JFrog Xray
Reduce Your Security and Compliance Risk
THE CHALLENGE
Maintaining the pace of innovation, has driven up the use of open source software (OSS) by developers. In fact modern applications now consist of up to 90% open source components, exposing code bases to potential vulnerabilities and license compliance issues, hidden in OSS components.
THE SOLUTION
JFrog Xray is a universal software composition analysis (SCA) solution that natively integrates with Artifactory, giving developers and DevSecOps teams an easy way to proactively identify open source vulnerabilities and license compliance violations, before they manifest in production releases. Xray can scale as your business needs grow, with support for on-prem (self-hosted), cloud, multi-cloud and hybrid deployments.
BENEFITS
NATIVE ARTIFACTORY INTEGRATION
- The most deeply integrated Software Composition Analysis (SCA) solution for Artifactory
- Single pane of glass view of all artifact metadata including security and compliance status
UNIVERSAL SECURITY AND COMPLIANCE
- Supports all major package types and understands how to unpack them
- Deep recursive scanning sees into all the underlying layers & dependencies of components, even those packaged in Docker images, and zip files
LEADING VULNERABILITY INTELLIGENCE
- Gain confidence with the most timely and comprehensive vulnerability intelligence VulnDB
- Connect other metadata sources of vulnerabilities, license compliance & component versions
VISIBILITY AND IMPACT ANALYSIS
- Xray creates a component graph of your artifact and dependency structure while it scans
- Unprecedented visibility to determine the impact analysis of any issues discovered
SOFTWARE DEVELOPMENT LIFECYCLE READY
- Protect across your pipeline with integration into your IDE and build tools
- Easy automation into your tools ecosystem, with an extensive REST API and flexible CLI
- Effective continuous monitoring of artifacts post production
UNIVERSAL ARTIFACT ANALYSIS
A universal Software Composition Analysis solution that supports all major package types and integrations, knowing how to unpack each one and what every underlying layer contains. Each unpacked component is examined to uncover potential vulnerabilities and license compliance violations.
DID YOU KNOW ~30% OF DOCKER HUB IMAGES CARRY KNOWN VULNERABILITIES?
Not only that, these are known high severity vulnerabilities to be exact. If you’re using Docker containers to deploy your applications, then your code is potentially exposed to some serious exploits.
JFrog Xray has the unique capability to scan and recursively peel away all the different layers and their dependencies, ensuring that every software component included in your Docker image has been scanned for all known vulnerabilities and license compliance risks.
If you’re using Kubernetes and Artifactory as your Kubernetes registry, Xray’s native integration with Artifactory will enable you to identify any vulnerabilities so they don’t pollute your deployments.
“Xray allows us to be able to scan through all the different Docker layers and find out what binaries are actually being included in here; and that way we have a process in place that we can actually go and notify a team and help them understand that there are vulnerabilities in your build pack.”
Brad Becktell, DevOps Engineer, Kroger
