JFrog & PHP
JFrog offers an end-to-end solution covering the full lifecycle of your PHP packages to manage development, vulnerability analysis, artifact flow control and distribution.
PHP and Xray
On-Prem or Cloud Versions
Deep Recursive Scanning Through All Layers of any artifacts
JFROG
ARTIFACTORY
Impact Analysis
Enterprise Ready
Fully Integrated with Your CI/CD Pipeline
Continuous Monitoring
On-Prem or Cloud Versions
On-Prem: Self-managed. You will be responsible to install, manage, and maintain on your hardware or host in the cloud yourself.
Cloud: Software as a Service (SaaS). JFrog manages, maintains and scales the guaranteed uptime. Xray Cloud uses Kubernetes technology. We support AWS, Azure and GCP platforms.
Deep Recursive Scanning Through All Layers of any artifacts
Xray recursively scans your PHP Composer packages in your registries, Zip files or Docker/Containers whether they are local or remote. Xray also checks for any dependencies in your PHP builds.
Impact Analysis
When a security vulnerability or license issue is detected in any PHP Composer package, Xray analyzes how it affects all other artifacts in your component graph and displays the impact chains in your organization, ensuring that your software services and applications are safe and compliant.
Enterprise Ready
As scaling complexity grows, the need for software composition analysis becomes more important. Xray allows you to drill down or zoom out within your entire components graph and identify the real impact of every violation found. This can help you reduce the cost, time, and risk of delivering changes by allowing for more incremental updates to applications in production.
Xray's highly available active-active cluster architecture ensures continuous security and governance to your software packages. Scale your environment to as many nodes as you need and enhance Xray's performance by delegating all shared workload across available cluster nodes. Seamlessly and instantly synchronize all data, configuration, cached objects and scheduled job changes across all cluster nodes.
Fully Integrated with Your CI/CD Pipeline
Through Xray’s integration with common CI servers, you can stop vulnerable or non-compliant builds from ever getting promoted. During the build process, Xray will notify your CI server if a vulnerable or non-compliant artifact is being included in the build, so the build can be halted before completion.
Continuous Monitoring
Even when all your packages, artifacts and builds are given a clean bill of health, Xray continues to monitor them to make sure they are not affected with any new vulnerabilities, even when they have been deployed to production, using Xray’s Industry leading vulnerability database.
