JFrog Xray Reviews

Name: JFrog Xray
Brand: JFrog
Rating: 4 (7 reviews)

Vendor: JFrog

4.1 out of 5

7 reviews
100% willing to recommend

116 followers

Post review

What is JFrog Xray?

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing Foundation [CNCF].

Get the JFrog Xray Buyer's Guide and find out what your peers are saying about JFrog Xray, Wiz, Microsoft Defender for Cloud and more!

JFrog Xray is the #3 ranked solution in top Software Supply Chain Security solutions, #6 ranked solution in top Software Composition Analysis (SCA) solutions, #19 ranked solution in Container Security Solutions, and #22 ranked solution in top Vulnerability Management solutions. PeerSpot users give JFrog Xray an average rating of 8.2 out of 10. JFrog Xray is most commonly compared to Wiz: JFrog Xray vs Wiz. JFrog Xray is popular among the large enterprise segment, accounting for 78% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 24% of all views.

Helped 814,763 peers since 2012

Featured reviews

Mokshi Pandita

DevOps Engineer at Rambøll Danmark A/S

We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.

Read full review

Sai Pradeep Koneti

DevOps Engineer Intern at University of Nebraska at Omaha

When we were trying to get it up and working initially, I found it a bit hard to go through JFrog Xray's documentation and get my error solved. I was facing some issues because we hadn't got a specific license for the tool, but I was able to access it. As a regular user, I regularly saw an error message saying that the license feature was unavailable for my subscription. After a couple of days, I realized I was missing a license. I had to go back to the JFrog Xray team, who provided me with the new license, and then I could complete the setup.

Read full review

Narendra-Singh

SR IT administrator at Cardinal Integrated Technologies Inc

We are using JFrog Xray for identifying vulnerabilities JFrog Xray has helped us improve our architecture. The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy. The speed of JFrog Xray should improve. Other solutions have better performance. JFrog…

Read full review

JFrog Xray mindshare

Product category:

As of November 2024, the mindshare of JFrog Xray in the Vulnerability Management category stands at 1.0%, up from 0.1% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Vulnerability Management

Key learnings from peers

Last updated Sep 16, 2024

Valuable Features

JFrog Security Essentials' most valuable features include comprehensive scanning capabilities and deep analysis of Docker and ZIP-related files. It also offers effective reporting options, integration with Artifactory for streamlined onboarding of projects, and intelligent prioritization of vulnerabilities. Reviewers like JFrog's ability to display an internal dependencies hierarchy and block vulnerabilities from entering the production environment.

"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."

Room for Improvement

JFrog Security Essentials could enhance documentation and error logging. Users want a better dashboard that displays total vulnerabilities, and the shift left approach should be incorporated to provide information about vulnerabilities before artifact creation. The performance should be improved, and detailed dependency lists would be beneficial. The solution's APIs have some limitations that need to be explored further. Expanding the user interface to provide a better dashboard and improving site performance for a smoother user experience are also necessary.

"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"JFrog Xray's documentation and error logging could be improved."
"JFrog Xray does not have a dashboard."

ROI

Users report significant time savings and enhanced security posture due to JFrog Xray's automated scanning and efficient vulnerability detection, which has bolstered their software development pipeline. It has improved team's confidence in deploying secure applications and has expedited release cycles. By integrating seamlessly with existing tools, JFrog Xray has streamlined processes for identifying and addressing risks, providing a noticeable improvement in their software management workflows.

Pricing

Users say the price of JFrog Security Essentials is fair and comparable to similar products. JFrog is one of the lower-cost options.

Popular Use Cases

The primary use case of JFrog Security Essentials is vulnerability scanning. It is also used for artifact storage, repository management, and image management. Additionally, it is utilized for container scanning and running daily and monthly reports.

Service and Support

Customers have found the customer service and support of JFrog Security Essentials to be prompt, effective, and consistently helpful.

Deployment

The initial setup for JFrog Security Essentials can be challenging and requires attention to detail. Users say that if Artifactory is already in place, the installation process is simplified. The difficulty of the setup process can vary depending on the person's experience, but the API documentation is reportedly clear and helpful.

Scalability

JFrog Security Essentials users consider the solution to be scalable. Some reviewers mentioned plans to expand the number of users in their organization. While users say that the automated configuration enables scalability, the solution may have performance issues at a higher scale.

Stability

Users consider JFrog Security Essentials to be stable. Some users compared its stability to similar solutions in the market, such as Nexus. Reviews say the solution performs well without any bugs or glitches.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our JFrog Xray Buyer's Guide for additional reliable information.