a seamless integration with Artifactory 5.10, the universal artifact repository. This integration provides you with better usability and visibility when scanning for known security vulnerabilities, including third party and OSS license violations.
In-depth Analysis of Your CI/CD Pipeline
JFrog Xray has access to the wealth of metadata Artifactory stores which, combined with deep recursive scanning, puts Xray in a unique position to analyze the relationships between binary artifacts and provide radical transparency into your component architecture to reveal the impact that an issue in one component has on any other.
With this release, you’ll experience a smoother workflow as the configuration of vulnerable artifacts download blocking has moved from Artifactory to Xray. This new intuitive and consistent workflow gives you full control over all actions on an Artifact that has a violation in one place.
Xray 1.12 offers an easier way to get artifact analysis details. All you have to do is select the artifact in the Tree Browser option in Artifactory and it will fetch the information from Xray for you.
Selective Indexing Removes Unnecessary Overhead
From this version, Xray users now have control over which builds are indexed. So far, every build was automatically indexed by Xray, sometimes generating millions of unwanted components in the Xray graph. The user can now specify exactly which builds he wants Xray to index from Artifactory
Introducing Violations: The Component-Centric Experience
As part of the shift towards a component-centric experience, Xray now introduces Violations in watches, a specific breach of a watch for a specific component version.
Previously, Xray presented alerts to show the information about the vulnerable components that matched the criteria defined in watches. Because of their aggregative nature (alerts are an aggregation of Issues, and each Issue may impact multiple artifacts/builds), alerts makes it very hard to understand what’s wrong with my artifacts, builds and projects, which is a critical use case and a user experience problem that echoed in several customer sessions and internal usability sessions.
New Package Type Support for Extended Universal Support
Xray has native indexing and scanning support for all major package types, including npm, Python, rpm, Nuget, Bower, Docker, Maven and Debian.
This release introduces three new package types! Gradle, Ivy, and SBT.
The Xray integration with Artifactory is the next step in making universal analysis of binary software components a key part of the CI/CD DevOps pipeline. Xray 1.12 is a major leap forward by JFrog which enabling you to gain more trust in your software distribution by providing better usability, visibility and universal support.
Using Xray already? Great. Want to use content to drive out vulnerabilities. Download the latest version.