Key Capabilities / Features

Exposed Secrets Detection: Uncover “secrets” such as passwords, access tokens and private keys that have been leaked or left exposed in any container stored in JFrog Artifactory to prevent the accidental leak of API keys, internal tokens, or credentials that can put enterprises at risk.

Container Contextual Analysis: This technology provides the ability to scan containers for the presence of malicious packages or use of vulnerable open-source code inside enterprise applications early in the development process. Container Contextual Analysis can also detail which open source vulnerabilities are actually exploitable in the context of a company’s own code, allowing developers to disregard or de-prioritize non-applicable incidents, which helps sharpen focus and remediation efforts.

Insecure use of Libraries and Services: Helps developers to quickly dentify whether common open-source software libraries and services are used or configured insecurely, leaving their enterprises susceptible to attack.

Vulnerable Infrastructure-as-Code (IaC): Customers can inspect IaC files stored in their JFrog Artifactory instance to ensure cloud infrastructure deployments are not misconfigured – making them exploitable.

Single Scalable Architecture: The JFrog Platform provides both a legend of artifacts within an organization, augmented by JFrog Advanced Security features for comprehensive control and safeguarding of an entire software portfolio across on prem, cloud, multi-cloud and hybrid deployments extending out to the edge at any scale.

Native Integration with Artifactory: JFrog Artifactory is the core of the JFrog Platform, functioning as a universal binary repository, allowing companies to securely control and manage update flows across the software supply chain at scale.

How we are different

JFrog is a pioneer in the field as the only provider that integrates end-to-end solutions in a single, unified platform. It is the first DevSecOps solution to create an intelligent bridge between developers, security, and operations teams, providing complete visibility and control of a company’s software supply chain.

A key aspect of JFrog Xray is its prioritization of binary scanning, management, and storage alongside source code. Binaries are what get attacked across the software supply chain, so scanning and appropriately managing and storing them are imperative for security throughout your SDLC. By enabling developers to continuously analyze their software from source code to binaries, JFrog ensures the safeguarding of modern, ever-evolving software artifacts and fortify against blind spots that may evade detection through source code analysis alone.

JFrog Xray is driven by a commitment to rigorous security research. With an industry-leading team of experts dedicated to discovering and remediating software vulnerabilities, JFrog ensures that its products are continuously updated with detailed insights into zero-days, CVEs, malicious packages, and other potential exposures. This insight includes contextual analysis of the exact circumstances of how and when a vulnerability can be exploited, and if those circumstances are present in your organization, to ensure maximum security with the least amount of disruption to workflow. This proactive approach to security research, coupled with the release of hundreds of publications annually, positions JFrog's research team as a leader in the industry, driving meaningful advancements and smart actions to enhance software supply chain security.