JFrog Press Room

Resource center for analyst and press inquiries,
company information, and community media.

JFrog Unveils New DevSecOps Contextual Analysis Capabilities

PRESS RELEASE, February 16, 2022

Latest Release of JFrog Xray Helps Customers Dynamically Assess the Relevance, Impact & Needed Remediation for Security Vulnerabilities, Speeding Time to Resolution

Sunnyvale, Calif., February 16, 2022JFrog Ltd. (“JFrog”) (NASDAQ: FROG), the Liquid Software company and creators of the JFrog DevOps Platform, today introduced advanced contextual analysis security capabilities in JFrog Xray, the company’s DevSecOps solution. A proof point of the integrated roadmap following its Vdoo acquisition, the new JFrog Xray features allow customers to more precisely determine the threat level and relevance of common vulnerability exposures (CVEs), leading to more rapid and accurately-prioritized remediation. Together with JFrog Artifactory, this Xray release provides a holistic, automated, scalable solution to find, replace, recover, and prioritize hazardous CVEs.

Rather than spending time and resources on researching or solving each new CVE based on the common vulnerability scoring system (CVSS), JFrog Xray’s contextual analysis capabilities take an intelligent approach to software scans at the binary level, painting a more complete picture of the applicability and danger of each vulnerability.  Knowing whether a particular CVE is relevant to your environment and easily exploitable will help already over-stretched DevSecOps teams quickly pinpoint and address their most critical security gaps. Because JFrog Xray is part of the JFrog Platform, once a vulnerability is identified, customers can securely build, distribute, and connect the required software updates from end-to-end.

“We are thrilled to offer customers an integrated platform approach for quickly determining each CVE’s applicability and risk, then deploying the appropriate remediation,” said Nati Davidi, SVP, JFrog Security. “With so many vulnerabilities these days, customers need solutions that help them focus on what actually needs protection. By providing binary-level detection of each vulnerability, Xray’s contextual analysis helps developers and security teams make more informed decisions about a particular vulnerability’s impact so they can confidently and quickly execute remediation plans, while reducing overhead.”

In a world where software vulnerabilities and attacks are increasing at unprecedented rates in terms of both volume and sophistication, industry research indicates the average time needed for businesses and agencies to fix security vulnerabilities grew from 197 days to 202 days over the first half of 2021[1]. Traditional software composition analysis (SCA) tools can often find hundreds of vulnerabilities in a single scan, giving development teams the arduous task of determining which vulnerabilities truly matter. Using advanced binary scans of container images, JFrog Xray’s contextual analysis delivers a more accurate picture of what vulnerabilities exist, if they are relevant, and/or easily exploitable – enabling developers and DevSecOps teams to prioritize efforts and resources for swift remediation.

Identification and assessment of relevant contextual factors such as the existence of a reachable path to the vulnerable code, or a configuration variable that affects the CVE applicability, typically require extensive manual analysis by security experts. This approach cannot meet the needs of modern businesses to secure at DevOps speed and scale.  As a recognized Certified Numbering Authority (CNA), JFrog’s Security Research team continuously monitors, identifies, and analyzes both existing and emerging CVEs to determine if they are likely to be exploited by real-world attackers. With JFrog Xray, customers benefit from this extensive research, which offers clarity on how the vulnerability can be exploited and clear guidance on remediation tactics, delivered through an automated, scalable platform.

Contextual analysis and the other new features in JFrog Xray will be rolled out progressively across the JFrog customer base starting in mid-February. This JFrog Xray update is supported across multiple languages and architectures, including JS, Java and Python based on JFrog’s universal product philosophy.  For additional information on contextual analysis and other new features in the latest version of JFrog Xray read this blog or visit the JFrog Xray solution page.  Interested parties can also register to learn more about the new contextual analysis, enhanced CVE data, Git Dependency Scanning, and SBOM capabilities in JFrog Xray during our “New Year, New Features in Xray” webinar.

Like this Story? Tweet this: .@jfrog unveils JFrog Xray contextual analysis capabilities, providing dynamic CVE assessment at the binary level to help speed time to resolution. #cybersecurity #DevSecOps #Xray

[1] https://securityintelligence.com/news/news-vulnerabilities-25-days-remediate/

About JFrog

JFrog Ltd. (NASDAQ: FROG), is on a mission to power all the world’s software updates, driven by a “Liquid Software” vision to allow the seamless, secure, fearless flow of binaries from developers to the edge. The JFrog DevOps Platform enables software creators to power their entire software supply chain throughout the full binary lifecycle, so they can build, secure, distribute, and connect any source with any production environment. JFrog’s hybrid, universal, multi-cloud DevOps platform is available as both self-hosted and SaaS services across major cloud service providers. Millions of users and thousands of customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely embrace digital transformation. Once you leap forward, you won’t go back! Learn more at https:/jfrog.com and follow us on Twitter: @JFrog.

Cautionary Note About Forward-Looking Statements

This press release contains “forward-looking” statements, as that term is defined under the U.S. federal securities laws, including but not limited to statements regarding expanded DevSecOps capabilities to quickly assess the relevance, impact and required remediation for security vulnerabilities, our ability to meet customer needs, and our ability to drive market standards. These forward-looking statements are based on our current assumptions, expectations and beliefs and are subject to substantial risks, uncertainties, assumptions and changes in circumstances that may cause JFrog’s actual results, performance or achievements to differ materially from those expressed or implied in any forward-looking statement.

There are a significant number of factors that could cause actual results, performance or achievements, to differ materially from statements made in this press release, including but not limited to risks detailed in our filings with the Securities and Exchange Commission, including in our annual report on Form 10-K for the year ended December 31, 2021, our quarterly reports on Form 10-Q, and other filings and reports that we may file from time to time with the Securities and Exchange Commission. Forward-looking statements represent our beliefs and assumptions only as of the date of this press release. We disclaim any obligation to update forward-looking statements.

Media Contact:

Siobhan Lyons, pr@jfrog.com

Investor Contact:

Joann Horne, joann@marketstreetpartners.com