SCA

With JFrog's Software Composition Analysis, get enhanced CVE detection and enhanced CVE data with remediation options early on with the following JFrog capabilities:

SCA in the JFrog CLI for Xray:

• Scan your source code dependencies to find security vulnerabilities and license violations

• Scan your binaries with the on-demand binary scanning that enables you to point to a binary in your local file system and receive a report that contains a list of vulnerabilities, licenses, and policy violations.

• JFrog CLI is integrated with JFrog Xray and JFrog Artifactory, allowing you to have your build artifacts and dependencies scanned for vulnerabilities and license violations.

SCA in your IDE:

• Find and fix security vulnerabilities in your projects and see valuable information about the status of your code by continuously scanning it locally.

• Scan your project dependencies for security issues. For selected security issues, get leverage-enhanced CVE data that is provided by our JFrog Security Research team.

• Supported in Visual Studio Code and IntelliJ IDEA.

SCA in your Git repositories (Frogbot):

• Scan pull requests immediately after they are opened but before they are merged.

• Get notified if the pull request is about to introduce new vulnerabilities to your code.

• Scan the Git repository periodically and create pull requests with fixes for vulnerabilities that are detected.

• Frogbot uses JFrog's vast vulnerabilities database, to which we continuously add new component vulnerability data.