Xray 3.8.0

You can now create and generate a Vulnerabilities Report that gives you a visual representation of vulnerabilities found in your artifacts, builds, and release bundles. Narrow down what data you would like to see by setting a specific scope and advanced filters to display the exact data you want to analyze. A new reports page now is part of the JFrog platform where you can create, generate, and perform various actions on reports with the capability to export to PDF, JSON, and CSV file formats for further analysis. The Vulnerabilities report is also supported by REPORTS REST APIs.Xray Reports

This report type is the first of the Xray Reports feature that was introduced in this release. Other report types are planned for future releases that will provide you with further capabilities.Xray Reports

A new role was added to the users' permissions allowing users to create, generate, and manage the new Reports feature in Users and Groups. This role is also required by some APIs such as Get Component List Per Watch and Find Component by CVE.Introduction to Users and GroupsGet Component List Per WatchFind Component by CVE

The new Multiple License Permissive Approach enables you to have more flexibility in the policy level and to configure a more permissive approach that allows components that have at least one of the licenses as permitted to go through without triggering a violation even if some licenses are not allowed.Assign an Automatic Action to an Xray Policy Rule

Xray has been enhanced to support open metrics. The new Metrics API has been added and returns metrics in the Open Metrics format. The new metric-related log file xray-{microservice}-metrics.log was added to the file system.Metrics

RabbitMQ has been upgraded to version 3.8.x.

The Go version with Xray has been upgraded to version 1.14.6, solving some security vulnerabilities described in CVE-2020-15586.

Xray is now certified to run with PostgreSQL versions 11.x, and 12.x.