Snyk’s vulnerability database is no longer powering JFrog’s Xray

Geva Solomonovich
January 3, 2019 | in Ecosystems
| By Geva Solomonovich

Up until the beginning of 2019, Snyk’s vulnerability database was used by JFrog’s Xray platform. Xray customers that scanned their artifacts for open source vulnerabilities received vulnerabilities data from Snyk’s comprehensive database (Basic or Premium databases) and were directed to Snyk website for enhanced information on each vulnerability.

Starting from January 2019, Snyk’s vulnerability database will no longer be integrated into the  Xray platform. Snyk vulnerabilities observed through scans done prior to January 2019 or databases not updated since then will remain visible in Xray dashboard. New scans following January 2019 will not include any Snyk vulnerabilities.

Customers that are using both Snyk and Xray can continue using each platform separately. With Snyk, applications and Docker images can be scanned for vulnerabilities earlier in the development process, during the coding and build phase, before going into Artifactory. Detected vulnerabilities can be automatically remediated using Snyk’s Fix Pull Requests and Precision Patches.

Artifactory and Xray customers looking to continue shifting left their security, achieving developer ownership of security, and leveraging automated fixes and industry-leading security depth can contact or learn more here.

Snyk and JFrog remain closely partnered and are looking forward to helping our joint customers consume open source and distribute software more securely and faster than ever.