Released: July 21, 2021
The Xray Dependencies Scan feature enables you to scan your source code dependencies to find security vulnerabilities and licenses violations, with the ability to scan against your Xray policies. The dependencies scan is available using the JFrog CLI . With a simple command-line tool, you can scan a source code directory on your local file system, providing a fast and early scan during development.
On-Demand Binary Scan
Xray now provides on-demand binary scanning to address your needs using the JFrog CLI for fast results. Now, you can point to a binary in your local file system and receive a report that contains a list of vulnerabilities, licenses, and policy violations for that binary prior to uploading the binary or build to Artifactory.
The new scanning capabilities require JFrog CLI version 2.1.0.
Additional REST API Projects Support
To further support Projects in Xray, the following additions were made in the Xray REST APIs:
Fixed an issue whereby, in some cases, a circular dependency was causing a stack overflow in analysis during scanning.
Fixed an issue whereby, the Artifact summary API sometimes returned empty results for a Docker image that was pushed to several locations and these locations were deleted.
Fixed an issue whereby, the DB Sync was stuck due to the database restarting.
Fixed an issue whereby, e-mail notifications were not sent for builds when the Notify Deployer option was enabled in a Policy.
Fixed an issue whereby, when importing Xray configurations using the Import API, remote repositories were not assigned as indexed resources in Watches.
Fixed an issue whereby, a license without references was detected as an unknown license.
Fixed an issue whereby, in some cases, indexing builds or repositories was failing due to RabbitMQ failures.
Fixed an issue whereby, the Xray upgrade failed in rare cases of nonpublic schemas in Xray DB.