Xray 3.78.9

JFrog Release Information

ft:sourceType
Paligo

Released: July 11, 2023

Highlights

JFrog Curation

Requires Artifactory version 7.63.5 and above.

JFrog Curation requires Enterprise X and Enterprise + subscriptions.

Introducing JFrog Curation, a new JFrog Security product that enables you to block malicious or risky open-source packages entering your software supply chain, preventing consumption in any software pipeline. Package metadata is used for identification of malicious or risky packages removing the need to download components to scan, saving time and increasing security. It enables organizations to have control and visibility over third-party package downloads.JFrog Curation Overview XXX

What can you do with Curation?

  • Track the open-source packages downloaded by your organization to gain centralized visibility and control.

  • Prevent harmful packages from getting into your software development pipelines.

  • Protect against known and unknown threats, allowing only trusted software packages into your SDLC.

  • Create policies to block packages with known vulnerabilities, malicious code, operational risk, or license compliance issues.

PostgreSQL Upgrade

Xray now supports PostgreSQL version 15.x.

Feature Enhancements

Xray SBOM Report

The SBOM report now includes PURL and bom-ref fields in CycloneDX and SPDX.Xray SBOM Report

Exposures Expanded Package Support

In addition to Docker, Exposures now also supports Maven, npm, and PyPI packages.Exposures Scans

Resolved Issues

Jira

Description

XRAY-13486

Fixed an issue whereby, in the Scan lists page, Builds that are not contained in the project are being displayed.

XRAY-12470

Fixed an issue whereby, in some cases, report progress displayed was more than 100%.

XRAY-17499

Fixed an issue whereby zone-info files with '.zi' extension were misidentified, resulting in an indexing error.

XRAY-16878

Fixed an issue whereby, in some cases, when attempting to assign a custom issue for a Debian component, it lead to a 404 Page Not Found error.