With JFrog's Software Composition Analysis, get enhanced CVE detection and enhanced CVE data with remediation options early on with the following JFrog capabilities:

SCA in the JFrog CLI for Xray:

  • Scan your source code dependencies to find security vulnerabilities and license violations

  • Scan your binaries with the on-demand binary scanning that enables you to point to a binary in your local file system and receive a report that contains a list of vulnerabilities, licenses, and policy violations.

  • JFrog CLI is integrated with JFrog Xray and JFrog Artifactory, allowing you to have your build artifacts and dependencies scanned for vulnerabilities and license violations.

SCA in your IDE:

  • Find and fix security vulnerabilities in your projects and see valuable information about the status of your code by continuously scanning it locally.

  • Scan your project dependencies for security issues. For selected security issues, get leverage-enhanced CVE data that is provided by our JFrog Security Research team.

SCA in your Git repositories (Frogbot):

  • Scan pull requests immediately after they are opened but before they are merged.

  • Get notified if the pull request is about to introduce new vulnerabilities to your code.

  • Scan the Git repository periodically and create pull requests with fixes for vulnerabilities that are detected.

  • Frogbot uses JFrog's vast vulnerabilities database, to which we continuously add new component vulnerability data.

Last updated

© 2024 JFrog Ltd All Rights Reserved