Announcing Snyk’s Integration with Xray

We’re big fans of open-source development at Snyk. It’s why we built Snyk in the first place: so people could safely use open-source dependencies without compromising security in the process. That’s why we’re excited to announce our integration with JFrog’s Xray!

Xray helps give organizations a better understanding of the dependencies their application is using, and what the impact of those dependencies are. Through deep recursive scanning, they help identify each and every dependency you are currently using, testing them against their database of vulnerabilities aggregated from different sources.

Today, one of those sources is the Snyk Vulnerability Database containing nearly 400 npm vulnerabilities and 330 Ruby vulnerabilities. Those numbers are growing rapidly as our dedicated team of security researches continues to identify and disclose new vulnerabilities daily.

Diagram courtesy of JFrog, 2017.

Xray will now surface vulnerabilities from Snyk’s Vulnerability Database, and link back to Snyk. This link back allows you to quickly use your Snyk account to fix the vulnerability (whether through a package update or by applying a pre-curated and vetted patch) and enable monitoring so that if a new vulnerability is discovered, you can be alerted immediately. The integration of Snyk into Xray thus allows Xray users to go deeper than just surfacing vulnerabilities, it also enables them to fix and prevent future vulnerabilities.

If you already have a Snyk account setup, you can register for a free trial of Xray to see how the two play together. If you don’t, sign up for your free Snyk account and then head over to Xray and give it a try.

Our goal from the beginning has been to make open-source development simpler and more secure. Having Snyk’s database integrated into Xray is another way of making secure open-source a reality.