October 2022

JFrog Hosting Models Documentation

Content Type
User Guide
ft:sourceType
Paligo

Product

Update

Details

Security & Compliance

JFrog Advanced Security

Announcing Frog Advanced Security Pack! The new security pack can be purchased with Cloud Enterprise X and Enterprise+ subscriptions, and contains the following features:

  • Vulnerability Contextual Analysis: An industry first; scan containers and packages to prioritize whether OSS vulnerabilities are actually exploitable.

  • Exposed Secrets: Detect any secrets left exposed in any containers stored in Artifactory to stop accidental leaks of internal tokens or credentials.

  • Insecure use of libraries and services: Detect whether common OSS libraries and services are used and configured securely so that containerized applications can be easily hardened by default.

  • Infrastructure-as-Code (IAC): Scan IaC files stored in Artifactory for early detection of cloud and infrastructure misconfigurations. Xray scans Terraform states for AWS, Azure, and GCP cloud services.

Conda Packages Support

Xray can now scan Conda packages that contain python packages and their dependencies for security vulnerabilities, license compliance and operational risk.

On-Demand Scanning Enhancement

When the JFrog CLI tool executes an on-demand scan, it first downloads the Xray executable from the Xray server. Until this release, a native M1 version of this executable was unavailable. For an on-demand scan on an M1 machine, the Intel X64 version of the executable had to be used, and required Rosseta2 emulation. With this release, a native M1 version is available and the need for Rosseta2 has been removed.

Expand Support to Additional General Archive Types/Formats

Added support in Xray for additional compression and general archive formats and extensions (.rar, .tbz2, tar.bz2, tar.lzma, .tlz, .tar.xz, .txz).

CI/CD

Support for Multiple Pipeline Sources per Repository

Pipelines now supports the creation of multiple pipeline sources multiple pipeline sources per repository. This change significantly improves the performance of your pipelines sync.

Secure Project Integration Information

Project integration information is now protected when handling public Git repositories.

Allow Failure in Conditional Steps

A new boolean option called allowFailure has been introduced for conditional steps. The allowFailure option can be set for individual steps and can be used to ignore the current step’s failure while computing the final status of the run.

New Utility Functions to Store and Restore Files between Steps in Affinity Group

Added add_affinity_group_files and restore_affinity_group_files utility functions to more easily use the affinity group workspace to share files between steps in an affinity group.

New Runs Charts

Pipelines run charts show the behavior of the runs for the selected number of runs.

The following charts show how the runs performed:

  • Run Performance: Shows the median build time for the runs categorized based on the first and last build.

  • Execution Frequency: Shows the average runs.

  • Runs Status: Shows the run status and the time taken for each run.