JFrog & NuGet

On-Prem - Self-managed. Install, manage, and maintain your hardware or host in the cloud yourself. Cloud - Software as a Service (SaaS). JFrog manages, maintains, and scales the guaranteed uptime.

Xray recursively peels away the different layers of your NuGet packages and their dependencies ensuring that every software artifact that is included in your software has been scanned for license issues and vulnerabilities.

When a vulnerability is detected, Xray shows you all the NuGet packages that contain the affected artifact so you can instantly understand the impact that any vulnerable layer has on all packages in your system.

As scaling complexity grows, the need for software composition analysis becomes more important. Xray allows you to drill down or zoom out within your entire dependency tree and identify the real impact of every violation found. This can help you reduce the time, cost, and risk of delivering changes by allowing for more incremental updates to applications in production. Xray's highly available active-active cluster architecture ensures continuous security and governance of your software packages. Scale your environment to as many nodes as you need and enhance Xray's performance by delegating all shared workload across available cluster nodes, through a load balancer. Seamlessly and instantly synchronize all data, configuration, cached objects, and scheduled job changes across all cluster nodes.

Even when packages uploaded to your NuGet repositories in Artifactory are given a clean bill of health, Xray continues to scan them to make sure they are not affected by any new vulnerabilities that are registered with Xray’s global vulnerability database.

Through Xray’s integration with common CI servers, you can stop affected builds from ever getting to your repositories. During the build process, Xray will notify your CI server if a vulnerable artifact is being included in your NuGet packages so the build can be halted before completion.