JFrog Introduces Pre-Production Software Visibility Tool

By Paula Bernier
Executive Editor, TMC

As members of the Cyber Security Trend Community are keenly aware, the use of container technology is rising dramatically for a host of reasons.  However, as readers are also aware, containers present some security challenges.  It is why knowing about the latest development from JFrog, its new Xray solution announced recently at container solutions industry leader Docker’s annual DockerCon event, commands attention. 

JFrog offers solutions to expedite software releases. Its technology does that by providing binary software code/artifacts to allow for faster software creation and integration. On June 30 it will expand its portfolio with the introduction of Xray, which as the name implies is about security. 

Containers and other binaries and images need tools to be used and managed, says Shlomi Ben Haim, co-founder and CEO at JFrog. Xray provides the security piece of the puzzle to allow users to understand what impact new software will have on their environments before that software goes into production. It’s not just a container scanner, Haim adds, Xray also leverages information JFrog gets from security databases and other sources to get the job done.

Xray sits between the developers and development operations engineers at organizations. It can present license information, flag out-of-date component information, and point out security vulnerabilities, and it optimizes user environments before they are pushed to production. By providing a view of vulnerabilities before software goes into production, it saves organizations money by saving them time. It saves them time by automating quality assurance and release verification processes.

“This is what we call liquid software – it will just flow,” Ben Haim adds.

JFrog is at DockerCon this week promoting Xray, he explains, because Docker is a container technology that has different binaries inside, and there are different dependencies between binaries. Although some sources may suggest that a new software update will not impact the binaries, Haim says, what they won’t tell you is if you replace a binary, you are affecting dependencies. JFrog provides a dependency graph.

Xray will be priced based upon the number of artifactory instances. It will be sold as an add-on to existing JFrog packages.