View JFrog Research Enriched CVEs

JFrog Security Documentation

Products
JFrog Xray
Content Type
User Guide
ft:sourceType
Paligo

You can access the CVE data in the Xray Data tab in Artifactory and in the Watch Violations page under Security and Compliance.

Artifactory:

image2021-9-19_15-41-5.png

Watch Violations:

image2021-9-19_15-41-55.png

JFrog research enriched CVEs are indicated by an icon in the list.

image2021-9-19_15-43-28.png

Once you click on the CVE, the CVE details are displayed in the right panel. The JFrog research enriched CVE will include the following additional details:

JFrog Research Severity

The severity given by the JFrog security research team after the manual analysis by the team.

image2021-9-29_17-15-50.png

Remediation

Displays fixed versions for the issue if any, or recommendations such as upgrading and mitigations.

image2021-9-29_17-16-28.png

Research Summary

A summary of the issue in the CVE based on JFrog's security analysis .

image2021-9-29_17-17-25.png

Research Details

A detailed description of the issue that provides more insights on the vulnerability, based on JFrog's security analysis.

image2021-9-29_17-18-45.png

JFrog Research Severity Reasons

The reasons behind the JFrog research severity.

image2021-9-29_17-19-39.png