JFROG XRAY

Open Source Binary
Vulnerability Scanning
Start For Free Book a Demo
What is JFrog Xray

Software Composition Analysis for your
open source software dependencies

Continuously govern and audit all artifacts consumed and produced in your CI/CD pipeline
Built-in integration with Artifactory
icon
Native Integration
Continuous Scanning
Download Blocking
Ability to do build analysis;
customize build action based on results
Comprehensive Vulnerability Intelligence
VulnDB Intelligence
NVD Database
Other Sources
icon
Component Graph
icon
User Policies
icon
Vulnerability Intelligence
Ensure Trust in your Software release
Alert
Download Block
icon
Fail Build
icon
Triggered Email
icon
Web Hook
JFrog Pipelines is an automation solution for building, testing, and deploying software as part of your CI / CD pipeline. It provides end-to-end orchestration and optimization of all key processes of your DevOps pipeline.

The XRAY Difference

Native Artifactory Integration

The only Software Composition Analysis (SCA) solution that natively integrates with Artifactory for optimized scanning and unified operation. Provides a single pane of glass view into all the security and compliance information about your artifacts.

Universal Security & Compliance

Supports all major package types, understands how to unpack them, and uses recursive scanning to see into all of the underlying layers and dependencies, even those packaged in Docker images, and zip files.
icon

Visibility and Impact Analysis

Scans all your artifacts and dependencies, creating a component graph of your structure. This provides unprecedented visibility, enabling Xray to determine the impact of any vulnerability or issues discovered in your software.

Vulnerability & Compliance Intelligence

Gain confidence in your releases with the most timely and comprehensive vulnerability intelligence VulnDB, coupled with other metadata sources of vulnerabilities.

Software Development Lifecycle Ready

Protects across your pipeline, to ready artifacts for production. Enable automation in your ecosystem, with an extensive REST API, flexible CLI and out-of-the-box plugins for leading IDEs & CI Tools. Xray also provides continuous monitoring post production.

Business Agility and Scalability

Support for On-premise (self-managed), Cloud (SaaS - AWS, Azure or GCP), Multi-cloud or Hybrid deployments. Enterprise ready with High Availability support for better resiliency and performance.

SECURE FROM DEVELOPER TO DEVICE

We are delivering the future of holistic application security

See How

Cloud and Self-Hosted Subscriptions Available

Cloud – Software as a Service
JFrog manages, maintains and scales the infrastructure and provides automated server backups with free updates and guaranteed uptime.
Free Cloud
Self-Hosted
Install, manage and maintain on your hardware or host in the cloud yourself.
Free Trial

DEEP RECURSIVE
SCANNING

Visibility into all of the underlying layers and dependencies of components, even those packaged in Docker images, and zip files.

COMPLETE IMPACT
ANALYSIS

Understand which artifacts contain a violated component to effectively mitigate.

security at
speed

Xray helps you identify security and license violations as early as possible in the development lifecycle, including at build time and even when coding in your IDE.

THE JFROG PRODUCT SUITE

Offering a range of products to answer all your DevOps needs, from build to production.

UNIVERSAL ARTIFACT MANAGEMENT
Learn More >
FOR TRUSTED SOFTWARE RELEASES
Learn More >
END-TO-END PLATFORM AUTOMATION
Learn More >

BINARY VULNERABILITY SCANNING

Protect your code and prevent unwanted security and license compliance risks from entering your software releases. JFrog Xray is integrated into your software development pipeline.

Available in the cloud or self-hosted - see how it works.

Start For Free