Xray 3.65.2

Xray Release Information

Products
JFrog Xray
ft:sourceType
Paligo

Released: January 17, 2023

Highlights

Generate Violations by Specific Vulnerabilities

You can now create a security policy with the ability to generate violations for specific vulnerabilities (CVEs). For more information, see Creating Xray Policies and Rules. This feature is also supported through REST APIs, as described in POLICIES-v2 and POLICIES-v1.Creating Xray Policies and Rules

Feature Enhancements

Jira Integration Enhancements

The Xray Jira Integration feature has been enhanced to support creating Jira tickets manually for any violation from Xray's UI. The feature also includes the following enhancements:

  • An icon is displayed next to all of the security violations as an indication that there is a Jira ticket attached to it. 

  • You can now access Jira tickets easily from Xray's UI.Enhanced the Jira ticket structure to include the following:

    • Operational Risk

    • Licenses violations

    • Security (Regular Vulnerability)

    • Security (High profile Vulnerability)

Resolved Issues

Jira

Description

XRAY-14210

Fixed an issue whereby, the Xray ID was not displayed in the violation details (right pane) on the Scans List page.

XRAY-12622

XRAY-12538

Fixed an issue whereby, navigating to components containing '/' in their name from the Xray Data tab pages, could lead to a 404 error.

XRAY-10749

Jira integration now supports creating Jira tickets for generic packages.

XRAY-11989

Fixed an issue whereby, on the Scans List page, in the Builds tab, when entering a build that doesn't exist in Artifactory, a 500 error was issued. Builds that were deleted from Artifactory will now be omitted from the Scan lists Builds tab. Builds that were deleted and weren't omitted will not result in this error.