Released: Aug 17, 2022
Highlights
Scans List REST API Support
Introduced REST APIs for the Scans List feature. For more information, see Scanning REST APIs.
Feature Enhancements
Ignore Rules Improvement
When an ignore rule expires or is deleted, in some cases, it requires a manual rescan for the violations to reappear. Xray will now automatically rescan for violations if the number of artifacts impacted by the ignore rule is less than 50. The number is limited to avoid any performance impact. A full rescan may still be required for expired ignore rules that impact a large number of artifacts.
Improved Impact Analysis Performance
Introduced the following performance improvements:
When a new vulnerability is published or when its data is updated, the impact on your artifacts is analyzed and the results are updated. This may cause performance issues when there are many artifacts and components. To avoid performance issues the impacts analysis process is now only applied on High Profile CVEs (JFrog Security CVE Research and Enrichment) and will no longer be applied on all CVEs.
When the license for a package is updated in Xray's DB, the new information is reflected only on scanned artifacts (or rescanned) after the DB is updated.
Resolved Issues
JIRA | Description |
|---|---|
XRAY-11799 | Fixed an issue whereby, Xray failed to parse the license info of an NPM package due to the use of deprecated license information format in the package.json. |
XRAY-12041 | Fixed an issue whereby, the Artifact-based condition is missing from the Ignore Rule popup in the UI. |
XRAY-12024 | Fixed an issue whereby, the violations and vulnerabilities of builds were not displayed in the Scans List build tab. |
XRAY-6992 | Fixed an issue whereby, artifacts/packages screen aggregated user issues incorrectly. |
Resolved Vulnerabilities
This release contains Fixed Security Vulnerabilities.