Check Point® Software Technologies Ltd.(link is external) announced major advancements to its family of Quantum Force Security Gateways(link is external).
JFrog introduced advanced contextual analysis security capabilities in JFrog Xray, the company’s DevSecOps solution.
A proof point of the integrated roadmap following its Vdoo acquisition, the new JFrog Xray features allow customers to more precisely determine the threat level and relevance of common vulnerability exposures (CVEs), leading to more rapid and accurately-prioritized remediation. Together with JFrog Artifactory, this Xray release provides a holistic, automated, scalable solution to find, replace, recover, and prioritize hazardous CVEs.
Rather than spending time and resources on researching or solving each new CVE based on the common vulnerability scoring system (CVSS), JFrog Xray’s contextual analysis capabilities take an intelligent approach to software scans at the binary level, painting a more complete picture of the applicability and danger of each vulnerability. Knowing whether a particular CVE is relevant to your environment and easily exploitable will help already over-stretched DevSecOps teams quickly pinpoint and address their most critical security gaps. Because JFrog Xray is part of the JFrog Platform, once a vulnerability is identified, customers can securely build, distribute, and connect the required software updates from end-to-end.
“... With so many vulnerabilities these days, customers need solutions that help them focus on what actually needs protection. By providing binary-level detection of each vulnerability, Xray’s contextual analysis helps developers and security teams make more informed decisions about a particular vulnerability’s impact so they can confidently and quickly execute remediation plans, while reducing overhead.” said Nati Davidi, SVP, JFrog Security.
In a world where software vulnerabilities and attacks are increasing at unprecedented rates in terms of both volume and sophistication, industry research indicates the average time needed for businesses and agencies to fix security vulnerabilities grew from 197 days to 202 days over the first half of 2021 . Traditional software composition analysis (SCA) tools can often find hundreds of vulnerabilities in a single scan, giving development teams the arduous task of determining which vulnerabilities truly matter. Using advanced binary scans of container images, JFrog Xray’s contextual analysis delivers a more accurate picture of what vulnerabilities exist, if they are relevant, and/or easily exploitable – enabling developers and DevSecOps teams to prioritize efforts and resources for swift remediation.
Identification and assessment of relevant contextual factors such as the existence of a reachable path to the vulnerable code, or a configuration variable that affects the CVE applicability, typically require extensive manual analysis by security experts. This approach cannot meet the needs of modern businesses to secure at DevOps speed and scale. As a recognized Certified Numbering Authority (CNA), JFrog’s Security Research team continuously monitors, identifies, and analyzes both existing and emerging CVEs to determine if they are likely to be exploited by real-world attackers. With JFrog Xray, customers benefit from this extensive research, which offers clarity on how the vulnerability can be exploited and clear guidance on remediation tactics, delivered through an automated, scalable platform.
Contextual analysis and the other new features in JFrog Xray will be rolled out progressively across the JFrog customer base starting in mid-February. This JFrog Xray update is supported across multiple languages and architectures, including JS, Java and Python based on JFrog’s universal product philosophy.
Industry News
Sauce Labs announced the general availability of iOS 18 testing on its Virtual Device Cloud (VDC).
Infragistics announced the launch of Infragistics Ultimate 25.1, the company's flagship UX and UI product.
CIQ announced the creation of its Open Source Program Office (OSPO).
Check Point® Software Technologies Ltd.(link is external) announced the launch of its next generation Quantum(link is external) Smart-1 Management Appliances, delivering 2X increase in managed gateways and up to 70% higher log rate, with AI-powered security tools designed to meet the demands of hybrid enterprises.
Salesforce and Informatica have entered into an agreement for Salesforce to acquire Informatica.
Red Hat and Google Cloud announced an expanded collaboration to advance AI for enterprise applications by uniting Red Hat’s open source technologies with Google Cloud’s purpose-built infrastructure and Google’s family of open models, Gemma.
Mirantis announced Mirantis k0rdent Enterprise and Mirantis k0rdent Virtualization, unifying infrastructure for AI, containerized, and VM-based workloads through a Kubernetes-native model, streamlining operations for high-performance AI pipelines, modern microservices, and legacy applications alike.
Snyk launched the Snyk AI Trust Platform, an AI-native agentic platform specifically built to secure and govern software development in the AI Era.
Bit Cloud announced the general availability of Hope AI, its new AI-powered development agent that enables professional developers and organizations to build, share, deploy, and maintain complex applications using natural language prompts, specifications and design files.
AI-fueled attacks and hyperconnected IT environments have made threat exposure one of the most urgent cybersecurity challenges facing enterprises today. In response, Check Point® Software Technologies Ltd.(link is external) announced a definitive agreement to acquire Veriti Cybersecurity, the first fully automated, multi-vendor pre-emptive threat exposure and mitigation platform.
LambdaTest announced the launch of its Automation MCP Server, a solution designed to simplify and accelerate the process of triaging test failures.
DefectDojo announced the launch of their next-gen Security Operations Center (SOC) capabilities for DefectDojo Pro, which provides both SOC and AppSec professionals a unified platform for noise reduction and prioritization of SOC alerts and AppSec findings.
Check Point® Software Technologies Ltd.(link is external) has been recognized on Newsweek’s 2025 list of America’s Best Cybersecurity Companies(link is external).
Red Hat announced enhanced features to manage Red Hat Enterprise Linux.