Xray Functionality in the Application Module

JFrog Security Documentation

JFrog Xray
Content Type
User Guide

The following table describes Xray capabilities that are supported in the Application module:

Xray Capability


Search for Xray Data

Search for resources containing specific vulnerability and license compliance information according to Resource Name, CVE number, license, severity level and narrow it down to a specific date range. For more information, see Searching for Scanned Resources.Searching for Scanned Resources

Manage Violations on a Watch

View the detected violations for a specific Watch as well as setting ignore rules if needed. For more information, see Examining Violations on a Watch.

Analyze Your Resource Scanned Results

View Xray data on each of the scanned resources allowing you todrill down to expose greater detail and help you analyze the state of your components. For more information, see Analyzing Your Resource Scan Results.

Integrate Xray into Your CI-CD Pipeline

JFrog Xray can be integrated into your organization's CI/CD pipeline to make sure that build jobs containing violations are stopped early in the process. As part of a fully automated process, Xray receives information about a build that has just been run by your CI server, and runs a deep recursive scan on the build down to the deepest level dependency. If any violations are found, Xray returns an indication to the calling CI server and fails the build. For more information, see CI-CD Integration with Xray.

Integrate Xray into Your IDE

JFrog Xray is instrumental in flagging components with vulnerabilities during the development, by displaying vulnerabilities as early as possible in the developer's IDE. For more information, see IDE Integration.