Jfrog flicks out scanner to dive deep into containers
Seriously, what are you hiding in there?
Repository management vendor JFrog has hopped into the container and binary scanning market with the launch of Xray.
The launch comes just a week after Docker and Twistlock both launched container scanning products. While container technology has taken the market by storm over the last year, there has been a growing awareness of the lack of visibility into the components of containers.
JFrog CEO Shlomi Ben Haim said: "In the last year that has been a new pain [for developers], and this is you don't really know what your build contains, and you don't really know what your containers ship, and you don't really know what you have in your production environment."
He scotched any suggestion it had been rushed into announcing Xray, saying it was always going to be the marquee launch at its swampUP customer event in Napa Valley this week.
Ben Haim said of Xray that while its product offered visibility into container images, it also scanned software packages and binaries, and offered a full impact analysis and dependency graph.
"It's not just for the security," he said – though it could smooth conversations between DevOps types and their companies' security teams.
He said it filled a substantial gap in the vendor's product lineup – which centres on the Artifactory repository management platform. While it could be used in conjunction with other platforms, he argued that access to Artifactory's metadata meant a unique potential for analysis.
The launch also represents a tie-up with German-based notification vendor VersionEye. Ben Haim said that it would work out of the box with VersionEye, but that it would also integrate with other databases such as Black Duck and WhiteSource.
However, he said when it came to VersionEye, it is "embedded in Xray ... it's not just the database. We've worked very closely."
The full product will ship at the beginning of Q3, said Ben Haim.
"We are probably going to look at a package that will include Artifactory and Xray together, because otherwise it doesn't make sense. You need the metadata, the metadata is still hosted in Artifactory."
He added that pricing has not been set, but that "it's probably not going to something like double the price. It will be more like an add-on. It's another product that will be included in our enterprise solution." ®
Sponsored: Becoming a Pragmatic Security Leader