> Integration > PHP Xray

JFrog +

JFrog offers an end-to-end solution covering the full lifecycle of your PHP packages to manage development, vulnerability analysis, artifact flow control and distribution.

WHAT XRAY AND PHP INTEGRATION MEANS TO YOU

On-Prem or Cloud Versions

Deep Recursive Scanning Through All Layers of any artifacts

JFROG
ARTIFACTORY

Impact Analysis

Enterprise Ready

Fully Integrated with Your CI/CD Pipeline

Continuous Monitoring

On-Prem or Cloud Versions


On-Prem: Self-managed. You will be responsible to install, manage, and maintain on your hardware or host in the cloud yourself.

Cloud: Software as a Service (SaaS). JFrog manages, maintains and scales the guaranteed uptime. Xray Cloud uses Kubernetes technology. We support AWS, Azure and GCP platforms.

Deep Recursive Scanning Through All Layers of any artifacts

Xray recursively scans your PHP Composer packages in your registries, Zip files or Docker/Containers whether they are local or remote. Xray also checks for any dependencies in your PHP builds.

Impact Analysis

When a security vulnerability or license issue is detected in any PHP Composer package, Xray analyzes how it affects all other artifacts in your component graph and displays the impact chains in your organization, ensuring that your software services and applications are safe and compliant.

Enterprise Ready

As scaling complexity grows, the need for software composition analysis becomes more important. Xray allows you to drill down or zoom out within your entire components graph and identify the real impact of every violation found. This can help you reduce the cost, time, and risk of delivering changes by allowing for more incremental updates to applications in production. Xray's highly available active-active cluster architecture ensures continuous security and governance to your software packages. Scale your environment to as many nodes as you need and enhance Xray's performance by delegating all shared workload across available cluster nodes. Seamlessly and instantly synchronize all data, configuration, cached objects and scheduled job changes across all cluster nodes.

Fully Integrated with Your CI/CD Pipeline

Through Xray’s integration with common CI servers, you can stop vulnerable or non-compliant builds from ever getting promoted. During the build process, Xray will notify your CI server if a vulnerable or non-compliant artifact is being included in the build, so the build can be halted before completion.

Continuous Monitoring

Even when all your packages, artifacts and builds are given a clean bill of health, Xray continues to monitor them to make sure they are not affected with any new vulnerabilities, even when they have been deployed to production, using Xray’s Industry leading vulnerability database.

Release Fast Or Die