Xray 3.0.0

Xray Release Information

JFrog Xray

Released: January 12, 2020

Database Sync Known Issue

In all current Xray 3.x versions up to Xray 3.6.2, you might experience the Database sync process getting stuck. To resolve this, it is recommended to abort the process and retry. To learn more, click Synchronize the Database when Working with Xray.Synchronize the Database when Working with Xray


Deprecated Features

Xray 3.0 introduces several deprecated features.

Also read about the features that are currently out of scope and will be available soon, in forthcoming release.

Breaking Changes

For a list of breaking changes in Xray.

REST API Changes

For a list of REST API changes in Xray.

Important: The JFrog Platform web UI is now accessed through port 8082 (For example, http://SERVER_HOSTNAME:8082/ui/). Accessing Xray directly for REST API and downloads is still possible through port 8081. System RequirementsSystem Requirements

JFrog Platform

Announcing the new JFrog Platform, designed to provide developers and administrators with a seamless DevOps experience across all JFrog products, supporting the following main features:

  • Universal package management with all major packaging formats, build tools, and CI servers.

  • Security and Compliance that's fully integrated into the JFrog Platform, providing full trust of your pipeline from code to production.

  • Radically simplified administration with all configurations in one place.

  • Complete trust in your pipeline all the way from code to production.

  • Seamless DevOps experience from on-prem, cloud, hybrid or multi-cloud of your choice.


Get StartedGet Started

JFrog Platform New Functionalities
System Architecture

Xray 3.0 is now part of the JFrog Platform Deployment (JPD) which defines a single logical unit shared by all JFrog products. Xray pairing process to JPD was simplified and now requires only URL and shared secret (Join key). System ArchitectureSystem Architecture

Xray system.yaml

This release introduces a new system configuration file, allowing system configurations to be handled externally to the application, before/after the installation process. For more information, see Xray System YAML.Xray System YAML

Installation and Upgrade

Xray 3.0 comes with a new installer, which affects the Installand upgradeprocedures. As part of the new installers, the file structure was changed and is now aligned with the other JFrog products. When upgrading to the JFrog Platform, Xray must be connected only to a single Artifactory instance. If you have a single Xray instance connected to multiple Artifactory instances, before upgrading Artifactory and Xray, you will need to split your Xray instance to multiple instances to support this requirement. Xray and Artifactory One-to-One PairingInstallUpgrading XrayXray and Artifactory One-to-One Pairing

Additional enhancements:

  • The new Docker installer has been improved and now supports setting the uid/gid of the Xray container and image.

  • The new system architecture includes a new system.yaml configuration which provides the option of silent installation.

Unified Permission Model

This version unifies all JFrog product permissions, allowing easier permission management across all products from one unified UI. The Unified Permission Model enables you to create a single permission target that applies to all products installed in the JFrog Platform. Since the products are unified within the Platform, you can now use a single permission target to control the permissions of all products. PermissionsPermissions

Unified User Interface

This version introduces a new UI that is unified for the entire JFrog Platform, including all JFrog products. If you are using Artifactory and other JFrog products such as JFrog Xray, JFrog Distribution, JFrog Mission Control and JFrog Insights, you will now be able to access them all from within a single UI with one URL address. Xray data is located within each of your resource pages allowing you to quickly review the status of for your scanned resources - Packages, Builds, Artifacts or Release Bundles. To find the changes in Artifactory UI.


All JFrog products now follow a standardized logging format and naming convention. LoggingLogging

Feature Enhancements
Removed the MongoDB Database

The MongoDB database used by Xray prior to the Unified Platform, is no longer required (except during the data migration process). If you are upgrading to the new JFrog Platform, your data will automatically be migrated to PostgreSQL as part of the upgrade process.

Release Bundles Scan

In addition to scanning repositories and builds, the Unified Platform now allows Xray 3.0 to scan Release Bundles for vulnerability and license compliance. You can now protect your releases by defining policies and watches on your Release Bundles. Policy violations can block the distribution of a ReleaseBundle.

Configure Indexed Resources Using Patterns

You now have more flexibility when configuring Xray indexed resources by using Exclude or Include Patterns for Builds and Release Bundles.

Configure Watch Scope Using Patterns

You now have more flexibility when configuring the Watch resources scope of repositories, builds and Release Bundles by name or using Exclude/Include patterns.

Dedicated Security and Compliance Search Experience

Xray 3.0 introduces a new Security and Compliance Search, part of the new JFrog Platform. You can now search for specific vulnerability and license compliance information by resource name, CVE number, license, severity level and scan date range.

Issues Resolved
  1. Xray now collects "branch" information for Alpine components and vulnerabilities.

  2. Xray now displays the ignored violation upon creation.

  3. Security improvements to Xray-related Docker base images.

  4. Fixed an issue whereby under certain circumstances, an exported Xray data file in a component could not be unzipped.