Contextual Analysis Statuses and Results

JFrog Security Documentation

JFrog Xray
Content Type
User Guide

Once an artifact is indexed in Xray as part of a single upload, build, or Release Bundle, Xray will validate if the artifact contains vulnerabilities that are considered to have a very high impact. If such vulnerabilities are found, Xray will run the contextual analysis and retrieve the contextual analysis results. The results consist of the following:

Vulnerability Contextual Analysis Statuses

  • Not Scanned: Initial state, the scan was invoked for the CVE.

  • Applicable: The vulnerability can be exploited in the context of the scanned artifact.

  • Not Applicable: The vulnerability cannot be exploited in the context of the scanned artifact.

  • Undetermined: Inconclusive results, the scanner couldn't reach a definite result.

  • Rescan Required: A new scanner for this CVE is available, you need to rescan to retrieve applicability results.

  • Upgrade Required: (Self-Hosted only) The Xray version needs to be updated to receive a new scanner for this CVE. Rescan is required after the upgrade.

  • Not Covered: Scanner isn't available.

Vulnerability Contextual Analysis Results

The contextual analysis results can be accessed from Scans List.