JFrog Xray + Splunk + SIEM: Towards Implementing a Complete DevSecOps Strategy

Making security an intrinsic part of a DevOps pipeline is a “must-have” for organizations looking to secure their applications earlier in the development process.  The combination of JFrog Artifactory and JFrog Xray enables organizations to build security into all phases of their software development lifecycle, so they can proactively detect and mitigate open source software (OSS) security vulnerabilities and license compliance issues that impact their software. 

Today, we are excited to take an important first step toward integrating JFrog Xray within the wider SIEM ecosystem by enabling DevSecOps teams to collect and analyze Xray data using Splunk Enterprise. 

The additional support for JFrog Xray data is provided through a new SIEM Plugin which is built into the existing JFrog Platform integration available through the Splunkbase marketplace.  Once the initial installation and setup is complete, customers can start collecting real-time vulnerability and license compliance violation data from Xray.

Data comes pre-mapped to Splunk’s CIM

A key feature of the Xray SIEM integration is that all Xray data is mapped to Splunk’s Common Information Model (CIM.) This means that DevSecOps teams can integrate valuable Xray data into their wider security operation workflows, and use it alongside a broader ecosystem of other SIEM tools that allows teams to identify and respond to license violations and vulnerabilities impacting their software. 

What repositories, artifacts, components are most vulnerable?

The Xray data is displayed through out-of-the-box dashboards that come pre-assembled within the Splunk application. This dashboard provides a comprehensive view of all the security and license violations impacting your software, along with insights on the most frequently impacted repositories, builds, release bundles, artifacts and components.  

(Xray Violations dashboard in Splunk)

DevSecOps teams can use the trending data on the volume, type and severity of vulnerabilities to assess the efficacy of the tools and practices they’ve implemented to prevent or reduce the occurrence of critical vulnerabilities.

Additional insight on the most frequently impacted artifacts and components, as well as on the most downloaded vulnerable artifacts and components, allows customers to understand the  impact radius of a vulnerable artifact or a component within their environment.

Drill down views make it easy for teams to get detailed information about a particular vulnerability of interest.  

You can download the JFrog Platform Log Analytics app from Splunkbase, and learn more about the JFrog and Splunk integration by reading the JFrog Splunk Log Analytics article and visiting the JFrog Splunk Github Project.