DevSecOps Engineer at a tech services company with 501-1,000 employees
Real User
Top 20
Sep 12, 2025
I am utilizing the deep scanning capabilities in JFrog Xray product, and this feature is very handy because with other software, you don't know where the bad dependencies come from. JFrog Xray is accurate about this. Given my experience with JFrog Xray, my advice to other organizations considering it for their environment is that they have to decide if they will go for that command-line tool. They really need to make a proof of concept for starting to work with it. I rate JFrog Xray as a product a six out of ten.
According to my use case, it is highly scalable. I don't think there are any drawbacks to using Xray as of now. Some things are a bit difficult to find, but on a scale of 1-10, I would rate it seven to eight. This rating is based on my limited use of JFrog Xray, as there must be more features that I haven't explored yet. My overall rating for JFrog Xray is 7 out of 10.
Deployment Coordinator at a government with 10,001+ employees
Real User
Top 10
Feb 21, 2024
My role involves coordinating work and ensuring smooth progress, as well as conducting research and analysis. I don't focus on heavy coding instead, I primarily work on the data and database. JFrog Xray has fixed a static issue where two versions were flagging major vulnerabilities. Additionally, it detects issues like file uploads, enabling the Accelerate tool to alert the development team promptly. They can then investigate CPE from the vulnerability system to understand the criticality, apply fixes, and implement necessary fixes. Xray is a valuable tool for capturing such issues efficiently, making it a handy tool for our development team. When the development team reports to management, the tool assists in identifying and managing the flagged issues. Some can be marked as false positives, while others can be addressed promptly. JFrog Xray is a useful tool. It helps us identify vulnerabilities in dependency libraries. I recommend others to give it a try and see how it can benefit them. Overall, I rate the solution an eight out of ten.
We are using the previous version of JFrog Xray. We have recently moved to JFrog Xray and are onboarding all our projects into JFrog Xray. We are onboarding all our projects into Artifactory, and once everything is in Artifactory, we'll start the indexing. So we've already done the indexing for a few projects, which are being scanned. For others, we are still asking the different project people not to use ACR and GCR and move everything into Artifactory. Overall, I rate JFrog Xray an eight out of ten.
Senior Manager at a comms service provider with 5,001-10,000 employees
Real User
Mar 15, 2023
I'm an end-user. We're likely using a version that is the latest or close to the latest. I'd recommend the solution to others. There haven't been any disappointments so far. I'd rate the solution eight out of ten. It's done what is expected so far.
Lead Vulnerability Analyst/ DevSec Ops Specialist at a government with 201-500 employees
Real User
Mar 10, 2023
Regarding other people looking into this solution, I would definitely recommend this product. Overall, I would rate this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.
JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing...
I am utilizing the deep scanning capabilities in JFrog Xray product, and this feature is very handy because with other software, you don't know where the bad dependencies come from. JFrog Xray is accurate about this. Given my experience with JFrog Xray, my advice to other organizations considering it for their environment is that they have to decide if they will go for that command-line tool. They really need to make a proof of concept for starting to work with it. I rate JFrog Xray as a product a six out of ten.
According to my use case, it is highly scalable. I don't think there are any drawbacks to using Xray as of now. Some things are a bit difficult to find, but on a scale of 1-10, I would rate it seven to eight. This rating is based on my limited use of JFrog Xray, as there must be more features that I haven't explored yet. My overall rating for JFrog Xray is 7 out of 10.
On a scale of one to ten, I would rate the overall solution as six or seven out of ten. It is too early for us to provide a definitive rating.
My role involves coordinating work and ensuring smooth progress, as well as conducting research and analysis. I don't focus on heavy coding instead, I primarily work on the data and database. JFrog Xray has fixed a static issue where two versions were flagging major vulnerabilities. Additionally, it detects issues like file uploads, enabling the Accelerate tool to alert the development team promptly. They can then investigate CPE from the vulnerability system to understand the criticality, apply fixes, and implement necessary fixes. Xray is a valuable tool for capturing such issues efficiently, making it a handy tool for our development team. When the development team reports to management, the tool assists in identifying and managing the flagged issues. Some can be marked as false positives, while others can be addressed promptly. JFrog Xray is a useful tool. It helps us identify vulnerabilities in dependency libraries. I recommend others to give it a try and see how it can benefit them. Overall, I rate the solution an eight out of ten.
We are using the previous version of JFrog Xray. We have recently moved to JFrog Xray and are onboarding all our projects into JFrog Xray. We are onboarding all our projects into Artifactory, and once everything is in Artifactory, we'll start the indexing. So we've already done the indexing for a few projects, which are being scanned. For others, we are still asking the different project people not to use ACR and GCR and move everything into Artifactory. Overall, I rate JFrog Xray an eight out of ten.
I'm an end-user. We're likely using a version that is the latest or close to the latest. I'd recommend the solution to others. There haven't been any disappointments so far. I'd rate the solution eight out of ten. It's done what is expected so far.
Regarding other people looking into this solution, I would definitely recommend this product. Overall, I would rate this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.