Rising CVEs and the need for speed: Enhancing software security with JFrog Xray and PagerDuty

With the proliferation of CVEs (Common Vulnerabilities and Exposures), we have witnessed a remarkable surge in associated risks over the past five years. 2022 was a record-breaking year with 25,096 new CVEs found, the most discovered CVEs ever. Unfortunately, 2023 is on track to beat that record.

The incredible volume makes tracking and fixing security issues increasingly challenging, which is why we are thrilled to announce the new and improved integration between JFrog Xray and PagerDuty to fortify your defenses!

Why this integration matters

Picture this: a new CVE is discovered that breaks your organization’s Xray policies within JFrog Artifactory. In this scenario, timely detection and the ability to rapidly respond are critical. That’s precisely what the JFrog Xray and PagerDuty integration offers.

Timely response, real-time alerts, and automation

This integration ensures that you receive lightning-fast, real-time incident alerts via PagerDuty whenever a new CVE is detected that breaches your Xray policies in JFrog. With PagerDuty’s rapid alerts and streamlined automation, you can react promptly to security threats, mitigating vulnerabilities before they can be exploited. This integration allows your team to focus on resolution instead of alert triage, making efficiency the cornerstone of your modern DevSecOps practices.

Upon receiving a CVE policy alert, your team can immediately mitigate the threat—such as blocking or quarantining affected artifacts in JFrog Artifactory and resolving the issue. You’ll also be armed with additional intelligence and remediation guidance from the JFrog Security Research team, which is made available in the JFrog Platform.

Escalation, routing customization, and accountability

Not all vulnerabilities are created equal, and with PagerDuty, you can establish escalation policies and routing rules that align with JFrog Xray policies to ensure that critical vulnerabilities receive the immediate attention they deserve. At the same time, less severe issues follow a standardized process.

PagerDuty assists in tracking incident ownership and resolution status, promoting accountability within your security and DevOps teams. This helps ensure someone is responsible for promptly addressing each CVE incident and providing you with confidence in the process.

PagerDuty incident notification with a JFrog Xray Watch Violation summary and deep link to JFrog for complete details

PagerDuty incident notification with a JFrog Xray Watch Violation summary and deep link to JFrog for complete details

 

Xray Watch Violation details in the JFrog Platform

Xray Watch Violation details in the JFrog Platform

 

Detailed view of the PagerDuty incident notification with a JFrog Xray Watch Violation summary and deep link to JFrog for complete details

Detailed view of the PagerDuty incident notification with a JFrog Xray Watch Violation summary and deep link to JFrog for complete details

 

Audit trail, alert correlation, and flexible notifications

For organizations governed by stringent compliance requirements, an audit trail is non-negotiable. PagerDuty keeps a meticulous record of incident activity and responses. This detailed log is invaluable for compliance, providing concrete evidence of your ability to effectively address CVEs and enforce policies.

Complex security threats often involve multiple alerts that, when considered individually, may not reveal the bigger picture. PagerDuty excels at alert correlation, helping you identify patterns and potential security incidents that may otherwise go unnoticed. This capability enhances your ability to detect sophisticated attacks.

We also know that different team members have different preferences for receiving alerts. PagerDuty offers a range of notification channels, including email, SMS, phone calls, and mobile app notifications. This flexibility ensures that your team members are notified based on availability and preferences.

The speed you need!

Integrating JFrog Xray with PagerDuty marks a significant leap forward in software supply chain security. Timely response, automation, and enhanced visibility are just a few benefits you can expect. Together, JFrog and PagerDuty are equipping organizations with the tools they need to proactively manage and mitigate security vulnerabilities, ensuring that their software supply chains remain robust and resilient in the face of evolving threats.

Get started by following the integration documentation: Xray Integration with PagerDuty