What is JXray and how does vulnerability information gathered?

JFrog Support
2017-02-06 14:07

X-Ray relies partially on JXRay – our vulnerabilities database, JXRay on its turn, collects information from international vulnerabilities databases by the use of crawlers that we develop.


Once a match has been chosen by a crawler, relevant data is retrieved and parsed in order for it to be added into the JXRay knowledge bay. With that said, and since the development of the crawlers is an ongoing task, some vulnerabilities may yet to be added. Our Dev-Team works on increasing the available coverage among other components. This will improve with every new release, as well as the number of new components’ vulnerabilities data.


Furthermore, the aforementioned crawlers are activated on a daily basis to look for new data, and X-Ray has a daily job which looks for updates from JXRay. On top of this – you may choose to use our built-in integration with WhiteSource (available since X-Ray 1.0) and on an upcoming release, we will support integration with Aqua (mainly focusing on Docker).


Regarding access to the vulnerabilities information stored in the Mongo database – this is not currently possible.

To check if you are up to date – you can visit X-Ray’s homepage. On top, you will see the timestamp for the last time a sync job ran to fetch new data from JXRay.