JFrog Security (Xray)

JFrog Security Essentials / Xray SCA can be used to discover and eliminate unwanted or unexpected packages, using JFrog’s database of identified malicious packages. The database is sourced with thousands of packages identified by our research team in common repositories alongside continuously-aggregated malicious package information from global sources. The solution is presented as a DevOps-centric SCA solution for identifying and resolving security vulnerabilities and license compliance issues in open source dependencies.

The solution can be used to continuously analyze software in its production context with end-to-end scanning from source code to binaries to help safeguard modern, always-evolving software artifacts. Binaries are what get attacked across the software supply chain, so scanning binaries and images (“binaries of binaries”) ensures it exposes and fortifies against blind spots not discovered by source code analysis alone.

Features available are determined by service tier:

Security Essentials (Xray)

• Open Source Vulnerability Scanning
• Container Scanning
• ML Model Scanning
• SBOM Build and Exports
• Premium Vulnerability Database
• Open Source License Compliance

Advanced Security

• Contextual Security Analysis
• Leaked Secrets Detection
• Code Security Scanning (SAST)
• IaC Security
• Insecure Configuration Protection
• Includes Base Package of Contributing Developers