Xray 3.82.6

Xray Release Information
Products
JFrog Xray
Content Type
Release Notes

Released: September 10, 2023

Highlights

JFrog Catalog

For Enterprise X and Enterprise + subscriptions with Software Package Curation.

Explore OSS packages and discover their versions, vulnerabilities, license data, operational risk, and if they have any dependencies. For more information, see JFrog CatalogJFrog Catalog

Xray support for Release Bundle V2

Xray now supports scanning Release Bundle V2. You can now create security policy actions on Release Bundle V2. For more information, see Scan Release Bundle v2 Versions with XrayScan Release Bundle v2 Versions with Xray

Release Bundle V2 is supported in Artifactory versions 7.68.X and above.

Improved User Experience

Improved the user experience to provide you with the following:

  • New experience for DevOps persona in Artifactory screens

  • Artifact/Build/Release Bundle version: Overview dashboards that aggregate vulnerabilities, violations and security data in one screen

  • Build trend: Overview widgets that help you understand the trend of violations, vulnerabilities and Malicious Packages between the different build versions.

  • Easy way to filter vulnerabilities from the overview widgets

Curation

Note

JFrog Curation requires Xray version 3.82.6.

  • Introduced a new Curation API to extract the Curation package download approve/block audit events.

  • Support Docker Hub as a new public repository that can be curated using Curation.        

    Supported conditions for Docker Hub images:

    • Image is not a Docker Hub Official Image: Block download of images from Docker Hub that do not have the Docker Hub official image badge.

    • Is Malicious: Block download of images from Docker Hub incase they are identified by JFrog as malicious.

  • Introduced new widgets that provide the following:

    • Detail the coverage of Curation by risk categories (malicious, security, legal, operational) on all the remote repositories that can be curated.

    • Detail the last events of malicious package downloads blocked

    • Trends of package downloads blocked by risk category (security, legal, operational)

  • Introduced new Policy conditions:

    • Package with High risk CVE (CVSS range 7-8.9)

    • Package with Medium risk CVE (CVSS range 4-6.9)

Resolved Issues

Jira

Description

XRAY-19883

Fixed some issues relating to violation search in the Watch Violations tab.

XRAY-17506

Fixed an issue whereby when trying to view an SBOM for an artifact, in some cases, resulted in an error "failed to get next records batch" and "query limits reached”.

XRAY-22699

Fixed an issue whereby in some cases the option to set an Ignore rule expiration date wasn't presented in the UI.

XRAY-22983

Fixed an issue whereby the progress of an advanced scan is not updated if one or more artifacts fail the scan.

XRAY-22314

Fixed an issue whereby Xray failed to index a docker artifact due to a runtime error.

XRAY-23221

Fixed an issue whereby, when there were more than 40 Watches, the Xray Watches list only displayed the first 40.