Xray System Messages

JFrog Security Documentation

ft:sourceType
Paligo

Xray administrators can view a list of all artifact and data failure messages in Failure Messages and Retry Messages tab in the System Messages page, under the Administration module. Each failure can be traced to the exact step in the scanning and impact analysis Xray process in which it failed, allowing administrators to fix the issue and retry the step or contact JFrog support for further investigation.

Scanning

Every time a new artifact or build is added, Xray scans it and its dependencies for known vulnerabilities and compliance violations and generate Issues accordingly. This process is called "Scanning". That includes the following process steps:

  • Check All

  • Index

  • Persist

  • Analysis

  • Alert

  • Notify

  • Artifactory Update

Impact Analysis

Every time new component metadata is available (vulnerabilities, licenses, etc.), Xray looks up the component in the components graph and if the update matches any watches, Xray will generate an issue and create a map of its impact to determine which artifacts are ultimately affected by it. This process is called "Impact Analysis". That includes the following process steps:

  • Analysis

  • Alert

  • Notify

  • Artifactory Update