Supported Technologies

JFrog Security User Guide

SAST, CVEs Contextual Analysis, and Secrets Detection

Info

* Supported inside a Docker image and via CLI using jf audit (includes npm contextual analysis).

Programming LanguageSource code SAST (1st party code)Source code CVEs Contextual AnalysisBinary CVEs Contextual AnalysisSecrets Detection
Go*
Java*
Maven and Gradle repositories
Kotlin*
JavaScript*
TypeScript*
C# .NET*
Python*
C/C++*
Rust*
Docker
Terraform
(See Infrastructure as code below)

Misconfigurations

  • Infrastructure as code (IaC)
    1. Terraform modules - Supported in JFrog IDE Plugins and JFrog CLI
    2. Terraform plan files - Supported in JFrog CLI
    3. Terraform state files - Supported in JFrog Artifactory (Terraform BE Repository)
  • Applications and Services misconfigurations:
    1. Supported in JFrog Artifactory for Container images