JFrog has achieved the Red Hat Vulnerability Scanner Certification for JFrog Xray.
Part of the JFrog DevOps Platform, JFrog Xray provides continuous
scanning for open-source security vulnerabilities and license
compliance.
The
new certification, launched in February 2021, validates how security
software partners use Red Hat security-related data for Red Hat products
and packages. With the certification, organizations using the JFrog
DevOps Platform can experience improved assurance that the security
vulnerability and license compliance data identified by JFrog Xray is
accurate and consistent and that their risk assessment is reliable and
based on trusted, certified sources. This is critical in order to enable
enterprises to adopt DevSecOps practices at scale, and introduce
security and compliance measures early in the delivery process.
To
achieve the certification, JFrog Xray has adopted Red Hat OVAL v2
security data streams and has worked closely with Red Hat to achieve
scanning accuracy for Red Hat published images, including Red Hat base
images.
"JFrog
is proud to be a certified Red Hat Vulnerability Scanner Partner," said
Dror Bereznitsky, Chief Product Officer, JFrog. "Accurately detecting
and mitigating security vulnerabilities threatening enterprises' code
bases as early in the DevOps process as possible is absolutely critical.
We are proud to continue our close collaboration with Red Hat to help
ensure both JFrog and Red Hat users alike benefit from a comprehensive
DevSecOps solution across their entire delivery pipeline."
"JFrog
Xray provides a robust, trusted security solution for open-source
packages," said Lars Herrmann, Vice President, Partner Ecosystems,
Product & Technologies, Red Hat. "The Red Hat Vulnerability Scanner
Certification further solidifies JFrog's commitment to providing the
DevOps community with enterprise-grade DevSecOps capabilities, enabling
organizations to deliver high-quality, trustworthy and more-secure
software, anywhere."
In addition to the Red Hat Vulnerability Scanner Certification for Xray, JFrog has also achieved:
- Red Hat Container Certification for JFrog Artifactory, the industry's universal package manager and container registry.
- Red
Hat OpenShift Operator Certification for both JFrog Artifactory and
JFrog Xray to enhance customer installation and automation.
Users
of JFrog Xray automatically benefit from the new certification on all
hybrid instances of the JFrog DevOps Platform, as well as on all cloud SaaS subscriptions - including the free subscription - offered on the major public clouds.