JFrog has introduced advanced contextual analysis security capabilities in its Xray, DevSecOps solution. The new JFrog Xray features allow customers to more precisely determine the threat level and relevance of common vulnerability exposures (CVEs), leading to more rapid and accurately-prioritised remediation.
The release is said to provide a holistic, automated, scalable solution to find, replace, recover, and prioritise hazardous CVEs.
Rather than spending time and resources on researching or solving each new CVE based on the common vulnerability scoring system (CVSS), JFrog Xray’s contextual analysis capabilities take an intelligent approach to software scans at the binary level, painting a more complete picture of the applicability and danger of each vulnerability.
Knowing whether a particular CVE is relevant to your environment and easily exploitable will help already over-stretched DevSecOps teams quickly pinpoint and address their most critical security gaps. Because JFrog Xray is part of the JFrog Platform, once a vulnerability is identified, customers can securely build, distribute, and connect the required software updates from end-to-end, the company had explained in a release.
Nati Davidi, SVP, JFrog Security said, “With so many vulnerabilities these days, customers need solutions that help them focus on what actually needs protection. By providing binary-level detection of each vulnerability, Xray’s contextual analysis helps developers and security teams make more informed decisions about a particular vulnerability’s impact so they can confidently and quickly execute remediation plans, while reducing overhead.”
Contextual analysis and the other new features in JFrog Xray is expected to be rolled out starting in mid-February. This JFrog Xray update is supported across multiple languages and architectures, including JS, Java and Python.