SCA

With JFrog's Software Composition Analysis, get enhanced CVE detection and enhanced CVE data with remediation options early on with the following JFrog capabilities:
​SCA in the JFrog CLI for Xray:
​Scan your source code dependencies to find security vulnerabilities and license violations
​Scan your binaries with the on-demand binary scanning that enables you to point to a binary in your local file system and receive a report that contains a list of vulnerabilities, licenses, and policy violations.
JFrog CLI is integrated with JFrog Xray and JFrog Artifactory, allowing you to have your build artifacts and dependencies scanned for vulnerabilities and license violations.
​SCA in your IDE:
Find and fix security vulnerabilities in your projects and see valuable information about the status of your code by continuously scanning it locally.
Scan your project dependencies for security issues. For selected security issues, get leverage-enhanced CVE data that is provided by our JFrog Security Research team.
Supported in Visual Studio Code and IntelliJ IDEA.
​SCA in your Git repositories (Frogbot):
Scan pull requests immediately after they are opened but before they are merged.
Get notified if the pull request is about to introduce new vulnerabilities to your code.
Scan the Git repository periodically and create pull requests with fixes for vulnerabilities that are detected.
Frogbot uses JFrog's vast vulnerabilities database, to which we continuously add new component vulnerability data. Also included is VulnDB, the industry's most comprehensive security database, to further extend the range of vulnerabilities detected and fixed by Frogbot.
Last modified 20d ago