Xray 3.108.10 Cloud

Xray Release Information

Products
JFrog Xray
Content Type
Release Notes
ft:sourceType
Paligo

Released: December 9, 2024

Feature Enhancements

JFrog Advanced Security

  • Gradle repositories are now supported for Contextual Analysis and Secrets scans.

  • Enhanced the design of the Exposures details (right pane).

JFrog Curation

Curation policies can now be applied to repositories for a specific package type, including current and future repositories of the same type.

Xray Essentials

SBOM

Added support for 3 additional fields in CycloneDX vulnerabilities description:

  • Vulnerability Ratings: Include CVSS Score, CVE severity, Scoring method, and Vector

  • Vulnerability Description: A detailed description of the specific vulnerability

  • Vulnerability CWEs: A list of CWE (Common Weaknesses Enumerations) that fit this specific CVE

These 3 added fields greatly enhance the detail level and completeness of our CycloneDX SBOM reports.

Technician Dashboard

You can now download the technician dashboard to view charts of metrics related to application performance. This REST API call will download a zip file with the dashboards as HTML files. Any admin user can access the REST API.

REST API:GET api/v1/metrics/dashboard/download

Xray Reports

Added Repo Path to the generated Violation reports.

Operational Risk

Improved Operational Risk Policy by allowing the release age to be set in customized months instead of using a default range.

Supported Technologies

Xray now supports indexing raw disk images (.img) and SquashFS (.squashfs)

Resolved Issues

Jira

Description

XRAY-91233

The Scan Build REST API failed when the build contained a project key.

XRAY-90830

Report requests were stuck due to backend events.

XRAY-89975

Contextual Analysis results were missing in reports for remote repositories.

XRAY-88846

The JFrog CLI, in some cases, resulted in a “500 Internal Server Error” when running the “sbom-enrich” command.

XRAY-88805

The file path was sometimes missing for Exposures violations.

XRAY-88380

When generating a report using the REST API input validation was missing for the provided name, resulting in the creation of a report with an invalid name.

XRAY-87616

Xray could not scan artifacts from build info if the build was published using REST API without including the same values for the build.timestamp and body request started parameter.

XRAY-87395

The Export Details REST API call failed when the filename was more than 255 bytes

XRAY-86530

Fixed incorrect component referencing in CycloneDX - it was using “bom-ref” field instead of “affects” field.

XRAY-84772

REST API Ignore Rules are not applied in Docker On-Demand Scans when the name contains a slash