Product | Update | Details |
---|---|---|
Platform | Additional Security Manager Role and Additional Scanning Capabilities in Project Functionality | The new security manager role enables a user to perform a wide range security-related project actions, as well as additional functionalities for Xray in Projects, such as generating Global Xray Reports for a Project scope and applying global watches to projects. |
Docker Enhancements |
| |
New Outbound Repository Request Log | Announcing a new Outbound Remote Repository Request log, which allows you to track every request initiated by a remote repository including requests related to replication. | |
Native Artifacts Browser Accessible from the UI | The Artifactory native artifacts browser, which allows browsing the contents of a repository in a plain HTML structured tree, is now available via the artifact URL or via the artifacts Actions menu, which means that authenticated users will not need to re-authenticate to access the native browser. | |
Support for Multiple HashiCorp Vault Connectors in the JFrog Platform UI JFrog Subscriptions: Enterprise with Security Pack | Enterprise+ | The JFrog Platform integration with HashiCorp Vault now enables you to configure multiple external vault connectors through the Platform UI. | |
Multiple GPG keys for Signing Release Bundles | Distribution now supports signing Release Bundles using multiple GPG signing keys and not one key pair for all Release Bundles. This enables you to use different keys according to your organizational requirements. | |
Managing Multiple Signing Keys JFrog Subscriptions: Enterprise with Security Pack | Enterprise+ | JFrog Platform now enables you to manage multiple RSA and GPG signing keys through the Keys Management UI and REST API. | |
Generating an Identity Token through the Profile UI | The user profile now enables users to generate identity tokens, which means that any user can create a user identity token for themselves via the UI (or via REST API). Identity tokens are scoped tokens, providing limited and focused permissions, and when a user is deleted/disabled, their tokens are also revoked. | |
Security & Compliance | Dependencies Scan | The Dependencies Scan feature enables you to scan your source code dependencies to find security vulnerabilities and licenses violations, with the ability to scan against your Xray policies, using the JFrog CLI. |
On-Demand Binary Scan | Xray now provides on-demand binary scanningto address your needs using the CLI for fast results. You can point to a binary in your local file system and receive a report that contains a list of vulnerabilities, licenses, and policy violations for that binary prior to uploading the binary or build to Artifactory. | |
CI/CD | Approval Gates | The Approval Gates feature enables you to insert a manual approval process for a step in a pipeline. Approvers can approve or reject steps, and receive Slack and e-mail notifications for steps that require approval. |
Improved Logs for Signed Pipelines | Pipelines will now post logs to step consoles when steps are getting signed. This will help users to identify the cause of failures during the process of signing a pipeline. | |
Conditional Workflow | The Conditional Workflow feature enables users to choose if a step executes or skips based on certain conditions set for the previous upstream step, which provides more flexibility in the execution logic of a pipeline. |