JFrog XRay is a container scanning component that runs alongside the JFrog Artifactory platform. When containers are submitted to the Artifactory, XRay will examine their composition and provenance and raise any issues that it finds. This is done via static analysis and not at runtime.
|Security Stage||SCA (Source Composition Analysis)|
|Type||Proprietary (Cloud and On-premises available)|
|1||You'll need an account with an existing JFrog system, either a cloud account, or on-premise|
|2||Details of a container image that has been added to JFrog Artifactory|
How do I set it up?
Adding JFrog XRay to your set of security tests is simple. You will add this testing tool to a version (security stage) that is set up to run static code analysis tests.
Our JFrog XRay tool will pull its configuration from the Container information stored against the Application Version you are looking to test. To get it up and running, complete the following process:
Now any time you click 'Test Now' for that application version, or make a request over the Uleska API or CLI for that version, the JFrog XRay tool will query the XRay platform, and pull back any issues discovered. These issues will be processed as normal (de-duped and any false positives removed) and will be added to your vulnerabilities list.