JFrog yesterday introduced Xray, a new impact analysis tool aimed at giving developers and operators a better view into what their applications will do when deployed. Xray analyzes dependencies, integrates with vulnerability and compliance tools, and uses the metadata in Artifactory to track what will change.
Xray is targeted at DevOps as a way to observe and track the changes that will occur in a Continuous Delivery or Continuous Integration environment. It can alert users to potential pipeline changes, nasty interactions, and conflicts between binaries.
JFrog Xray also comes with VersionEye, a security tool from a German company of the same name. VersionEye monitors and tracks open-source projects, alerting users to vulnerabilities and patches, and giving them a way to track problems that enter their architectures from outside software.
Shlomi Ben Haim, cofounder and CEO of JFrog, said, “JFrog Xray responds to a profound pain of our users and the entire software development community with an infinitely expandable way to know everything about every component they’ve ever used in a software project, from build to production to distribution. While container technology revolutionized the market and the way people distribute software packages, it is still a ‘black hole’ that always contains other packages and dependencies. The Ops world has a real need for full visibility into these containers, plus an automated way to point out changes that will impact their production environment. With JFrog Xray, you can not only scan your container images but also track all dependencies in order to avoid vulnerabilities and optimize your CI/CD flow.”
JFrog’s annual developer conference kicked off yesterday in Napa Valley. Known as swampUP, the conference also played host to a number of integration and partnership announcements.
First, Google and JFrog teamed up to bring a SaaS version of Artifactory into Google’s Cloud Platform. Next, an integration with Atlassian’s Bitbucket was announced, allowing release managers to use JFrog to track the chain of custody for source code coming from Bitbucket repositories.
JFrog also announced partnerships with Mesosphere (for Continuous Delivery on top of Mesos) and Sumo Logic (for logs and analytics).