Skip to main content

AcademySecuring Software Pipelines with Xray

Securing Software Pipelines with Xray

  • Course Number

  • Classes Start

Course Summary

Xray allows integration and automation with your organization's CI/CD pipeline and provides DevSecOps engineers and Developers with trust in their software releases. In this course, you'll learn about the Xray solution, its architecture and its components, as well as how Xray works at each step in the DevOps cycle. You will learn how to perform a deep scan of artifacts, as well as how to integrate Xray with an existing CI/CD pipeline and allow other binary analysis tools to build on its capabilities.

Course Objectives

After completing the course, you will be able to:

  • Use Xray to identify and resolve security issues
  • Use different types of enforcement policies
  • Integrate with CI/CD pipeline
  • Perform a deep scan of artifacts and create a graph of relationships between software components

Who is this course for?

Application Security Engineers, DevSecOps, DevOps engineers and Developers who are new to JFrog Xray and use JFrog Xray to detect and fix vulnerabilities in their open source dependencies and binaries.


Xray Overview

  • Introduction
  • Architecture
  • Components
  • Policies and Watches
    • License Policies
    • Security Policies
  • Permissions
  • Reports

Scanning with Xray

  • Build Integration
  • IntelliJ Plugin
  • Rest API
  • Requirements

    Understanding of modern packaged software development processes.

    Familiarity with programming languages such as Java, npm or Python is required.

    Basic understanding of JFrog Artifactory


    ~60 mins