JFrog Security Product Xray To Join Artifactory Family
JFrog has announced a security product that walks the edge between DevOps and SecurityOps, adding a complementary feature set to its growing suite of resources for developers. JFrog Xray gives teams a view into the big picture of their software component security, including container images, software packages and binary artifacts.
JFrog Xray fits in well within the JFrog family of products. JFrog's Artifactory is the foundation and serves as the repository for development artifacts. Bintray manages delivery as the distribution platform, and Mission Control serves as a management platform for Artifactory repositories.
Where Xray contributes to the ecosystem is by scanning and reporting on vulnerabilities present in all areas of the repositories. By scanning and accessing metadata indexed by Artifactory, Xray is able to not only detect vulnerabilities but analyze the impact of those vulnerabilities by seeing the connections between the artifacts.
JFrog Xray extends the capabilities of DevOps and security teams by providing an extensive Application Programming Interface (API) for automating the management, operations and reporting and integrating into a continuous delivery pipeline.
"JFrog Xray responds to a profound pain of our users and the entire software development community for an infinitely expandable way to know everything about every component they’ve ever used in a software project - from build to production to distribution," said Shlomi Ben Haim, CEO of JFrog. "While container technology revolutionized the market and the way people distribute software packages, it is still a ‘black hole’ that always contains other packages and dependencies. The Ops world has a real need to have full visibility into these containers plus an automated way to point out changes that will impact their production environment. With JFrog Xray, you can not only scan your container images but also to track all dependencies in order to avoid vulnerabilities and optimise your CI/CD flow."
JFrog Xray will be demonstrated at swampUP, the annual JFrog conference taking place this week in Napa, California. The product will be generally available on June 30, 2016.