Released: January 13, 2022
Note
The new UI features in this release are available with Artifactory version 7.31.x and above.
Highlights
Generate Software Bills of Materials (SBOM) Report
Xray now can generate an SBOM report in both SPDX and CycloneDX standard formats. This will help DevSecOps teams to identify the software components in use, their dependencies, and associated license risks if any. To learn more, see Xray SBOM Report.
Feature Enhancements
On-Demand Binary Scan Docker Support
Xray's On-Demand Binary Scan using the JFrog CLI now supports scanning Docker images. You can run an ad-hoc scan of a Docker image without uploading it to Artifactory first.
This feature requires JFrog CLI version 2.11.0.
On-Demand Binary Scans New UI
You can now view the On-Demand Binary scans that run using the JFrog CLI as part of the Xray UI in the JFrog Platform. This enables you to view and perform scan-related actions in Xray. For more information, see On-Demand Binary Scan.
Resolved Issues
JIRA | Description |
---|---|
XRAY-8611 | Fixed an issue, whereby Xray was unable to detect a package version when it contains the @ character as prefix and suffix. |
XRAY-8271 | Fixed an issue, whereby Docker images were missing security results after a force reindex was triggered on another image, that shared common layers. |
XRAY-8113 | Fixed an issue, whereby a custom license was wrongly listed under two different artifacts although it is only attached to one. |
XRAY-8108 | Fixed an issue, whereby Xray failed to scan a Docker image that contained a corrupted file. |
XRAY-9259 | Fixed an issue, whereby when scanning the same artifact at the same time in different paths, some of those artifacts were marked as not scanned. After upgrading to this Xray version, it is also possible to fix artifacts in this state by running the Scan Now REST API. |
XRAY-5078 | Fixed an issue whereby, in some cases, Xray did not display the correct number of licenses in the licenses tab. |
XRAY-8800 | Improved the log error message to provide more information when extracting an archive when the
|
XRAY-8918 | Improved the Scan Build V2 REST API by adding an option to retrieve all build's vulnerabilities by using a |