JFrog Xray: Overview

Course 1 of 5 in Getting Started with Xray Security

Understand what Xray does, how it fits into your software delivery pipeline, and why scanning alone isn't enough. This is your starting point before configuring policies, watches, or integrations.

Cancel Apply

rate limit

Code not recognized.

About this course

Course Level: Beginner

Requirements: A foundational understanding of DevOps, application security, and software supply chain risks.

Prerequisites: None. Familiarity with JFrog Artifactory or CI/CD pipelines is helpful but not required.

Course Description:

Since 80–90% of modern applications are built on open-source dependencies, your greatest risk isn't the code you write — it's the software you inherit. This course provides a foundational overview of JFrog Xray: how it scans, how it enforces policy, and how it turns raw security data into actionable insight across your entire SDLC.

Topics Covered:

  • Deep Recursive Scanning: How Xray deconstructs every layer of a binary — Docker images, JARs, transitive dependencies — to identify components by SHA checksum.
  • Software Bill of Materials (SBOM): Building a complete "digital twin" of your release, exportable in CycloneDX or SPDX formats.
  • Contextual Analysis & Continuous Monitoring: Determining whether a vulnerability is actually reachable in your code, and monitoring for new threats without re-scanning.
  • Shifting Left: Catching vulnerabilities in the IDE, CLI, and pull requests before they reach a shared repository.
  • Policies, Watches & Automated Enforcement: Defining rules, setting scope, and acting as a gatekeeper across your CI/CD pipeline and promotion stages.
  • Impact Analysis & Auditing: Mapping blast radius across your organization instantly, and generating compliance-ready reports for customers and regulators.

 

 

 

 

 

Curriculum0 hr 20 min

  • Xray Overview 0 hr 20 min
  • Share Your Feedback
  • Installation & Configuration
  • Installing JFrog Xray on a self-hosted environment

About this course

Course Level: Beginner

Requirements: A foundational understanding of DevOps, application security, and software supply chain risks.

Prerequisites: None. Familiarity with JFrog Artifactory or CI/CD pipelines is helpful but not required.

Course Description:

Since 80–90% of modern applications are built on open-source dependencies, your greatest risk isn't the code you write — it's the software you inherit. This course provides a foundational overview of JFrog Xray: how it scans, how it enforces policy, and how it turns raw security data into actionable insight across your entire SDLC.

Topics Covered:

  • Deep Recursive Scanning: How Xray deconstructs every layer of a binary — Docker images, JARs, transitive dependencies — to identify components by SHA checksum.
  • Software Bill of Materials (SBOM): Building a complete "digital twin" of your release, exportable in CycloneDX or SPDX formats.
  • Contextual Analysis & Continuous Monitoring: Determining whether a vulnerability is actually reachable in your code, and monitoring for new threats without re-scanning.
  • Shifting Left: Catching vulnerabilities in the IDE, CLI, and pull requests before they reach a shared repository.
  • Policies, Watches & Automated Enforcement: Defining rules, setting scope, and acting as a gatekeeper across your CI/CD pipeline and promotion stages.
  • Impact Analysis & Auditing: Mapping blast radius across your organization instantly, and generating compliance-ready reports for customers and regulators.

 

 

 

 

 

Curriculum0 hr 20 min

  • Xray Overview 0 hr 20 min
  • Share Your Feedback
  • Installation & Configuration
  • Installing JFrog Xray on a self-hosted environment
Click here to read the terms of service | Featured | JFrog.com | Cookies Settings