Enable Global DevSecOps with Cloud Enterprise and Xray on AWS

When software can travel around the globe at the speed of the cloud’s gusts, enterprises need to be extra certain the updates they release are safe for customers to use. If an app built in Palo Alto uses a vulnerable package from Belgrade, losses can ripple from Sheboygan to Shanghai. At JFrog, we believe enabling … Continued

Customize Xray DevSecOps With Private Data

For some organizations, even the best isn’t quite enough. That’s why JFrog Xray provides a way for you to specify your own additional data, to detect even more sensitive issues in your binaries before they can reach production. JFrog Xray is a tool for DevSecOps teams to gain insight into the open source components used … Continued

GoCenter Reveals Go Module Vulnerabilities With Xray

Golang developers care a lot about security and as Go modules become more widely used, they need more ways to assure these publicly shared files are safe. One unique feature included with Golang version 1.13 is the foresight that went into authentication and security for Go modules. When a developer creates a new module or … Continued

Compliance Made Easy with JFrog Xray

As compliance managers, we often find ourselves in a struggle. Our responsibility is to uphold compliance standards but in order to achieve this, we need to “sell” the concept to the relevant stakeholders, inter alia the business teams and R&D. We’re put in the position of justifying required changes and processes and are thus mistakenly … Continued

Xray and DevSecOps

4 Ways Xray and Artifactory Complete DevSecOps

Being universal is a huge part of what makes JFrog Artifactory so effective. Whether you use Jenkins, CircleCI, or Bitbucket to automate your CI/CD pipeline, Artifactory works with those and more. Whether you prefer to store your artifacts in an on-premises filestore or in the cloud, Artifactory will manage them. Which cloud? Artifactory is content … Continued

Shift Your IDE Left With Xray Plugins

Forewarned is forearmed,” cautions the old proverb, and that truth coined in the 16th century is even more apt for DevSecOps in the 21st. The earlier you know about vulnerabilities, the better you can avoid making them part of your software. That’s the same principle behind a “Shift Left” DevSecOps strategy. Rather than waiting for … Continued

JFrog Xray: Creating Jira Issues using webhooks in a breeze

JFrog Xray: Creating Jira Issues using webhooks in a breeze

  JFrog Xray offers an end-to-end security scanning solution covering the full development lifecycle of your artifacts. This includes vulnerability analysis, security and license compliance, artifact flow control, distribution and more. When Xray finds a security or a licence issue, it will trigger a violation for it. One of the most common use cases during … Continued

VulnDB Built-In JFrog Xray

Xray and VulnDB: Security at the Speed of DevOps Automation

JFrog Xray: A Powerful DevSecOps Solution JFrog Xray was originally announced at our annual JFrog user event, swampUP, back in 2017.  So what does it do? Xray allows DevOps teams to discover, receive notification, and remediate open source vulnerabilities and software license compliance issues early in the development phase. The sooner a vulnerability is discovered … Continued