JFrog Xray Adds Software Security Vulnerability Dataset via VulnDB
January 24, 2019

JFrog is announcing that Xray, JFrog’s flagship security and compliance scanning solution, will now provide the most comprehensive, integrated security solution in the market through a partnership with Risk Based Security [RBS].

RBS is the provider of VulnDB, which contains the world’s broadest set of vulnerability intelligence. As a result of the partnership, all JFrog Xray customers will now be protected from more than 194,000 unique vulnerabilities, as they monitor their pipelines from code through production.

While most software security solutions utilize the vulnerabilities made public through online resources, such as the National Vulnerability Database (NVD), JFrog, by embedding VulnDB into Xray, will provide customers industry-leading vulnerability intelligence that includes over 64,000 vulnerabilities and data not found in the NVD. The intelligence from VulnDB, coupled with JFrog’s deep, universal understanding of software package types will provide the broadest-reaching protection of any security scanning product, spanning from developer code commits all the way through production software in a Kubernetes cluster.

“We are excited to include the world’s richest vulnerability intelligence database in Xray, and provide our users with the best tool in the DevSecOps market with Risk Based Security’s VulnDB,” said Shlomi Ben Haim, JFrog Co-Founder and CEO. “900% growth YoY and over 2,200 Xray installations tell us that JFrog Xray answers developers’ real security concerns by offering a deep, recursive scanning and impact analysis solution. JFrog offers developers the two fundamental pillars of DevOps: Speed and Security. Therefore, when it comes to our customers’ CI/CD pipelines, we are determined to build more than just a ‘security-alarm-system’ – we are committed to offering a first-class, universal, automated solution to support DevOps at scale.”

The full breadth, depth, and timeliness of vulnerability intelligence from the VulnDB database will be automatically added to Xray in stages starting immediately, with full integration between VulnDB and Xray expected in mid-2019. All updates will also be made available offline for JFrog customers who run datacenters without access to the internet.

“Identifying and mitigating vulnerabilities in a timely fashion is a critical component of managing risk in today’s enterprises,” said Barry Kouns, Co-Founder and CEO of Risk Based Security. “VulnDB is the only comprehensive vulnerability intelligence feed that is able to provide actionable insight as quickly as organizations need it to address vulnerabilities in their code. We are excited to partner with JFrog to seamlessly deliver this critical intelligence into the DevSecOps market through JFrog Xray.”

VulnDB is included in JFrog Xray at no additional charge, and users will be able to take full advantage of this new functionality starting with Xray’s next release. VulnDB intelligence is available in both on-premise and SaaS versions of JFrog Xray.

Share this

Industry News

May 06, 2021

Splunk announced the new Splunk Observability Cloud, the full-stack, analytics-powered and enterprise-grade Observability solution.

May 06, 2021

Gluware unveiled its DevOps for NetOps framework featuring Gluware Lab, its integrated development environment (IDE).

May 06, 2021

Ambassador Labs announced the new Ambassador Developer Control Plane (DCP), whichgives developers the ability to manage the entire modern software development lifecycle for Kubernetes environments using tools and processes that are familiar to them.

May 06, 2021

Code Dx and Secure Code Warrior have teamed up to launch Project Better Code, an initiative to tackle a major challenge facing innovative organizations today – pushing the pace of software development without compromising software security.

May 06, 2021

Pegasystems announced the latest evolution of its Pega Infinity software suite to help speed and simplify digital transformation (DT) initiatives, Pega Infinity version 8.6.

May 06, 2021

Accurics announced that its open source project Terrascan, which enables teams to detect compliance and security violations across Infrastructure as Code (IaC), now integrates with the Argo Project.

May 05, 2021

Amazon Web Services announced the general availability of Amazon DevOps Guru, a fully managed operations service that uses machine learning to make it easier for developers to improve application availability by automatically detecting operational issues and recommending specific actions for remediation.

May 05, 2021

SmartBear has added API testing support for the popular, open source event streaming platform, Apache Kafka.

May 05, 2021

Red Hat unveiled its Developer Sandbox for Red Hat OpenShift, an OpenShift-based development environment designed to enable organizations to accelerate the path from code to production for Kubernetes-based applications.

May 05, 2021

DevOps Institute announced the lineup for SKILup Days in the second quarter of 2021.

May 05, 2021

Idera announced the acquisition of Xblend Software.

May 04, 2021

ThoughtSpot announced the launch of ThoughtSpot Everywhere.

May 04, 2021

Perforce Software announced the availability of virtual devices (Android emulators and iOS simulators) as part of the comprehensive device lab within Perfecto’s Intelligent Test Automation platform.

May 04, 2021

LogiGear announced the newest release of its flagship TestArchitect™ Enterprise product, TestArchitect Enterprise 9.0.

May 04, 2021

Rafay Systems announced new enhancements to its flagship Kubernetes Management Cloud (KMC).