> Integration > SBT XRay

JFrog +

JFrog offers an end-to-end solution covering the full lifecycle of your SBT packages to manage development, vulnerability analysis, artifact flow control and distribution. Through the SBT Artifactory Plugin Artifactory also provides tight integration with the SBT build tool so you can resolve artifacts from and deploy builds to Artifactory.

WHAT XRAY AND SBT INTEGRATION MEANS TO YOU

On-Prem or Cloud Versions

Deep Recursive Scan Through All Layers of a SBT Package

JFROG
ARTIFACTORY

Impact Analysis

Continuous Analysis

Enterprise Ready

Fully Integrated with Your CI/CD Pipeline

Protection From Developer Fingertips to Production

On-Prem or Cloud Versions

On-Prem - Self-managed. Install, manage, and maintain on your hardware or host in the cloud yourself. Cloud - Software as a Service (SaaS). JFrog manages, maintains and scales the guaranteed uptime. Xray Cloud uses Kubernetes technology. At this time, only some of AWS (EKS) managed Kubernetes service regions are available. JFrog is working with AWS to enable the other regions as soon as possible. JFrog is also working with Azure (AKS) and Google Cloud Platform (GKE) to make Xray Cloud available on their manage Kubernetes service.

Deep Recursive Scan Through All Layers of a SBT Package

Xray recursively peels away the different layers of your SBT packages and their dependencies ensuring that every software artifact that is included in your software has been scanned for issues and vulnerabilities.

Impact Analysis

When a vulnerability is detected, Xray shows you all the SBT packages that contain the infected artifact so you can instantly understand the impact that any vulnerable layer has on all packages in your system.

Continuous Analysis

Even when packages uploaded to your SBT repositories in Artifactory are given a clean bill of health, Xray continues to scan them to make sure they are not infected with any new vulnerabilities that are registered with Xray’s global vulnerability database.

Enterprise Ready

As applications, teams, and deployment infrastructure grow in complexity, developing and releasing software becomes more complicated. Xray helps reduce the cost, time, and risk of delivering changes by allowing for more incremental updates to applications in production. It allows you to drill down or zoom out to identify the exact component Xray offers a highly available active-active cluster architecture, ensuring continuous security and governance to your software packages at an enterprise level. Achieve optimal performance and resilience by scaling your Xray environment with as many nodes as you need. All workload is delegated across available cluster nodes, through a load balancer, and shared between nodes. Xray seamlessly and instantly synchronizes all data, configuration, cached objects and scheduled job changes across all cluster nodes.

Fully Integrated with Your CI/CD Pipeline

Through Xray’s integration with common CI servers, you can stop infected builds from ever getting to your repositories. During the build process, Xray will notify your CI server if an infected artifact is being included in your SBT packages so the build can be halted before completion.

Protection From Developer Fingertips to Production

Using the JFrog IDEA Plugin, Xray scans SBT projects right in the developer's IDE providing information on SBT components and their dependencies. This allows the developer to make an informed decision on whether to use a component or not before it gets entrenched in the organization's product. Then, during CI/CD, Xray can stop builds that include infected components, and in production, Xray continuously scans production systems for any new issues and vulnerabilities that have been discovered. Effectively, Xray covers the full lifecycle of components in the software supply chain.

Release Fast Or Die