Xray 3.101.5

Xray Release Information

Products
JFrog Xray
Content Type
Release Notes
ft:sourceType
Paligo

Released: July 28, 2024

Highlights

Support CocoaPods

Added support for scanning of CocoaPods packages.

Enhanced Secrets Scanning - Token Validation

JFrog Advanced Security enhanced Secrets scanning capabilities. This release introduces token validation, further strengthening your security posture by verifying the validity of detected tokens. Previously, our secrets scanned identified tokens, now you will be able to distinguish between active and inactive ones by authenticating against the token provider. For more information, see Secrets ScansSecrets Scans

This feature is enabled through the Enable Token Validation REST API.

Compare Security Differences Between Build Versions

A new feature that enables the comparison and identification of vulnerabilities across different build versions. Xray now offers comprehensive visibility into vulnerabilities that have been added, resolved, or modified, facilitating a better understanding of which components have been added, removed, or updated. For more information, see Comparing Build Versions for Security Diff.Comparing Build Versions for Security Diff

Search by Component and CVE

Added the capability to search for resources by component and by CVE through the Search resources by vulnerability and packageREST API.

Resolved Issues

Jira

Description

XRAY-72272

When the build path is missing for an artifact it causes the scan status to return and not be updated to Done after rescanning.

XRAY-51523

When the build version contained slash characters it caused an issue in the overview screen of the build version in Scans List.

XRAY-77340

A 42P01 error occurred during the scanning of artifacts from the Postgres DB if Xray tables were not in the default public schema.