Xray 2.10 Released: New Package Support, an IDE Plugin and More.

Our user community spoke and we listened. You asked for Xray to be even more universal and support more package types… in particular Go and PHP Composer. With Visual Studio Code (VSCode) now having more than 4.5 million monthly active users, we also added a new VSCode plugin for Xray. This broad adoption of multiple programming languages and package types across organizations, is driving up the need for a more universal DevSecOps solution supporting more package types. 

Xray is a Universal Recursive Component Analysis Solution (also referred to as Software Composition Analysis Tool), that is natively integrated with Artifactory. It indexes and recursively scans all of your open source software (OSS) components and binaries and performs multi-layer analysis of the packages in your containers, looking for vulnerabilities and license compliance issues.

Like Artifactory, Xray is universal in its support for many package types. Whether you use Maven, Gradle, npm, NuGet, RubyGems, Go or more, Xray will help you keep security risks out of your released builds and assure compliance with your license policies. Xray, can also look into Docker containers, and identify vulnerable and non-compliant use of open source packages inside them.

With the release of 2.10, Xray now offers indexing and scanning support for Go and PHP Composer packages, bringing the number of package types supported by Xray to 14. This further broadens the security and compliance coverage offered by Artifactory and Xray.

Here is a list of other functional improvements also included in the Xray 2.10 release:

  • Email notifications can be sent to the Deploying User and Watch Recipient
    Xray now knows the user who deployed the component to Artifactory that is triggering a violation. It also knows who the ‘watch’ recipients are and will notify all parties by email of the artifact with the violation.
  • New API – Getting Component List per Watch
    The new Getting Component List per Watch API command allows you to retrieve a list of artifacts scanned by the watch, including those artifacts that didn’t have any violation.
  • Expanded License Identification Capabilities
    You can now manually assign aliases to a license name in the Manage Licenses page in the UI to provide Xray with more flexibility when identifying a license type in cases where a license was misspelled.

See our Release Notes for the full details on the new features, enhancements and issues resolved.