Consulting Services JFrog Platform Tour

JFrog Xray: Overview

Course 1 of 3 in JFrog Xray for DevSecOps Engineers

Improve DevSecOps in Software Delivery Automation Using JFrog Xray

Cancel Apply

rate limit

Code not recognized.

About this course

Course Level: Beginner

Requirements: A foundational understanding of DevOps, application security, and software supply chain risks.

Prerequisites: None. Familiarity with JFrog Artifactory or CI/CD pipelines is helpful but not required.

Course Description:

Since 80–90% of modern applications are built on open-source dependencies, your greatest risk isn't the code you write — it's the software you inherit. This course provides a foundational overview of JFrog Xray: how it scans, how it enforces policy, and how it turns raw security data into actionable insight across your entire SDLC.

Topics Covered:

  • Deep Recursive Scanning: How Xray deconstructs every layer of a binary — Docker images, JARs, transitive dependencies — to identify components by SHA checksum.
  • Software Bill of Materials (SBOM): Building a complete "digital twin" of your release, exportable in CycloneDX or SPDX formats.
  • Contextual Analysis & Continuous Monitoring: Determining whether a vulnerability is actually reachable in your code, and monitoring for new threats without re-scanning.
  • Shifting Left: Catching vulnerabilities in the IDE, CLI, and pull requests before they reach a shared repository.
  • Policies, Watches & Automated Enforcement: Defining rules, setting scope, and acting as a gatekeeper across your CI/CD pipeline and promotion stages.
  • Impact Analysis & Auditing: Mapping blast radius across your organization instantly, and generating compliance-ready reports for customers and regulators.

 

 

 

 

 

Curriculum0 hr 20 min

  • Xray Overview 0 hr 20 min
  • Share Your Feedback

About this course

Course Level: Beginner

Requirements: A foundational understanding of DevOps, application security, and software supply chain risks.

Prerequisites: None. Familiarity with JFrog Artifactory or CI/CD pipelines is helpful but not required.

Course Description:

Since 80–90% of modern applications are built on open-source dependencies, your greatest risk isn't the code you write — it's the software you inherit. This course provides a foundational overview of JFrog Xray: how it scans, how it enforces policy, and how it turns raw security data into actionable insight across your entire SDLC.

Topics Covered:

  • Deep Recursive Scanning: How Xray deconstructs every layer of a binary — Docker images, JARs, transitive dependencies — to identify components by SHA checksum.
  • Software Bill of Materials (SBOM): Building a complete "digital twin" of your release, exportable in CycloneDX or SPDX formats.
  • Contextual Analysis & Continuous Monitoring: Determining whether a vulnerability is actually reachable in your code, and monitoring for new threats without re-scanning.
  • Shifting Left: Catching vulnerabilities in the IDE, CLI, and pull requests before they reach a shared repository.
  • Policies, Watches & Automated Enforcement: Defining rules, setting scope, and acting as a gatekeeper across your CI/CD pipeline and promotion stages.
  • Impact Analysis & Auditing: Mapping blast radius across your organization instantly, and generating compliance-ready reports for customers and regulators.

 

 

 

 

 

Curriculum0 hr 20 min

  • Xray Overview 0 hr 20 min
  • Share Your Feedback
Click here to read the terms of service | Featured | JFrog.com | Cookies Settings