Released: January 8, 2024
Highlights
New Security Policy for Specific Packages
You can create a security Policy rule for specific packages and package versions. This allows you to issue violations and perform actions if the specified packages are detected by Xray. For more information, see Trigger Violations Using Xray Policy Rules.
Support VMDK and OVA Indexing
Added support for Xray scanning of ".vmdk" VMWare Disk Image files (incl. when inside ".ova" archives)
monolithicSparse
streamOptimized
The supported partition table formats are:
MBR
GPT
The supported filesystems are:
XFS
EXT4
OCI Repository Support
With the support of OCI repositories in Artifactory version 7.75.3, this Xray version supports scans of OCI and Docker images deployed to an OCI repository including SCA, Contextual Analysis, and Exposures scans as supported in a Docker repository.
Additional Technologies Support in Xray
Added support for scanning XZ compressed files that were not part of a TAR archive
Added support for scanning of ISO image files
Added support for scanning of CPIO (SVR4) archive files
Added support for listing dependencies from OpenSUSE package metadata files (ex. ".packages.initrd")
Feature Enhancements
Jira Integration Ticket Mapping Enhancement
You now can map tickets to relevant Profiles based on the violation impact path. For more information, see Xray Jira Integration.
Contextual Analysis in Reports
Contextual Analysis scan findings are now available in Xray's Vulnerabilities and Violations Reports.
License Coverage Enhancement
Xray's out-of-the-box license coverage expanded from 400 licenses to ~1800 licenses.
SBOM Report Enhancement
You now have the option to choose whether or not to include/exclude VEX data in CycloneDX format.
Curation
Introducing Curation's new capability; creating Curation custom conditions based on JFrog provided templates. Up until this version, Curation offered out-of-the box conditions that are provided as-is by JFrog and allowed detection of security, operation, and legal threats in 3rd party packages.
Now, these new JFrog templates allow you to define the condition's values and thresholds to be used for threat and violation detection. The first template provided in this version is the "Package is vulnerable to CVE {CVE-ID}" template, where you can define a specific CVE-ID which once is detected in a package it will be blocked by Curation.
Now you can configure your Artifactory Go remote repository to be protected by Curation.
When adding an Artifactory Go repository use either
https://proxy.golang.org/orhttps://gocenter.io/URLs and configure your Curation settings to add Curation malicious, security, operational or license policies.Adding Curation to an Artifactory remote repository that is pointing to a Maven Central mirror repository could now also be done if the Artifactory remote repository is using the repository URL:
https://repo.maven.apache.org/maven2/.
Resolved Issues
Jira | Description |
|---|---|
XRAY-27432 | Fixed an issue whereby, when working with Projects, Project roles with permissions to create an Ignore Rule on the Project level were unable to delete the Ignore Rule. |
XRAY-25826 | Fixed an issue whereby, in some cases, a deleted Ignore Rule was still displayed in the UI. |
XRAY-26557 | Fixed an issue whereby, when applying Index Now on a Docker repository resulted in the scanning of all artifacts including ones that have already been scanned. |
XRAY-20134 | Fixed an issue whereby, support of special characters in build version caused a 500 error when accessing the build version. |
XRAY-28231 | Improved the operation of JFrog Advanced Security when operating under the Kubernetes runAsNonRoot policy by enabling UID setting in the system.yaml configuration file. Use the following new parameter: executionService: uid: “1035” Default Value: 1035 |
XRAY-24962 | Fixed an issue whereby, applying an Ignore Rule for selected Watches was not working properly, as it did not apply on all the selected Watches. |
XRAY-24201 | Fixed an issue whereby, it was not possible to select a Watch in the Ignore Rule conditions for violations generated in an on-demand scan. |