Latest Release of JFrog Xray Helps Customers Dynamically Assess the Relevance, Impact & Needed Remediation for Security Vulnerabilities, Speeding Time to Resolution
JFrog Ltd. the Liquid Software company and creators of the JFrog DevOps Platform, introduced advanced contextual analysis security capabilities in JFrog Xray, the companyโs DevSecOps solution. A proof point of the integrated roadmap following its Vdoo acquisition, the new JFrog Xray features allow customers to more precisely determine the threat level and relevance of common vulnerability exposures (CVEs), leading to more rapid and accurately-prioritized remediation. Together with JFrog Artifactory, this Xray release provides a holistic, automated, scalable solution to find, replace, recover, and prioritize hazardous CVEs.
Top iTechnology IT and DevOps News:ย MemVerge Names Sean Milner Vice President of Sales
Rather than spending time and resources on researching or solving each new CVE based on theย common vulnerability scoring systemย (CVSS), JFrog Xrayโs contextual analysis capabilities take an intelligent approach to software scans at the binary level, painting a more complete picture of the applicability and danger of each vulnerability. Knowing whether a particular CVE is relevant to your environment and easily exploitable will help already over-stretchedย DevSecOpsย teams quickly pinpoint and address their most critical security gaps. Because JFrog Xray is part of theย JFrog Platform, once a vulnerability is identified, customers can securely build, distribute, and connect the required software updates from end to end.
โWe are thrilled to offer customers an integrated platform approach for quickly determining each CVEโs applicability and risk, then deploying the appropriate remediation,โ said Nati Davidi, SVP, JFrog Security. โWith so many vulnerabilities these days, customers need solutions that help them focus on what actually needs protection. By providing binary-level detection of each vulnerability, Xrayโs contextual analysis helps developers and security teams make more informed decisions about a particular vulnerabilityโs impact so they can confidently and quickly execute remediation plans, while reducing overhead.โ
In a world where software vulnerabilities and attacks are increasing at unprecedented rates in terms of both volume and sophistication,ย industry researchย indicates the average time needed for businesses and agencies to fixย security vulnerabilitiesย grew from 197 days to 202 days over the first half of 20211. Traditional software composition analysis (SCA) tools can often find hundreds of vulnerabilities in a single scan, giving development teams the arduous task of determining which vulnerabilities truly matter. Using advanced binary scans of container images, JFrog Xrayโs contextual analysis delivers a more accurate picture of what vulnerabilities exist, if they are relevant, and/or easily exploitable โ enabling developers and DevSecOps teams to prioritize efforts and resources for swift remediation.
Top iTechnology 5G Technology News:ย TEOCO Acquires Software Synergy Inc (SSI)
Identification and assessment of relevant contextual factors such as the existence of a reachable path to the vulnerable code, or a configuration variable that affects the CVE applicability, typically require extensive manual analysis by security experts. This approach cannot meet the needs of modern businesses to secure at DevOps speed and scale. As a recognized Certified Numbering Authority (CNA), JFrogโs Security Research team continuously monitors, identifies, and analyzes both existing and emerging CVEs to determine if they are likely to be exploited by real-world attackers. With JFrog Xray, customers benefit from this extensive research, which offers clarity on how the vulnerability can be exploited and clear guidance on remediation tactics, delivered through an automated, scalable platform.
Contextual analysis and the other new features in JFrog Xray will be rolled out progressively across the JFrog customer base starting in mid-February. This JFrog Xray update is supported across multiple languages and architectures, including JS, Java and Python based on JFrogโs universal product philosophy. For additional information on contextual analysis and other new features in the latest version of JFrog Xray readย this blogย or visit theย JFrog Xray solution page.
Top iTechnology Cloud News:ย Verkada Unveils Access Control Support For Schlage Electronic Locks
[To share your insights with us, please write toย sghosh@martechseries.com]
