On Monday, JFrog announced details of JFrog Xray, a product that delivers deep transparency into artifacts stored within the JFrog Artifactory repository. JFrog Xray performs binary-level analysis of JFrog artifacts to facilitate detection of security vulnerabilities. In addition, the product performs impact analysis that elaborates dependencies between container images and their constituent software applications and binary artifacts. JFrog Xray’s ability to deliver granular visibility into dependencies between binary artifacts used by an organization means that JFrog Artifactory customers can swiftly understand the scope of security vulnerabilities that may originate with one artifact and have an ancillary effect on other artifacts. As such, JFrog Xray tackles the problem of the “black box” related to the contents of a container and its potential impact on the IT infrastructure of an organization. Customers can further leverage JFrog’s Xray’s ability to map dependencies between artifacts to understand performance and architectural effects related to the impact of changes in one artifact on other components and applications.
Shlomi Ben Haim, CEO of JFrog, commented on the innovation of JFrog Xray as follows:
JFrog Xray responds to a profound pain of our users and the entire software development community for an infinitely expandable way to know everything about every component they’ve ever used in a software project – from build to production to distribution. While container technology revolutionized the market and the way people distribute software packages, it is still a ‘black hole’ that always contains other packages and dependencies. The Ops world has a real need to have full visibility into these containers plus an automated way to point out changes that will impact their production environment. With JFrog Xray, you can not only scan your container images but also to track all dependencies in order to avoid vulnerabilities and optimise your CI/CD flow.
With these remarks, Shlomi Ben Haim highlights the ability of JFrog Xray to penetrate the black hole specific to container technology and their contents. The graphic below illustrates the platform’s ability to map an impact path and enumerate affected artifacts via a custom notification generated by the “Performance Alerts” application:
JFrog Xray plays in the same space as Docker’s Security Scanning platform but claims competitive differentiation from Docker’s binary level scanning technology as a result of its advanced ability to map dependencies between artifacts and subsequently deliver a comprehensive impact analysis. JFrog Xray will be generally available as of June 30, 2016.
JFrog today announces the finalization of $50M in investment capital from new investors Scale Venture Partners, Sapphire Ventures, Battery Ventures, Vintage Investment Partners and Qumra Capital in addition to existing investors. The funding raise validates JFrog’s business model as a leader in the artifact repository, distribution and management space. Unlike other artifact repositories that exclusively support formats such as Docker, NPM, Maven and Vagrant, JFrog embraces binary artifacts of all kinds, thereby allowing organizations to create hybrid artifact repositories featuring a multitude of artifacts from a variety of sources. As such, JFrog’s universal artifact repository gives developers the ability to create metadata for binary objects in conjunction with a system of record for polyglot application development. The company’s three pronged product line features JFrog Artifactory, JFrog Bintray and JFrog Mission Control. While JFrog Artifactory constitutes the industry’s only universal artifact repository, JFrog Bintray takes responsibility for the distribution of software and binary artifacts to end users. Meanwhile, JFrog Mission Control empowers customers to manage multiple instances of JFrog Artifactory spanning different servers. JFrog CEO Shlomi Ben Haim remarked on the innovation of JFrog for DevOps and contemporary development practices as follows:
The software world is tired of domain dictators and demands a universal powerful solution that supports all technologies and software packages. DevOps and developer teams deserve more – they demand a multi-package, highly available and secured end-to-end solution. JFrog Artifactory and JFrog Bintray are not just a Docker registry, or a npm or Maven repository; it’s how the world’s biggest organizations choose to host, manage and distribute their software.
Here, Shlomi Ben Haim underscore’s JFrog’s ability to store, distribute and manage binary artifacts from a heterogeneous assemblage of sources and technologies. As a one stop resource for artifact storage, distribution and management, JFrog now boasts over 1500 paying customers including Google, Amazon, VMware, EMC, Cisco, Oracle and Netflix. The $50M in funding will be used to scale its products and services to match the demands of JFrog’s customers by expanding its product and sales operations teams and positioning the company to more expeditiously realize its mission by means of strategic acquisitions. JFrog Bintray specializes in the automation of the distribution of binary artifacts and software packages to repositories all over the world, and now claims over 700,000 downloads a month. With an extra $50M in its coffers, expect JFrog to continue leap frogging the rest of the competition with embellishments to its product suite and a visionary, disruptive approach to DevOps that positions it squarely in competition with Docker, even as it embraces artifacts from Docker’s Trusted Registry. JFrog’s Artifactory platform is available on premise or via a cloud-based deployment. Today’s funding raise adds to previous funding of $12M, bringing the total funding raised by JFrog to approximately $62M.