Released: December 2, 2025
Highlights
Catalog
JFrog Catalog now includes Public Labels, predefined labels created by the JFrog Security Research team to help classify and identify important package groups. Public labels are read-only, applied automatically by JFrog, and can be used for filtering and evaluation across the Catalog.
A new public label, MCP Servers, identifies packages originating from MCP (Model Context Protocol) servers, based on JFrog’s curated research.
Xray
The SBOM tab now supports the essential use case of viewing and updating OSS license information for components within the SBOM. You can open any component in the SBOM tree, review its detected licenses, and add, remove, or correct license entries directly from the UI. This enables accurate license attribution and improves compliance reporting for scanned artifacts. For more information, see How to view and modify licenses in the SBOM tab.
Feature Enhancement
Xray
Xray now supports scanning multi-architecture images. The results are presented as a unified scan summary for the entire image, along with individual scans for each contained architecture.
Full License Text Retrieval in Attribution and SBOM - Adds the full license text of generic licenses.
Resolved Issues
Jira | Description |
|---|---|
XRAY-129037 | Incorrect licensing in packages wasn’t fixed even with force-reindex. |