JFrog Xray Adds Software Security Vulnerability Dataset via VulnDB
January 24, 2019

JFrog is announcing that Xray, JFrog’s flagship security and compliance scanning solution, will now provide the most comprehensive, integrated security solution in the market through a partnership with Risk Based Security [RBS].

RBS is the provider of VulnDB, which contains the world’s broadest set of vulnerability intelligence. As a result of the partnership, all JFrog Xray customers will now be protected from more than 194,000 unique vulnerabilities, as they monitor their pipelines from code through production.

While most software security solutions utilize the vulnerabilities made public through online resources, such as the National Vulnerability Database (NVD), JFrog, by embedding VulnDB into Xray, will provide customers industry-leading vulnerability intelligence that includes over 64,000 vulnerabilities and data not found in the NVD. The intelligence from VulnDB, coupled with JFrog’s deep, universal understanding of software package types will provide the broadest-reaching protection of any security scanning product, spanning from developer code commits all the way through production software in a Kubernetes cluster.

“We are excited to include the world’s richest vulnerability intelligence database in Xray, and provide our users with the best tool in the DevSecOps market with Risk Based Security’s VulnDB,” said Shlomi Ben Haim, JFrog Co-Founder and CEO. “900% growth YoY and over 2,200 Xray installations tell us that JFrog Xray answers developers’ real security concerns by offering a deep, recursive scanning and impact analysis solution. JFrog offers developers the two fundamental pillars of DevOps: Speed and Security. Therefore, when it comes to our customers’ CI/CD pipelines, we are determined to build more than just a ‘security-alarm-system’ – we are committed to offering a first-class, universal, automated solution to support DevOps at scale.”

The full breadth, depth, and timeliness of vulnerability intelligence from the VulnDB database will be automatically added to Xray in stages starting immediately, with full integration between VulnDB and Xray expected in mid-2019. All updates will also be made available offline for JFrog customers who run datacenters without access to the internet.

“Identifying and mitigating vulnerabilities in a timely fashion is a critical component of managing risk in today’s enterprises,” said Barry Kouns, Co-Founder and CEO of Risk Based Security. “VulnDB is the only comprehensive vulnerability intelligence feed that is able to provide actionable insight as quickly as organizations need it to address vulnerabilities in their code. We are excited to partner with JFrog to seamlessly deliver this critical intelligence into the DevSecOps market through JFrog Xray.”

VulnDB is included in JFrog Xray at no additional charge, and users will be able to take full advantage of this new functionality starting with Xray’s next release. VulnDB intelligence is available in both on-premise and SaaS versions of JFrog Xray.

Share this

Industry News

February 06, 2023

Red Hat announced the availability of Red Hat Ansible Automation Platform on Google Cloud, providing a common and flexible IT automation solution that extends from the cloud, to the datacenter and out to the edge without additional complexity or required skills.

February 06, 2023

Cequence Security has enhanced the testing capabilities within its Unified API Protection Platform with the availability of API Security Testing.

February 06, 2023

Netlify has acquired Gatsby Inc.

February 02, 2023

Red Hat announced a multi-stage alliance to offer customers a greater choice of operating systems to run on Oracle Cloud Infrastructure (OCI).

February 02, 2023

Snow Software announced a new global partner program designed to enable partners to support customers as they face complex market challenges around managing cost and mitigating risk, while delivering value more efficiently and effectively with Snow.

February 02, 2023

Contrast Security announced the launch of its new partner program, the Security Innovation Alliance (SIA), which is a global ecosystem of system integrators (SIs), cloud, channel and technology alliances.

February 01, 2023

Red Hat introduced new security and compliance capabilities for the Red Hat OpenShift enterprise Kubernetes platform.

February 01, 2023

Jetpack.io formally launched with Devbox Cloud, a managed service offering for Devbox.

February 01, 2023

Jellyfish launched Life Cycle Explorer, a new solution that identifies bottlenecks in the life cycle of engineering work to help teams adapt workflow processes and more effectively deliver value to customers.

January 31, 2023

Ably announced the Ably Terraform provider.

January 31, 2023

Checkmarx announced the immediate availability of Supply Chain Threat Intelligence, which delivers detailed threat intelligence on hundreds of thousands of malicious packages, contributor reputation, malicious behavior and more.

January 31, 2023

Qualys announced its new GovCloud platform along with the achievement of FedRAMP Ready status at the High impact level, from the Federal Risk and Authorization Management Program (FedRAMP).

January 30, 2023

F5 announced the general availability of F5 NGINXaaS for Azure, an integrated solution co-developed by F5 and Microsoft that empowers enterprises to deliver secure, high-performance applications in the cloud.

January 30, 2023

Tenable announced Tenable Ventures, a corporate investment program.

January 26, 2023

Ubuntu Pro, Canonical’s comprehensive subscription for secure open source and compliance, is now generally available.