JFrog Xray provides application transparency

It's all about clarity and transparency—an increasingly difficult task for modern applications

JFrog Xray provides application transparency
go_nils via Flickr

Applications today look different from how they looked only a few short years ago. Instead of generally monolithic architecture, modern applications take on a far more modular approach leveraging component third-party services, new ways to deploy and interactions with an increasing number of third-party systems and tools. All of this complexity makes it hard for developers, operations teams or a combination thereof to really see what is going on.

For that reason, vendors are increasingly looking to offer visibility as a specific product. That is the case for JFrog, which today announced Xray, a tool that aims to deliver transparency across applications. JFrog offers software management and distribution tools. Given that it already helps organizations deploy applications and manage those applications, it is a natural progression to offer visibility across those apps.

+ More on Network World: Promise and peril in the journey to DevOps +

From a company perspective, JFrog claims over 2,000 paying customers and 60,000 installations across millions of developers. Companies using JFrog include Amazon, Google, LinkedIn, MasterCard and Tesla. The JFrog tools are open-source, on-premise SaaS solutions.

This new solution, Xray, is labeled as an "impact analysis" product. That means it gives users deep understanding of their container images, software packages and binary artifacts, even with the huge volume and variety of components that development teams share in the software build and distribution process. Xray includes a number of different propositions:

  • Impact analysis that indicates how production and CI environments are impacted
  • A dependencies graph on which users can easily zoom in to find vulnerability or compliance issue.
  • An open API that enables integration with all current and future types of component-scanning technology to allow custom scanning capabilities for performance, quality, popularity or any other criteria required
  • A universal solution that integrates with vulnerability and license compliance databases such as VersionEye, BlackDuck and WhiteSource
  • An integration with a user’s registry and repository to allow full sync through all of the CI/CD flow

Xray is, naturally, integrated with JFrog Artifactory and therefore has access to the meta data that Artifactory indexes. As such, it is in a unique position to analyze the relationships between binary artifacts across an entire organization and analyze the impact that one component has on any other.

In addition to security vulnerabilities, JFrog Xray can also analyze the potential impact of performance issues or architectural changes. Xray also has an API, allowing integration within an organization's own continuous integrations and delivery products and processes.

Monitoring projects

JFrog Xray includes the VersionEye technology and database. VersionEye, a startup company based in Mannheim, Germany, improves developer productivity through a system that tracks open-source libraries and alerts developers in real time to key information such as security vulnerabilities, license violations and outdated dependencies.

“VersionEye technology monitors over a million open-source projects on a daily basis,” said Robert Reiz, CEO and co-founder of VersionEye. “Integrating the VersionEye technology with the JFrog platform creates an unparalleled capability for deep understanding of the quality and provenance of the software components organizations depend on. JFrog has leveraged its Universal approach, supporting all type of components, into a leadership position with its artifact repository and addresses a real community pain with JFrog Xray. We are excited to be part of the solution.”


Visibility is never a bad thing, and JFrog states correctly that the increasing complexity of applications calls for commensurately deeper and more complex transparency tools. The fact that it is also tightly tied to JFrog's other tools suggests that for existing Jfrog users, this will be a natural extension of their tools set.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2016 IDG Communications, Inc.

IT Salary Survey: The results are in