WHAT THE FULL VERSION OF XRAY COMES WITH
Xray in GoCenter gives you the visibility you need to understand the vulnerabilities found. For advanced features including known remediation information, you’ll want to utilize the full version of Xray! Here are some of the main features and benefits you’ll get when utilizing the full version of JFrog Xray:
Robust Support of Go
With the new GoCenter integration, vulnerability scanning for Go Modules is now supported. Additionally, Artifactory as your binary repository manager also supports using Go and GoCenter as a proxy. In fact, if your Go Modules are being deployed inside a Docker container, Xray can be used to scan your Docker image for any known vulnerabilities.
Universal Security & Compliance
Xray supports all major package types, understands how to unpack them, and uses recursive scanning to see into all of the underlying layers and dependencies of components, even those packaged in Docker images, and zip files.
Native Integration with Artifactory
Xray is the only Software Composition Analysis (SCA) solution that natively integrates with Artifactory optimizing scanning performance, and providing unified operation and a single pane of glass view into all of the information about your artifacts including security and compliance status.
Want to try the full JFrog Xray experience? Take a Free Xray Trial
How Does JFrog Xray Protect You
Leading Vulnerability Intelligence
Gain confidence in your releases with the most timely and comprehensive vulnerability intelligence VulnDB, coupled with other metadata sources of vulnerabilities, license compliance, component versions and others to mitigate false positives.
JFrog IDE extensions
You can use JFrog IDE extensions to identify vulnerable packages as soon as you define them in your dependencies in your code. IDE support includes: Visual Studio Code, Visual Studio, Eclipse IDE and IntelliJ IDEA.
Open for Integration and Automation
In addition to being integrated with VulnDB and other sources of OSS component version and vulnerability intelligence, it is also open to integration with other databases and tools. Using Xray’s REST API, customers can integrate Xray with their own DevOps tools ecosystem for easy automation.
Open for Different Issue Types
Xray is not limited to security vulnerabilities; it can receive any type of information about software component that can help you make decisions. For example, you can provide Xray with information about components that have performance issues or severe defects and the impact that these components have on your software.
Deep Recursive Scanning
Xray performs a deep scan of artifacts, recursively going through dependencies at any level and creating a graph of relationships between software components. For example, when analyzing a Docker image, if Xray finds that it contains a Java application it will also analyze all the .jar files used in this application.
Stopping Vulnerable Packages and use Xray for License Compliance
One of the most celebrated features of Xray is the ability to monitor your Go Modules for vulnerabilities and set “watchers” to automatically fail a build if a vulnerable package has been found. You can also set up watchers to scan for open source licenses and stop builds if your project or dependencies are missing one. This makes license compliance a breeze.
Impact Analysis Graph
Xray listens to all providers currently streaming feeds regarding issues. If any provider notifies Xray of a new issue with an artifact, Xray looks up the artifact in its database. If the artifact is already in the database, Xray analyzes how an issue in one component affects all others in your company and displays the chain of impact in a component graph. Xray will perform an impact analysis to determine all the artifacts in Artifactory that are ultimately affected by the issue by virtue of their including the problematic artifact. The results are displayed in an impact analysis graph.