> Integration > NPM Xray

JFrog +

npm
JFrog offers an end-to-end solution covering the full lifecycle of your npm packages to manage development, vulnerability analysis, artifact flow control and distribution.

WHAT XRAY AND NPM INTEGRATION MEANS TO YOU

On-Prem or Cloud Versions

Deep Recursive Scan Through All Layers of an npm package

JFROG
ARTIFACTORY

npm

Impact Analysis

Enterprise Ready

Continuous Analysis

Fully Integrated with Your CI/CD Pipeline

On-Prem or Cloud Versions

On-Prem - Self-managed. Install, manage, and maintain on your hardware or host in the cloud yourself. Cloud - Software as a Service (SaaS). JFrog manages, maintains and scales the guaranteed uptime. Xray Cloud uses Kubernetes technology. At this time, only some of AWS (EKS) managed Kubernetes service regions are available. JFrog is working with AWS to enable the other regions as soon as possible. JFrog is also working with Azure (AKS) and Google Cloud Platform (GKE) to make Xray Cloud available on their manage Kubernetes service.

Deep Recursive Scan Through All Layers of an npm package

Xray recursively peels away the different layers of your npm packages and their dependencies ensuring that every software artifact that is included in your software has been scanned for issues and vulnerabilities.

Impact Analysis

When a vulnerability is detected, Xray shows you all the npm packages that contain the infected artifact so you can instantly understand the impact that any vulnerable layer has on all packages in your system.

Enterprise Ready

As scaling complexity grows, the need for composition analysis becomes more important. Xray allows you to drill down or zoom out within your entire components graph and identify the real impact of every violation found. This can help you reduce the cost, time, and risk of delivering changes by allowing for more incremental updates to applications in production. Xray high availability allows you to create an active-active cluster of Xray instances that are easy to install and maintain. Scale your Xray environment to an unlimited number of nodes, that share the load through a load balancer, ensuring optimal performance and uptime. Seamlessly and instantly synchronize all data, configuration, cached objects and scheduled job changes across all cluster nodes.

Continuous Analysis

Even when packages uploaded to your npm repositories in Artifactory are given a clean bill of health, Xray continues to scan them to make sure they are not infected with any new vulnerabilities that are registered with Xray’s global vulnerability database.

Fully Integrated with Your CI/CD Pipeline

Through Xray’s integration with common CI servers, you can stop infected builds from ever getting to your repositories. During the build process, Xray will notify your CI server if an infected artifact is being included in your npm packages so the build can be halted before completion.

Release Fast Or Die

售前咨询

联系电话

010-82023518

免费试用

预约演示