Xray 3.40.3

Xray Release Information
Products
JFrog Xray
ft:sourceType
Paligo

Released: January 13, 2022

Note

The new UI features in this release are available with Artifactory version 7.31.x and above.

Highlights
Generate Software Bills of Materials (SBOM) Report

Xray now can generate an SBOM report in both SPDX and CycloneDX standard formats. This will help DevSecOps teams to identify the software components in use, their dependencies, and associated license risks if any. To learn more, see Xray SBOM Report.Xray SBOM Report

Feature Enhancements
On-Demand Binary Scan Docker Support

Xray's On-Demand Binary Scan using the JFrog CLI now supports scanning Docker images. You can run an ad-hoc scan of a Docker image without uploading it to Artifactory first.

This feature requires JFrog CLI version 2.11.0.

On-Demand Binary Scans New UI

You can now view the On-Demand Binary scans that run using the JFrog CLI as part of the Xray UI in the JFrog Platform. This enables you to view and perform scan-related actions in Xray. For more information, see On-Demand Binary Scan.

Resolved Issues

JIRA

Description

XRAY-8611

Fixed an issue, whereby Xray was unable to detect a package version when it contains the @ character as prefix and suffix.

XRAY-8271

Fixed an issue, whereby Docker images were missing security results after a force reindex was triggered on another image, that shared common layers.

XRAY-8113

Fixed an issue, whereby a custom license was wrongly listed under two different artifacts although it is only attached to one.

XRAY-8108

Fixed an issue, whereby Xray failed to scan a Docker image that contained a corrupted file.

XRAY-9259

Fixed an issue, whereby when scanning the same artifact at the same time in different paths, some of those artifacts were marked as not scanned.

After upgrading to this Xray version, it is also possible to fix artifacts in this state by running the Scan Now REST API.Scan Now

XRAY-5078

Fixed an issue whereby, in some cases, Xray did not display the correct number of licenses in the licenses tab.

XRAY-8800

Improved the log error message to provide more information when extracting an archive when the total bytes limit reached error message is issued. The following values have been added:

  • The ratio limit

  • The size limit

  • The total size calculated

XRAY-8918

Improved the Scan Build V2 REST API by adding an option to retrieve all build's vulnerabilities by using a new include_vulnerabilities query param.Scan Build V2