Released: September 4, 2025
Feature Enhancements
Catalog
Introduced License Correction Request, you can open a request in the Catalog UI for packages with unknown or misidentified licenses. The JFrog team reviews and updates the license based on their findings.
Source Code
You can now integrate Frogbot with your GitHub repositories using the JFrog GitHub App. This integration simplifies setup by automatically configuring Frogbot with GitHub Actions, adding the required secrets, and opening a workflow pull request in each selected repository. Once enabled, Frogbot continuously scans commits and pull requests for security issues, adds comments with findings, and can even open fix pull requests for vulnerable dependencies. This integration is supported for repositories under GitHub Organizations.
Resolved Issues
Jira | Description |
|---|---|
XRAY-120511 | Re-scanning an artifact in one remote repository incorrectly triggered a scan on a different remote repository. |
XRAY-119885 | Xray's policy rule evaluation did not stop after the first rule match. |
XRAY-122389 | The Xray Create Policy REST API allowed creating rules with incompatible criteria |
XRAY-124246 | Fixed an issue where exposure violations were incorrectly ignored when creating an “Ignore CVE” rule scoped to all components and artifacts. |