JFrog’s Solution for Open Source Security, JFrog Xray, Achieves Red Hat Vulnerability Scanner Certification

Certification Ensures Vulnerability Risk Assessments for JFrog Customers Are More Accurate and Consistent

JFrog Ltd. (“JFrog”) (NASDAQ: FROG), the liquid software company, has achieved the Red Hat Vulnerability Scanner Certification for JFrog Xray. Part of the JFrog DevOps Platform, JFrog Xray provides continuous scanning for open-source security vulnerabilities and license compliance.

The new certification, launched in February 2021, validates how security software partners use Red Hat security-related data for Red Hat products and packages. With the certification, organizations using the JFrog DevOps Platform can experience improved assurance that the security vulnerability and license compliance data identified by JFrog Xray is accurate and consistent and that their risk assessment is reliable and based on trusted, certified sources. This is critical in order to enable enterprises to adopt DevSecOps practices at scale, and introduce security and compliance measures early in the delivery process.

To achieve the certification, JFrog Xray has adopted Red Hat OVAL v2 security data streams and has worked closely with Red Hat to achieve scanning accuracy for Red Hat published images, including Red Hat base images.

“JFrog is proud to be a certified Red Hat Vulnerability Scanner Partner,” said Dror Bereznitsky, Chief Product Officer, JFrog. “Accurately detecting and mitigating security vulnerabilities threatening enterprises’ code bases as early in the DevOps process as possible is absolutely critical. We are proud to continue our close collaboration with Red Hat to help ensure both JFrog and Red Hat users alike benefit from a comprehensive DevSecOps solution across their entire delivery pipeline.

“JFrog Xray provides a robust, trusted security solution for open-source packages,” said Lars Herrmann, Vice President, Partner Ecosystems, Product & Technologies, Red Hat. “The Red Hat Vulnerability Scanner Certification further solidifies JFrog’s commitment to providing the DevOps community with enterprise-grade DevSecOps capabilities, enabling organizations to deliver high-quality, trustworthy and more-secure software, anywhere.”

In addition to the Red Hat Vulnerability Scanner Certification for Xray, JFrog has also achieved:

• Red Hat Container Certification for JFrog Artifactory, the industry’s universal package manager and container registry.

• Red Hat OpenShift Operator Certification for both JFrog Artifactory and JFrog Xray to enhance customer installation and automation.

Users of JFrog Xray automatically benefit from the new certification on all hybrid instances of the JFrog DevOps Platform, as well as on all cloud SaaS subscriptions ͢͢͢—including the free subscription — offered on the major public clouds.