17 years helping Singaporean businesses
choose better software
JFrog Xray
What Is JFrog Xray?
Software composition analysis solution that scans your OSS dependencies for security vulnerabilities and license compliance violations. It uses deep recursive scanning techniques to scan repositories, build packages, and container images. Easily integrates across your software development pipeline and automates protection of your code and prevents unwanted security and license compliance risks entering your production software.
Who Uses JFrog Xray?
Software development is now an integral part of nearly every company across all vertical markets, the JFrog Platform with Xray serves as a great DevSecOps solution for all major industry sectors.
Not sure about JFrog Xray?
Compare with a popular alternative
JFrog Xray
Other great alternatives to JFrog Xray
Reviews of JFrog Xray
Secure your projects in DevOps with JFrog Xray
Pros:
Its ability to give real-time security insights on artifacts & the type of artifacts support if available.
Cons:
The False Positive analysis that it generates requires a lot of time and effort.
Good CI/CD tool
Comments: JFrog's tools are widely used and well-regarded in the software development community, and they are known for their robust feature set and ease of use.
Pros:
I love the automated integration with CI/CD pipelines. JFrog can be easily integrated with continuous integration and continuous delivery pipelines, allowing organizations to automate the process of building, testing, and deploying software. It's fast and reliable.
Cons:
JFrog can be a little hard to use for newbies. The JFrog tools are feature-rich and offer a wide range of functionality, but this also makes them somewhat complex to use. It may take some time for users to become familiar with all of the features and options available.
When security in CI/CD is needed
Pros:
I really like how it helps to analyze code on the run and suggest multiple enhancements for security and other best practices in code.
Cons:
I am not sure about how often are some databases of some security breaches updated, but sometimes there was some time lag. But maybe that was not really a problem on JFrog's site.
Alternatives Considered:
Wide range of features
Comments:
We wanted the ability to write structured instructions for our collegues, who are not trained testers. So everyone in our small company can test our software and provide some feedback.
We tried several jira plugins and stayed with XRay as it provides the most useful features for us
Pros:
Out of the box XRay provides a lot of features, that brings structure in testing applications. Every test or test execution is directly linked to the Jira issue, providing all neccessary information about the use case.
Cons:
The learning curve is pretty steep. Also the software could be better in terms of performance. Sometimes opening a testcase or test execution takes to much time (To be fair: We use it completely within Jira, so I cannot finally say if the performance isssues are because of Jira or XRay)
Alternatives Considered:
A good tool for "shift left" security.
Pros:
I can easily integrate with Azure DevOps and Jenkins CI and stop the build if a vulnerability is found.
Cons:
Reporting can improve with more data and aesthetically
Good product
Pros:
It simplicity and ease of use. Very understandable
Cons:
To be honest I like the product and have no bad words
