Released: July 28, 2024
Highlights
Support CocoaPods
Added support for scanning of CocoaPods packages.
Enhanced Secrets Scanning - Token Validation
JFrog Advanced Security enhanced Secrets scanning capabilities. This release introduces token validation, further strengthening your security posture by verifying the validity of detected tokens. Previously, our secrets scanned identified tokens, now you will be able to distinguish between active and inactive ones by authenticating against the token provider. For more information, see Secrets Scans
This feature is enabled through the Enable Token Validation REST API.
Compare Security Differences Between Build Versions
A new feature that enables the comparison and identification of vulnerabilities across different build versions. Xray now offers comprehensive visibility into vulnerabilities that have been added, resolved, or modified, facilitating a better understanding of which components have been added, removed, or updated. For more information, see Comparing Build Versions for Security Diff.
Search by Component and CVE
Added the capability to search for resources by component and by CVE through the Search resources by vulnerability and packageREST API.
Resolved Issues
Jira | Description |
---|---|
XRAY-72272 | When the build path is missing for an artifact it causes the scan status to return and not be updated to Done after rescanning. |
XRAY-51523 | When the build version contained slash characters it caused an issue in the overview screen of the build version in Scans List. |
XRAY-77340 | A 42P01 error occurred during the scanning of artifacts from the Postgres DB if Xray tables were not in the default public schema. |