Xray Integration with AWS Security Hub

JFrog Integrations Documentation

Content Type

JFrog Xray's integration brings Xray’s security and license violations intel inside AWS Security Hub. With this integration, you can:

  • Get a single consolidated view of all license compliance and security vulnerabilities.

  • Collect comprehensive scanning, analysis, and response to the license violations and security vulnerabilities that impact open source software associated with services, container images, helm charts, and other binaries.

How it Works

The Xray AWS Security Hub Integration takes the Xray webhook data, transforms it into an AWS Security Finding format, and imports the data into the Security Hub. The integration keeps track of findings that were already imported so that when the same violations are detected, they will be updated in the Security Hub.

The integration uses AWS serverless technology (Lambda, SQS, DynamoDb) to provide easy deployment and management. By deploying to your own AWS account, Xray data does not transit through third party systems.

Read more about the integration on our Github page.


If you need help with this integration, contact support@jfrog.com.