DEVOPSdigest

JFrog announced Xray 2.0, to provide DevOps engineers and developers with trust in their software releases.

Giving application development and release processes early visibility into potential problems, Xray enables organizations to trust their pipeline from development to deployment and production with confidence.

With the integration with JFrog Artifactory, Xray analyzes images and artifacts to ensure fast, reliable and secure software releases.

"Developers are incorporating an ever growing number of artifacts from external and internal sources into their CI/CD pipeline to release faster," says Dror Bereznitsky, VP of Product at JFrog. "While expediting delivery, this introduces risk of software being out of compliance or out of date. JFrog Xray multilayer analysis detects dependencies across all software packages to enable full impact analysis and secure releases."

JFrog Xray allows integration and automation with an organization's CI/CD pipeline. With multilayer analysis of containers and software artifacts for vulnerabilities, license compliance, and quality assurance, Xray provides radical transparency and deep impact analysis. Xray 2.0 continuously governs and audits all artifacts consumed and produced in the continuous delivery pipeline, offering a highly available security checkpoint that aligns with Artifactory HA solution and helps deploy artifacts to production with full resiliency. With high availability, DevOps teams can easily upgrade and perform maintenance activities with no disruption to their CI/CD pipeline.

JFrog Xray breaks down artifacts according to their specific packaging. Xray scans each package type, knows how to unpack it and what every underlying layer contains. Each unpacked component is examined individually to uncover potential vulnerabilities and policy violations, mapped out and merged into Xray's universal component graph that represents the entire organization's software structure. This allows developers to get maximum visibility into software dependencies and truly understand the impact of every issue found. Xray provides continuous protection by scanning components on a regular basis, even though they may have already been found clean and are now exposed to newly discovered vulnerabilities.