JFrog Xray Reviews

Our primary use case for X-ray includes multiple activities such as security and vulnerability scanning. We already use Black Duck for these purposes, and we are evaluating how JFrog Xray can offer similar functionalities. Additionally, we're exploring its curation capabilities for machine language models in the financial industry.

Going with JFrog's suite of products helps us with tighter integration with Artifactory, potentially allowing us to phase out Black Duck. However, this is still premature, and we have a lot of exercises to conduct.

We use this solution to identify vulnerabilities in the dependency file. We have the Artifactory package which integrates with Xray-like plugins. We can automatically plug this tool into Xray to conduct vulnerability analysis.

If you are using an older version of the solution, there might be some vulnerabilities. JFrog Xray shows us a list of vulnerabilities that can impact our code. It will ask us to update to the latest version. Our team will review the information and validate it. Then, we will analyze the results and, if necessary, migrate to the latest version to remove those vulnerabilities.

We use a pipeline, specifically Jenkins for our Kubernetes development cycle, the JFrog Xray Accelerator plays a crucial role. In the pipeline, this Accelerator halts the code progression to production. Therefore, it prevents the code from advancing from the pre-production environment to the production environment in cases of critical issues. The system generates notifications for the development team, enabling them to decide internally, in consultation with the tech leads, whether to proceed to the next stage or halt the process.

We use JFrog Xray mostly for container scanning.

I like how JFrog Xray and Artifactory go well together. If you have everything in Artifactory, then the entire process of onboarding a project becomes very easy with JFrog Xray. You have to start the indexing, and you're good to go. People use a lot of Artifactory storage systems, but that's not really how it should be.

If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first. It helps you prioritize things for your project.

We install Artifactory, and we run reports on a daily and monthly basis. JFrog Xray gives us the vulnerability report count in case of any issues with Artifactory. We introduced a new build saved into our pipeline that will try to scan an artifact before publishing it into Artifactory using JFrog Xray. In case of any vulnerabilities, the Python will be broken, and it will try to trigger another.

Previously, we used Checkmarx, but we didn't have a tool to scan artifacts before or after getting published in Artifactory. JFrog Xray fitted right into our pipeline for checking vulnerabilities and was the best solution we got on the market then.

We are using JFrog Xray for identifying vulnerabilities.

JFrog Xray has helped us improve our architecture.

We primarily use the solution for vulnerability scanning. We're looking for vulnerabilities in open-source components. 

The quality of scanning has been good. Its reporting is good. 

It's very clear and understandable.

The solution is stable and reliable.

We find the product the be easy to set up.

It is scalable.

The pricing is reasonable. 

Our primary use case is for artifact storage, a repository, and image management. We also utilize JFROG X-ray for vulnerability scans.

I would say that this solution has helped our organization by allowing us to automate a lot of the processes.

I'm using this solution for scanning artifacts related to the Jfrog Artifactory. I'm scanning them, checking licenses and things like that. I'm a DevOps engineer intern and we are customers of JFrog. 

I would say the reporting functionalities are pretty good as are the policy watches. I like them a lot.