JFrog Xray Adds Software Security Vulnerability Dataset via VulnDB
January 24, 2019

JFrog is announcing that Xray, JFrog’s flagship security and compliance scanning solution, will now provide the most comprehensive, integrated security solution in the market through a partnership with Risk Based Security [RBS].

RBS is the provider of VulnDB, which contains the world’s broadest set of vulnerability intelligence. As a result of the partnership, all JFrog Xray customers will now be protected from more than 194,000 unique vulnerabilities, as they monitor their pipelines from code through production.

While most software security solutions utilize the vulnerabilities made public through online resources, such as the National Vulnerability Database (NVD), JFrog, by embedding VulnDB into Xray, will provide customers industry-leading vulnerability intelligence that includes over 64,000 vulnerabilities and data not found in the NVD. The intelligence from VulnDB, coupled with JFrog’s deep, universal understanding of software package types will provide the broadest-reaching protection of any security scanning product, spanning from developer code commits all the way through production software in a Kubernetes cluster.

“We are excited to include the world’s richest vulnerability intelligence database in Xray, and provide our users with the best tool in the DevSecOps market with Risk Based Security’s VulnDB,” said Shlomi Ben Haim, JFrog Co-Founder and CEO. “900% growth YoY and over 2,200 Xray installations tell us that JFrog Xray answers developers’ real security concerns by offering a deep, recursive scanning and impact analysis solution. JFrog offers developers the two fundamental pillars of DevOps: Speed and Security. Therefore, when it comes to our customers’ CI/CD pipelines, we are determined to build more than just a ‘security-alarm-system’ – we are committed to offering a first-class, universal, automated solution to support DevOps at scale.”

The full breadth, depth, and timeliness of vulnerability intelligence from the VulnDB database will be automatically added to Xray in stages starting immediately, with full integration between VulnDB and Xray expected in mid-2019. All updates will also be made available offline for JFrog customers who run datacenters without access to the internet.

“Identifying and mitigating vulnerabilities in a timely fashion is a critical component of managing risk in today’s enterprises,” said Barry Kouns, Co-Founder and CEO of Risk Based Security. “VulnDB is the only comprehensive vulnerability intelligence feed that is able to provide actionable insight as quickly as organizations need it to address vulnerabilities in their code. We are excited to partner with JFrog to seamlessly deliver this critical intelligence into the DevSecOps market through JFrog Xray.”

VulnDB is included in JFrog Xray at no additional charge, and users will be able to take full advantage of this new functionality starting with Xray’s next release. VulnDB intelligence is available in both on-premise and SaaS versions of JFrog Xray.

Share this

Industry News

January 23, 2020

StackRox announced that the latest version of the StackRox Kubernetes Security Platform includes support for Google Anthos, the open application platform that enables users to modernize, build and run applications across on-premise and multiple public cloud environments.

January 23, 2020

CloudVector launched API Shark, the free API discovery and observability tool.

January 23, 2020

Thundra announced $4 million in Series A funding led by global investment firm Battery Ventures.

January 22, 2020

CollabNet VersionOne and XebiaLabs have merged.

January 22, 2020

Keyfactor announced DevOps integrations with automation and containerization providers Ansible, Docker, HashiCorp, Jenkins and Kubernetes to offer security-first services and solutions designed to seamlessly integrate with existing enterprise tools and applications.

January 22, 2020

Sysdig raised $70 million in Series E funding.

January 21, 2020

Red Hat announced the general availability of Red Hat OpenShift Container Storage 4 to deliver an integrated, multicloud experience to Red Hat OpenShift Container Platform users.

January 21, 2020

Snyk has secured a $150 million investment, led by Stripes, a leading New York-based growth equity firm.

January 21, 2020

vChainannounced the close of a $7M Series A investment round.

January 16, 2020

VAST Data announced the general availability of its new Container Storage Interface (CSI).

January 16, 2020

Fugue has open sourced Regula, a tool that evaluates Terraform infrastructure-as-code for security misconfigurations and compliance violations prior to deployment.

January 16, 2020

WhiteHat Security will offer free application scanning services to federal, state and municipal agencies in North America.

January 15, 2020

Micro Focus announced the release of Micro Focus AD Bridge 2.0, offering IT administrators the ability to extend Active Directory (AD) controls from on-premises resources, including Windows and Linux devices to the cloud - a solution not previously offered in the marketplace.

January 15, 2020

SaltStack announced the availability of three new open-source innovation modules: Heist, Umbra, and Idem.

January 15, 2020

ShiftLeft announced a partnership and deep integration with CircleCI that enables organizations to insert security directly into developer pull requests from code repositories.