As an organization, you wish to build software securely during development, without trying to find and fix vulnerabilities after your code is compiled. Xray uses the JFrog CLI to provide on-demand binary scanning to address your needs.
Run ad-hoc scans for security purposes without uploading to Artifactory first.
Adhere to organizational standards, whereas binaries and builds need to be approved first before uploading to Artifactory.
Not all binaries are stored in Artifactory, and as a user, you want to use Xray scanning capabilities.
You can point to a binary in your local file system and receive a report that contains a list of vulnerabilities and licenses for that binary. The JFrog CLI encapsulates a closed source component that contains the logic of extracting a binary and composes a component graph from the binary, similar to the way Xray scans your binaries in Artifactory. For more information, see Xray Security and Compliance. The CLI returns a detailed scan results report that contains the details of vulnerabilities, violations, and licenses discovered in your binary.
Starting from Xray version 3.40.3 and JFrog CLI version 2.11.0, you can run an on-demand binary scan on Docker images.
Starting from Xray version 3.61.5 you can also run an on-demand binary scan on OCI container images.
To run a JFrog On-Demand Binary Scan:
For more information, see...
Trigger the JFrog CLI
Trigger the JFrog CLI in a directory containing the source files.
Run the JFrog CLI Command
Run the JFrog CLI Command for your deployment
Review the On-Demand Binary Scan results.