Released: December 9, 2024
Feature Enhancements
JFrog Advanced Security
Gradle repositories are now supported for Contextual Analysis and Secrets scans.
Enhanced the design of the Exposures details (right pane).
JFrog Curation
Curation policies can now be applied to repositories for a specific package type, including current and future repositories of the same type.
Xray Essentials
SBOM
Added support for 3 additional fields in CycloneDX vulnerabilities description:
Vulnerability Ratings: Include CVSS Score, CVE severity, Scoring method, and Vector
Vulnerability Description: A detailed description of the specific vulnerability
Vulnerability CWEs: A list of CWE (Common Weaknesses Enumerations) that fit this specific CVE
These 3 added fields greatly enhance the detail level and completeness of our CycloneDX SBOM reports.
Technician Dashboard
You can now download the technician dashboard to view charts of metrics related to application performance. This REST API call will download a zip file with the dashboards as HTML files. Any admin user can access the REST API.
REST API:GET api/v1/metrics/dashboard/download
Xray Reports
Added Repo Path to the generated Violation reports.
Operational Risk
Improved Operational Risk Policy by allowing the release age to be set in customized months instead of using a default range.
Supported Technologies
Xray now supports indexing raw disk images (.img) and SquashFS (.squashfs)
Resolved Issues
Jira | Description |
---|---|
XRAY-91233 | The Scan Build REST API failed when the build contained a project key. |
XRAY-90830 | Report requests were stuck due to backend events. |
XRAY-89975 | Contextual Analysis results were missing in reports for remote repositories. |
XRAY-88846 | The JFrog CLI, in some cases, resulted in a “500 Internal Server Error” when running the “sbom-enrich” command. |
XRAY-88805 | The file path was sometimes missing for Exposures violations. |
XRAY-88380 | When generating a report using the REST API input validation was missing for the provided name, resulting in the creation of a report with an invalid name. |
XRAY-87616 | Xray could not scan artifacts from build info if the build was published using REST API without including the same values for the |
XRAY-87395 | The Export Details REST API call failed when the filename was more than 255 bytes |
XRAY-86530 | Fixed incorrect component referencing in CycloneDX - it was using “bom-ref” field instead of “affects” field. |
XRAY-84772 | REST API Ignore Rules are not applied in Docker On-Demand Scans when the name contains a slash |