Xray 3.40.3

Xray Release Information

JFrog Xray

Released: January 13, 2022


The new UI features in this release are available with Artifactory version 7.31.x and above.

Generate Software Bills of Materials (SBOM) Report

Xray now can generate an SBOM report in both SPDX and CycloneDX standard formats. This will help DevSecOps teams to identify the software components in use, their dependencies, and associated license risks if any. To learn more, see Xray SBOM Report.Xray SBOM Report

Feature Enhancements
On-Demand Binary Scan Docker Support

Xray's On-Demand Binary Scan using the JFrog CLI now supports scanning Docker images. You can run an ad-hoc scan of a Docker image without uploading it to Artifactory first.

This feature requires JFrog CLI version 2.11.0.

On-Demand Binary Scans New UI

You can now view the On-Demand Binary scans that run using the JFrog CLI as part of the Xray UI in the JFrog Platform. This enables you to view and perform scan-related actions in Xray. For more information, see On-Demand Binary Scan.

Resolved Issues




Fixed an issue, whereby Xray was unable to detect a package version when it contains the @ character as prefix and suffix.


Fixed an issue, whereby Docker images were missing security results after a force reindex was triggered on another image, that shared common layers.


Fixed an issue, whereby a custom license was wrongly listed under two different artifacts although it is only attached to one.


Fixed an issue, whereby Xray failed to scan a Docker image that contained a corrupted file.


Fixed an issue, whereby when scanning the same artifact at the same time in different paths, some of those artifacts were marked as not scanned.

After upgrading to this Xray version, it is also possible to fix artifacts in this state by running the Scan Now REST API.Scan Now


Fixed an issue whereby, in some cases, Xray did not display the correct number of licenses in the licenses tab.


Improved the log error message to provide more information when extracting an archive when the total bytes limit reached error message is issued. The following values have been added:

  • The ratio limit

  • The size limit

  • The total size calculated


Improved the Scan Build V2 REST API by adding an option to retrieve all build's vulnerabilities by using a new include_vulnerabilities query param.Scan Build V2