With JFrog's Software Composition Analysis, get enhanced CVE detection and enhanced CVE data with remediation options early on with the following JFrog capabilities:
- Find and fix security vulnerabilities in your projects and see valuable information about the status of your code by continuously scanning it locally.
- Scan your project dependencies for security issues. For selected security issues, get leverage-enhanced CVE data that is provided by our JFrog Security Research team.
- Scan pull requests immediately after they are opened but before they are merged.
- Get notified if the pull request is about to introduce new vulnerabilities to your code.
- Scan the Git repository periodically and create pull requests with fixes for vulnerabilities that are detected.
- Frogbot uses JFrog's vast vulnerabilities database, to which we continuously add new component vulnerability data. Also included is VulnDB, the industry's most comprehensive security database, to further extend the range of vulnerabilities detected and fixed by Frogbot.