JFrog Xray Adds Advanced Contextual Analysis Security Capabilities
February 16, 2022

JFrog introduced advanced contextual analysis security capabilities in JFrog Xray, the company’s DevSecOps solution.

A proof point of the integrated roadmap following its Vdoo acquisition, the new JFrog Xray features allow customers to more precisely determine the threat level and relevance of common vulnerability exposures (CVEs), leading to more rapid and accurately-prioritized remediation. Together with JFrog Artifactory, this Xray release provides a holistic, automated, scalable solution to find, replace, recover, and prioritize hazardous CVEs.

Rather than spending time and resources on researching or solving each new CVE based on the common vulnerability scoring system (CVSS), JFrog Xray’s contextual analysis capabilities take an intelligent approach to software scans at the binary level, painting a more complete picture of the applicability and danger of each vulnerability. Knowing whether a particular CVE is relevant to your environment and easily exploitable will help already over-stretched DevSecOps teams quickly pinpoint and address their most critical security gaps. Because JFrog Xray is part of the JFrog Platform, once a vulnerability is identified, customers can securely build, distribute, and connect the required software updates from end-to-end.

“... With so many vulnerabilities these days, customers need solutions that help them focus on what actually needs protection. By providing binary-level detection of each vulnerability, Xray’s contextual analysis helps developers and security teams make more informed decisions about a particular vulnerability’s impact so they can confidently and quickly execute remediation plans, while reducing overhead.” said Nati Davidi, SVP, JFrog Security.

In a world where software vulnerabilities and attacks are increasing at unprecedented rates in terms of both volume and sophistication, industry research indicates the average time needed for businesses and agencies to fix security vulnerabilities grew from 197 days to 202 days over the first half of 2021 . Traditional software composition analysis (SCA) tools can often find hundreds of vulnerabilities in a single scan, giving development teams the arduous task of determining which vulnerabilities truly matter. Using advanced binary scans of container images, JFrog Xray’s contextual analysis delivers a more accurate picture of what vulnerabilities exist, if they are relevant, and/or easily exploitable – enabling developers and DevSecOps teams to prioritize efforts and resources for swift remediation.

Identification and assessment of relevant contextual factors such as the existence of a reachable path to the vulnerable code, or a configuration variable that affects the CVE applicability, typically require extensive manual analysis by security experts. This approach cannot meet the needs of modern businesses to secure at DevOps speed and scale. As a recognized Certified Numbering Authority (CNA), JFrog’s Security Research team continuously monitors, identifies, and analyzes both existing and emerging CVEs to determine if they are likely to be exploited by real-world attackers. With JFrog Xray, customers benefit from this extensive research, which offers clarity on how the vulnerability can be exploited and clear guidance on remediation tactics, delivered through an automated, scalable platform.

Contextual analysis and the other new features in JFrog Xray will be rolled out progressively across the JFrog customer base starting in mid-February. This JFrog Xray update is supported across multiple languages and architectures, including JS, Java and Python based on JFrog’s universal product philosophy.

Share this

Industry News

May 12, 2025

LambdaTest, a unified agentic AI and cloud engineering platform, has announced its partnership with MacStadium(link is external), the industry-leading private Mac cloud provider enabling enterprise macOS workloads, to accelerate its AI-native software testing by leveraging Apple Silicon.

May 12, 2025

Tricentis announced a new capability that injects Tricentis’ AI-driven testing intelligence into SAP’s integrated toolchain, part of RISE with SAP methodology.

May 12, 2025

Zencoder announced the launch of Zen Agents, delivering two innovations that transform AI-assisted development: a platform enabling teams to create and share custom agents organization-wide, and an open-source marketplace for community-contributed agents.

May 08, 2025

AWS announced the preview of the Amazon Q Developer integration in GitHub.

May 08, 2025

The OpenSearch Software Foundation, the vendor-neutral home for the OpenSearch Project, announced the general availability of OpenSearch 3.0.

May 08, 2025

Jozu raised $4 million in seed funding.

May 07, 2025

Wix.com announced the launch of the Wix Model Context Protocol (MCP) Server.

May 07, 2025

Pulumi announced Pulumi IDP, a new internal developer platform that accelerates cloud infrastructure delivery for organizations at any scale.

May 07, 2025

Qt Group announced plans for significant expansion of the Qt platform and ecosystem.

May 07, 2025

Testsigma introduced autonomous testing capabilities to its automation suite — powered by AI coworkers that collaborate with QA teams to simplify testing, speed up releases, and elevate software quality.

May 06, 2025

Google is rolling out an updated Gemini 2.5 Pro model with significantly enhanced coding capabilities.

May 06, 2025

BrowserStack announced the acquisition of Requestly, the open-source HTTP interception and API mocking tool that eliminates critical bottlenecks in modern web development.

May 06, 2025

Jitterbit announced the evolution of its unified AI-infused low-code Harmony platform to deliver accountable, layered AI technology — including enterprise-ready AI agents — across its entire product portfolio.

May 05, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, and Synadia announced that the NATS project will continue to thrive in the cloud native open source ecosystem of the CNCF with Synadia’s continued support and involvement.

May 05, 2025

RapDev announced the launch of Arlo, an AI Agent for ServiceNow designed to transform how enterprises manage operational workflows, risk, and service delivery.