Supported Technologies

JFrog Security User Guide

SAST, CVEs Contextual Analysis, and Secrets Detection

Programming LanguageSource Code SAST (1st party)Source Code CVEs Contextual AnalysisBinary CVEs Contextual AnalysisSecrets Detection
GoInside Docker
JavaLimited (Maven & Gradle — Uber/Fat JARs only)
KotlinInside Docker
JavaScriptInside Docker
TypeScriptInside Docker
C# .NETInside Docker
PythonInside Docker
C/C++Inside Docker
RustInside Docker
DockerConditional (depends on contained language)
Terraform (IaC)

Misconfigurations

  • Infrastructure as code (IaC)
    1. Terraform modules - Supported in JFrog IDE Plugins and JFrog CLI
    2. Terraform plan files - Supported in JFrog CLI
    3. Terraform state files - Supported in JFrog Artifactory (Terraform BE Repository)
  • Applications and Services misconfigurations:
    1. Supported in JFrog Artifactory for Container images