Xray 3.29.0

Xray Release Information
Products
JFrog Xray
ft:sourceType
Paligo

Released: July 21, 2021

Highlights
Dependencies Scan

The Xray Dependencies Scan feature enables you to scan your source code dependencies to find security vulnerabilities and licenses violations, with the ability to scan against your Xray policies. The dependencies scan is available using the JFrog CLI . With a simple command-line tool, you can scan a source code directory on your local file system, providing a fast and early scan during development.Xray Dependencies ScanCLI for JFrog Xray

On-Demand Binary Scan

Xray now provides on-demand binary scanning to address your needs using the JFrog CLI for fast results. Now, you can point to a binary in your local file system and receive a report that contains a list of vulnerabilities, licenses, and policy violations for that binary prior to uploading the binary or build to Artifactory.Xray On-Demand Binary ScanCLI for JFrog Xray

Note

The new scanning capabilities require JFrog CLI version 2.1.0.

Feature Enhancements

Additional REST API Projects Support

To further support Projects in Xray, the following additions were made in the Xray REST APIs:

  • Added ability to scan builds in a Project using the Scan Builds REST API .Scan Build V1

  • Added Project scope support when exporting/importing Watches, Policies and Ignore Rules using the Import/Export REST API.IMPORT & EXPORT

Resolved Issues

JIRA Number

Description

XRAY-7956

Fixed an issue whereby, in some cases, a circular dependency was causing a stack overflow in analysis during scanning.

XRAY-7942

Fixed an issue whereby, the Artifact summary API sometimes returned empty results for a Docker image that was pushed to several locations and these locations were deleted.

XRAY-7803

Fixed an issue whereby, the DB Sync was stuck due to the database restarting.

XRAY-7604

Fixed an issue whereby, e-mail notifications were not sent for builds when the Notify Deployer option was enabled in a Policy.

XRAY-5960

Fixed an issue whereby, when importing Xray configurations using the Import API, remote repositories were not assigned as indexed resources in Watches.

XRAY-7944

Fixed an issue whereby, a license without references was detected as an unknown license.

XRAY-7049

Fixed an issue whereby, in some cases, indexing builds or repositories was failing due to RabbitMQ failures.

XRAY-8019

Fixed an issue whereby, the Xray upgrade failed in rare cases of nonpublic schemas in Xray DB.