Sonatype expanded support for software development in Rust via the Cargo registry to the entire Sonatype product suite.
JFrog Xray Adds Software Security Vulnerability Dataset via VulnDB
January 24, 2019
JFrog is announcing that Xray, JFrog’s flagship security and compliance scanning solution, will now provide the most comprehensive, integrated security solution in the market through a partnership with Risk Based Security [RBS].
RBS is the provider of VulnDB, which contains the world’s broadest set of vulnerability intelligence. As a result of the partnership, all JFrog Xray customers will now be protected from more than 194,000 unique vulnerabilities, as they monitor their pipelines from code through production.
While most software security solutions utilize the vulnerabilities made public through online resources, such as the National Vulnerability Database (NVD), JFrog, by embedding VulnDB into Xray, will provide customers industry-leading vulnerability intelligence that includes over 64,000 vulnerabilities and data not found in the NVD. The intelligence from VulnDB, coupled with JFrog’s deep, universal understanding of software package types will provide the broadest-reaching protection of any security scanning product, spanning from developer code commits all the way through production software in a Kubernetes cluster.
“We are excited to include the world’s richest vulnerability intelligence database in Xray, and provide our users with the best tool in the DevSecOps market with Risk Based Security’s VulnDB,” said Shlomi Ben Haim, JFrog Co-Founder and CEO. “900% growth YoY and over 2,200 Xray installations tell us that JFrog Xray answers developers’ real security concerns by offering a deep, recursive scanning and impact analysis solution. JFrog offers developers the two fundamental pillars of DevOps: Speed and Security. Therefore, when it comes to our customers’ CI/CD pipelines, we are determined to build more than just a ‘security-alarm-system’ – we are committed to offering a first-class, universal, automated solution to support DevOps at scale.”
The full breadth, depth, and timeliness of vulnerability intelligence from the VulnDB database will be automatically added to Xray in stages starting immediately, with full integration between VulnDB and Xray expected in mid-2019. All updates will also be made available offline for JFrog customers who run datacenters without access to the internet.
“Identifying and mitigating vulnerabilities in a timely fashion is a critical component of managing risk in today’s enterprises,” said Barry Kouns, Co-Founder and CEO of Risk Based Security. “VulnDB is the only comprehensive vulnerability intelligence feed that is able to provide actionable insight as quickly as organizations need it to address vulnerabilities in their code. We are excited to partner with JFrog to seamlessly deliver this critical intelligence into the DevSecOps market through JFrog Xray.”
VulnDB is included in JFrog Xray at no additional charge, and users will be able to take full advantage of this new functionality starting with Xray’s next release. VulnDB intelligence is available in both on-premise and SaaS versions of JFrog Xray.
Industry News
March 31, 2025
CloudBolt Software announced its acquisition of StormForge, a provider of machine learning-powered Kubernetes resource optimization.
March 31, 2025
Mirantis announced the k0rdent Application Catalog – with 19 validated infrastructure and software integrations that empower platform engineers to accelerate the delivery of cloud-native and AI workloads wherever the\y need to be deployed.
March 31, 2025
Traefik Labs announced its Kubernetes-native API Management product suite is now available on the Oracle Cloud Marketplace.
March 27, 2025
webAI and MacStadium(link is external) announced a strategic partnership that will revolutionize the deployment of large-scale artificial intelligence models using Apple's cutting-edge silicon technology.
March 27, 2025
Development work on the Linux kernel — the core software that underpins the open source Linux operating system — has a new infrastructure partner in Akamai. The company's cloud computing service and content delivery network (CDN) will support kernel.org, the main distribution system for Linux kernel source code and the primary coordination vehicle for its global developer network.
March 27, 2025
Komodor announced a new approach to full-cycle drift management for Kubernetes, with new capabilities to automate the detection, investigation, and remediation of configuration drift—the gradual divergence of Kubernetes clusters from their intended state—helping organizations enforce consistency across large-scale, multi-cluster environments.
March 26, 2025
Red Hat announced the latest updates to Red Hat AI, its portfolio of products and services designed to help accelerate the development and deployment of AI solutions across the hybrid cloud.
March 26, 2025
CloudCasa by Catalogic announced the availability of the latest version of its CloudCasa software.
March 26, 2025
BrowserStack announced the launch of Private Devices, expanding its enterprise portfolio to address the specialized testing needs of organizations with stringent security requirements.
March 25, 2025
Chainguard announced Chainguard Libraries, a catalog of guarded language libraries for Java built securely from source on SLSA L2 infrastructure.
March 25, 2025
Cloudelligent attained Amazon Web Services (AWS) DevOps Competency status.
March 25, 2025
Platform9 formally launched the Platform9 Partner Program.
March 24, 2025
Cosmonic announced the launch of Cosmonic Control, a control plane for managing distributed applications across any cloud, any Kubernetes, any edge, or on premise and self-hosted deployment.
March 20, 2025
Oracle announced the general availability of Oracle Exadata Database Service on Exascale Infrastructure on Oracle Database@Azure(link sends e-mail).
