Xray On-Demand Binary Scan

JFrog Security Documentation

JFrog Xray
Content Type
User Guide

As an organization, you wish to build software securely during development, without trying to find and fix vulnerabilities after your code is compiled. Xray uses the JFrog CLI to provide on-demand binary scanning to address your needs.

  • Run ad-hoc scans for security purposes without uploading to Artifactory first.

  • Adhere to organizational standards, whereas binaries and builds need to be approved first before uploading to Artifactory.

  • Not all binaries are stored in Artifactory, and as a user, you want to use Xray scanning capabilities.

You can point to a binary in your local file system and receive a report that contains a list of vulnerabilities and licenses for that binary. The JFrog CLI encapsulates a closed source component that contains the logic of extracting a binary and composes a component graph from the binary, similar to the way Xray scans your binaries in Artifactory. For more information, see Xray Security and Compliance. The CLI returns a detailed scan results report that contains the details of vulnerabilities, violations, and licenses discovered in your binary.


Starting from Xray version 3.40.3 and JFrog CLI version 2.11.0, you can run an on-demand binary scan on Docker images.

Starting from Xray version 3.61.5 you can also run an on-demand binary scan on OCI container images.


  1. Install XrayInstalling Xray

  2. Install JFrog CLI version 2.1.0

To run a JFrog On-Demand Binary Scan:




For more information, see...


Trigger the JFrog CLI

Trigger the JFrog CLI in a directory containing the source files.

Enable/Disable Contextual Analysis


Run the JFrog CLI Command

Run the JFrog CLI Command for your deployment

Run the JFrog CLI Commands for On-Demand Binary Scans


Review Results

Review the On-Demand Binary Scan results.

View On-Demand Binary Scan Results