JFrog Xray provides organizations a new standard of Radical Transparency and Deep Impact Analysis
NAPA, Calif. – May 23, 2016 – JFrog today introduced its 4th and newest product, JFrog Xray, which gives organizations unprecedented visibility into the contents of software components. The announcement – made at swampUP, JFrog’s annual user conference – represents a major advancement in improving development, DevOps and InfoSec teams’ effectiveness and accelerating the continuous delivery pipeline.
JFrog Xray is the first universal impact analysis product, giving organizations an unparalleled level of understanding about all of their container images, software packages and binary artifacts, even with the huge volume and variety of components that development teams share in the software build and distribution process.
JFrog Xray is the only product on the market that provides radical transparency into every component an organization has ever used. It includes:
- Impact analysis that indicates how production and CI environments are impacted
- A full dependencies graph on which users can easily zoom in to find vulnerability or compliance issues
- An open API that enables integration with all current and future types of component-scanning technology to allow custom scanning capabilities for performance, quality, popularity or any other criteria required
- A universal solution that integrates with vulnerability and license compliance databases such as VersionEye, BlackDuck and WhiteSource
- A powerful integration with user’s registry and repository to allow full sync through all the CI/CD flow.
Through tight integration with JFrog Artifactory and access to the exhaustive metadata that Artifactory indexes, JFrog Xray is in a unique position to analyze the relationships between binary artifacts across an entire organization and analyze the impact that one component has on any other. In addition to security vulnerabilities, JFrog Xray can also analyze the potential impact of performance issues or architectural changes.
“JFrog Xray responds to a profound pain of our users and the entire software development community for an infinitely expandable way to know everything about every component they’ve ever used in a software project – from build to production to distribution,” said Shlomi Ben Haim, CEO of JFrog. “While container technology revolutionized the market and the way people distribute software packages, it is still a ‘black hole’ that always contains other packages and dependencies. The Ops world has a real need to have full visibility into these containers plus an automated way to point out changes that will impact their production environment. With JFrog Xray, you can not only scan your container images but also to track all dependencies in order to avoid vulnerabilities and optimise your CI/CD flow.”
JFrog Xray is a fully automated platform with a powerful REST API allowing integration and automation with an organization’s continuous integration and continuous delivery pipeline, and enabling other inspection and security tools to fit into the full build-to-production automated flow.
JFrog Xray includes the VersionEye technology and database. VersionEye, a startup company based in Mannheim, Germany, improves developer productivity through a system that tracks open-source libraries and alerts developers in real time to key information such as security vulnerabilities, license violations and outdated dependencies.
“VersionEye technology monitors over a million open source projects on a daily basis,” said Robert Reiz, CEO and co-founder of VersionEye. “Integrating the VersionEye technology with the JFrog platform creates an unparalleled capability for deep understanding of the quality and provenance of the software components organizations depend on. JFrog has leveraged its Universal approach, supporting all type of components, into a leadership position with its artifact repository and addresses a real community pain with JFrog Xray. We are excited to be part of the solution.”
The technology solves a critical problem for companies as they increasingly use container technology and make open source a mainstay of their development strategies. With so many open source components available, it has become extremely difficult, if not impossible, for application builders to know pertinent information about each one and avert security issues, such as the Heartbleed bug in the popular OpenSSL cryptographic software library that put user passwords at many popular websites at risk.
JFrog Xray will be demonstrated at swampUP, taking place May 23-24 in Napa, Calif. The product will be generally available on June 30, 2016.
- Company: https://www.jfrog.com
- Open Positions: https://www.jfrog.com/about/open-positions
- JFrog Artifactory: https://www.jfrog.com/artifactory
- JFrog Bintray: https://www.jfrog.com/bintray
- JFrog Mission Control: https://www.jfrog.com/mission-control
- JFrog Xray: https://www.jfrog.com/xray
- Customer testimonials: https://www.jfrog.com/customers
- Twitter: https://twitter.com/jfrog
- LinkedIn: https://www.linkedin.com/company/jfrog-ltd
- Try JFrog Artifactory for free
More than 2,000 paying customers, 60,000 installations and millions of developers and DevOps engineers globally rely on JFrog’s world-class infrastructure for software management and distribution. Customers include some of the world’s top brands, such as Amazon, Google, LinkedIn, MasterCard, Netflix, Tesla, Barclays, Cisco, Oracle, Adobe, Intel and VMware. JFrog tools – comprising open-source, on-premise and SaaS cloud solutions – are revolutionizing the way companies and individuals develop, release and distribute software. JFrog Artifactory, the Universal Artifact Repository, and JFrog Bintray, the Universal Distribution Hub platform, are used by millions of developers and DevOps engineers around the world. The company is privately held and operated from California, France and Israel. More information can be found at www.jfrog.com.
Kulesa Faul for JFrog