Released: January 12, 2020
Database Sync Known Issue
In all current Xray 3.x versions up to Xray 3.6.2, you might experience the Database sync process getting stuck. To resolve this, it is recommended to abort the process and retry. To learn more, click Synchronize the Database when Working with Xray.
Note
Deprecated Features
Xray 3.0 introduces several deprecated features.
Also read about the features that are currently out of scope and will be available soon, in forthcoming release.
Breaking Changes
For a list of breaking changes in Xray.
REST API Changes
For a list of REST API changes in Xray.
Important: The JFrog Platform web UI is now accessed through port 8082 (For example, http://SERVER_HOSTNAME:8082/ui/
). Accessing Xray directly for REST API and downloads is still possible through port 8081. System Requirements
Highlights
JFrog Platform
Announcing the new JFrog Platform, designed to provide developers and administrators with a seamless DevOps experience across all JFrog products, supporting the following main features:
Universal package management with all major packaging formats, build tools, and CI servers.
Security and Compliance that's fully integrated into the JFrog Platform, providing full trust of your pipeline from code to production.
Radically simplified administration with all configurations in one place.
Complete trust in your pipeline all the way from code to production.
Seamless DevOps experience from on-prem, cloud, hybrid or multi-cloud of your choice.
Note
JFrog Platform New Functionalities
System Architecture
Xray 3.0 is now part of the JFrog Platform Deployment (JPD) which defines a single logical unit shared by all JFrog products. Xray pairing process to JPD was simplified and now requires only URL and shared secret (Join key). System Architecture
Xray system.yaml
This release introduces a new system configuration file, allowing system configurations to be handled externally to the application, before/after the installation process. For more information, see Xray System YAML.
Installation and Upgrade
Xray 3.0 comes with a new installer, which affects the Installand upgradeprocedures. As part of the new installers, the file structure was changed and is now aligned with the other JFrog products. When upgrading to the JFrog Platform, Xray must be connected only to a single Artifactory instance. If you have a single Xray instance connected to multiple Artifactory instances, before upgrading Artifactory and Xray, you will need to split your Xray instance to multiple instances to support this requirement. Xray and Artifactory One-to-One Pairing
Additional enhancements:
The new Docker installer has been improved and now supports setting the uid/gid of the Xray container and image.
The new system architecture includes a new system.yaml configuration which provides the option of silent installation.
Unified Permission Model
This version unifies all JFrog product permissions, allowing easier permission management across all products from one unified UI. The Unified Permission Model enables you to create a single permission target that applies to all products installed in the JFrog Platform. Since the products are unified within the Platform, you can now use a single permission target to control the permissions of all products. Permissions
Unified User Interface
This version introduces a new UI that is unified for the entire JFrog Platform, including all JFrog products. If you are using Artifactory and other JFrog products such as JFrog Xray, JFrog Distribution, JFrog Mission Control and JFrog Insights, you will now be able to access them all from within a single UI with one URL address. Xray data is located within each of your resource pages allowing you to quickly review the status of for your scanned resources - Packages, Builds, Artifacts or Release Bundles. To find the changes in Artifactory UI.
Logging
All JFrog products now follow a standardized logging format and naming convention. Logging
Feature Enhancements
Removed the MongoDB Database
The MongoDB database used by Xray prior to the Unified Platform, is no longer required (except during the data migration process). If you are upgrading to the new JFrog Platform, your data will automatically be migrated to PostgreSQL as part of the upgrade process.
Release Bundles Scan
In addition to scanning repositories and builds, the Unified Platform now allows Xray 3.0 to scan Release Bundles for vulnerability and license compliance. You can now protect your releases by defining policies and watches on your Release Bundles. Policy violations can block the distribution of a ReleaseBundle.
Configure Indexed Resources Using Patterns
You now have more flexibility when configuring Xray indexed resources by using Exclude or Include Patterns for Builds and Release Bundles.
Configure Watch Scope Using Patterns
You now have more flexibility when configuring the Watch resources scope of repositories, builds and Release Bundles by name or using Exclude/Include patterns.
Dedicated Security and Compliance Search Experience
Xray 3.0 introduces a new Security and Compliance Search, part of the new JFrog Platform. You can now search for specific vulnerability and license compliance information by resource name, CVE number, license, severity level and scan date range.
Issues Resolved
Xray now collects "branch" information for Alpine components and vulnerabilities.
Xray now displays the ignored violation upon creation.
Security improvements to Xray-related Docker base images.
Fixed an issue whereby under certain circumstances, an exported Xray data file in a component could not be unzipped.