With JFrog's Software Composition Analysis, get enhanced CVE detection and enhanced CVE data with remediation options early on with the following JFrog capabilities:
  • Scan your source code dependencies to find security vulnerabilities and license violations
  • Scan your binaries with the on-demand binary scanning that enables you to point to a binary in your local file system and receive a report that contains a list of vulnerabilities, licenses, and policy violations.
  • JFrog CLI is integrated with JFrog Xray and JFrog Artifactory, allowing you to have your build artifacts and dependencies scanned for vulnerabilities and license violations.
  • Find and fix security vulnerabilities in your projects and see valuable information about the status of your code by continuously scanning it locally.
  • Scan your project dependencies for security issues. For selected security issues, get leverage-enhanced CVE data that is provided by our JFrog Security Research team.
  • Scan pull requests immediately after they are opened but before they are merged.
  • Get notified if the pull request is about to introduce new vulnerabilities to your code.
  • Scan the Git repository periodically and create pull requests with fixes for vulnerabilities that are detected.
  • Frogbot uses JFrog's vast vulnerabilities database, to which we continuously add new component vulnerability data. Also included is VulnDB, the industry's most comprehensive security database, to further extend the range of vulnerabilities detected and fixed by Frogbot.
© 2023 JFrog Ltd All Rights Reserved