JFrog Advanced Security

JFrog Security Documentation

ft:sourceType
Paligo

CLOUD (SaaS)/SELF HOSTED for ENTERPRISE X and ENTERPRISE+ with Advanced DevSecOps

JFrog Security Advanced Security (JAS) is based on deep security research by JFrog's Security Research team that delivers extended insights into security issues, their impact on your software, and advice on how to remediate them. It helps sharpen developers with prioritized, contextual remediation advice that identifies what matters most to ensure you’re protected. JFrog Xray previously released a powerful capability, the JFrog Security CVE Research and Enrichment feature, that helps you with enhanced analysis on CVE findings in a way that allows you to focus on the most important issues with the capability of finding the best resources invested in fixing them. 

To learn more about what our research team is up to, see https://research.jfrog.com/.

How does JAS help you?

When Xray scans your packages, it can potentially find thousands of vulnerabilities. Thus, developers will have to sift through these long lists of vulnerabilities to identify their relevance and in some cases, it can be hard to pinpoint where to start, as many of these vulnerabilities may not affect your artifacts. This process is erroneous and time-consuming. 

In addition, when it comes to non-code-related security issues, they are often overlooked in an organization as a potential security threat, since they are the smallest and easiest issues to fix. This leaves your software potentially exposed to security threats due to security malpractices (e.g., missing authentication), insecure configurations (e.g., excessive privileges), weak authentication, and so on.  

JAS helps you solve these issues with the capabilities it offers:

  • Vulnerability Contextual Analysis: Understand the applicability of CVEs in your application and reduce false positives and vulnerability noise with smart CVE analysis. 

  • Exposures: Detect potential security issues in your configurations and the usage of open-source libraries in your code with end-to-end supply chain security to cover different forms of software supply chain attacks.

The JFrog Research team provides prioritized, contextual remediation advice identifying what CVEs matter most and enhanced CVE data for developer-friendly step-by-step remediation.

Get Started

New to Xray? 

Read our docs to learn more about what Xray offers and how to get started with Xray.

Trial Version

JAS is available in JFrog’s Trial version for Cloud and Self Hosted, if you would like to try it out in your existing environment contact our support team and request a trial. 

Cloud

Request JAS to be enabled by your Administrator.

Self-Hosted

JAS requires an Xray version 3.67.x and above. Follow the instructions here depending on your installation requirements.