Announcing Snyk's Integration with Xray

Geva Solomonovich's avatar Geva Solomonovich

We’re big fans of open-source development at Snyk. It’s why we built Snyk in the first place: so people could safely use open-source dependencies without compromising security in the process. That’s why we’re excited to announce our integration with JFrog’s Xray!

Xray helps give organizations a better understanding of the dependencies their application is using, and what the impact of those dependencies are. Through deep recursive scanning, they help identify each and every dependency you are currently using, testing them against their database of vulnerabilities aggregated from different sources.

Today, one of those sources is the Snyk Vulnerability Database containing nearly 400 npm vulnerabilities and 330 Ruby vulnerabilities. Those numbers are growing rapidly as our dedicated team of security researches continues to identify and disclose new vulnerabilities daily.

Diagram courtesy of JFrog, 2017.

Xray will now surface vulnerabilities from Snyk’s Vulnerability Database, and link back to Snyk. This link back allows you to quickly use your Snyk account to fix the vulnerability (whether through a package update or by applying a pre-curated and vetted patch) and enable monitoring so that if a new vulnerability is discovered, you can be alerted immediately. The integration of Snyk into Xray thus allows Xray users to go deeper than just surfacing vulnerabilities, it also enables them to fix and prevent future vulnerabilities.

If you already have a Snyk account setup, you can register for a free trial of Xray to see how the two play together. If you don’t, sign up for your free Snyk account and then head over to Xray and give it a try.

Our goal from the beginning has been to make open-source development simpler and more secure. Having Snyk’s database integrated into Xray is another way of making secure open-source a reality.

The Frequency of Known Vulnerabilities in JavaScript Libraries

March 09, 2017

An interesting whitepaper was released at the 2017 NDSS Symposium discussing a large-scale attempt at determining just how vulnerable client-side JavaScript libraries are. We wanted to share some of our thoughts on the report.

How Voltos Uses Snyk to Secure Their Own Security Product

February 22, 2017

As a security-focused startup, keeping their own application secure is absolutely mission critical for Voltos. In this guest post, Glenn Gillen talks about how Voltos is using Snyk to keep their dependencies free of known vulnerabilities.

Subscribe to The Secure Developer Podcast

A podcast about security for developers, covering tools and best practices.

Find out more

Interested in web security?

Subscribe to our newsletter:

Get realtime updates and fixes for JavaScript, Ruby and Java vulnerabilities that affect your applications