Supported Technologies

Software Packages

Programming Language	Package	SCA Source code scanning	SCA Binary scanning
Go	Go	✅	✅
PHP	PHP		✅
Java	Maven	✅	✅ jar, war, ear, nupkg, sar, har, hpi, cpa, jpi, all archive types
Java	Gradle	✅	✅ jar, war, ear, nupkg, sar, har, hpi, cpa, jpi, all archive types
Java	Ivy		✅ jar, war, ear, nupkg, sar, har, hpi, cpa, jpi, all archive types
Scala	SBT		✅ jar, war, ear, nupkg, sar, har, hpi, cpa, jpi, all archive types
JavaScript	npm	✅	✅
JavaScript	Bower		✅
JavaScript	pnpm	✅
JavaScript	YARN	✅
.NET	NuGet	✅	✅ nupkg, all archive types
Python	PyPI	✅	✅ whl, egg, all archive types
Python	Conda		✅
Ruby	RubyGems	✅	✅
Objective-C	CocoaPods	✅	✅ podspec
C/C++	Conan	✅	✅ conanmanifest.txt
Rust	Cargo		✅ crate
R	CRAN		✅ All archive types
Swift	SwiftPM	✅
Dart and Flutter	pub		✅

OS Packages

Package	SCA Source code scanning	SCA Binary scanning
Debian	N/A	✅
RPM	N/A	✅
Alpine	N/A	✅

Containers

Package	SCA Source code scanning	SCA Binary scanning
Docker		✅
OCI		✅
Chainguard Images		✅

ML Models

Package	SCA Source code scanning	SCA Binary scanning
Hugging Face ML	N/A	✅
Machine Learning Model	N/A	✅ bin, ckpt, dill, flax, ggml, gguf, h5, hdf5, joblib, keras, mpk, msgpack, nemo, npy, npz, onnx, pb, pdparams, pkl, pt, pth, safetensors, tflite, zip Xray Identifies ML Model binaries in Generic repositories and inside Docker containers SBOM only, no malicious package scanning The following formats are supported - Flax, GGML, GGUF, Joblib, Keras H5, NeMo, NumPy Archive, NumPy Array, ONNX, PaddlePaddle, Pickle / Dill, PyTorch Archive, PyTorch state_dict, Safetensors, SavedModel, TFLite

Package

SCA Source code scanning

SCA Binary scanning

Hugging Face ML

N/A

✅

Machine Learning Model

N/A

✅
bin, ckpt, dill, flax, ggml, gguf, h5, hdf5, joblib, keras, mpk, msgpack, nemo, npy, npz, onnx, pb, pdparams, pkl, pt, pth, safetensors, tflite, zip

Xray Identifies ML Model binaries in Generic repositories and inside Docker containers

SBOM only, no malicious package scanning

The following formats are supported - Flax, GGML, GGUF, Joblib, Keras H5, NeMo, NumPy Archive, NumPy Array, ONNX, PaddlePaddle, Pickle / Dill, PyTorch Archive, PyTorch state_dict, Safetensors, SavedModel, TFLite

IAC

Type	Details
Helm Charts	Scans referenced Docker/OCI images stored in JFrog Artifactory
Terraform State	Not identified by extension

SBOM Formats

Format	Format
CycloneDX	JSON,XML
SPDX	JSON

Archive Support in Generic Artifactory Repository

Type	SCA Source code scanning	SCA Binary scanning
Supported Archive Types	N/A	7z, zip, tar, vmdk, ova, cpio, iso, rar, aar
Supported Compression Types	N/A	gz, xz, bz2, zstd, lzma

Notes:

Operational risk is supported for Maven and NPM