Runtime Impact
1.2
Support in OpenShift
Added support for OpenShift containers in Self-Hosted and Cloud environments.
1.3
Workload Automation Service
Create event-driven Workers to automate responses to workload changes.
Workers provide a serverless execution environment, triggered by real-time platform events like image updates and security insights.
Mapping Vulnerable Images to Clusters and Workloads
Quickly identify where risks exist in your environment by mapping vulnerable images to affected clusters and workloads.
Use the Live Assessment view to identify and remediate image-based vulnerabilities across workloads and clusters more efficiently.
1.4
AWS Fargate Support
JFrog Runtime now supports AWS Fargate, enabling serverless container execution without managing infrastructure.
Installation options for non-gRPC environments
Added support for configuring the Runtime Service with alternative ingress controllers and REST fallback, along with improved sensor installation options for non-gRPC environments and self-signed certificates.
1.7
Live Assessment Enhancements
- Introducing clearer vulnerability segmentation, including Critical & High CVEs, Applicable CVEs (validated via Contextual Analysis), and Running CVEs for active workloads.
- Previously combined CVE categories are now broken out to provide more actionable, severity-based insights.
- Image details now include richer context such as associated workloads, cluster and namespace details, registry name, repository path, providers, deployer information, and Owners Info (application owners).
Automatic Security Scanning for Runtime-Detected Images
Runtime now automatically scans any container image detected in a Kubernetes cluster. If a runtime-observed image lacks security data, the system automatically indexes and scans it using SCA and Advanced Security scanners. This ensures full, consistent security coverage across all cluster-running images with simple configuration.
1.8
Runtime Role-Based Access Control (RBAC)
JFrog Runtime Security now enforces project-scoped Role-Based Access Control (RBAC) for all runtime-detected container images.
Every image observed at runtime is associated with one or more JFrog Projects based on repository assignment or administrative configuration.
This ensures:
- Platform Admins maintain full visibility across all runtime assets and projects
- Project Admins control access to runtime assets within their assigned projects
- Project Members view only images and runtime data related to their project scope
RBAC significantly reduces cross-team data exposure, enforces least-privilege access, and aligns runtime visibility with organizational ownership boundaries.
AWS ECS Fargate Runtime Scanning Enhancements
JFrog Runtime Security expands its AWS Fargate integration to support secure discovery and runtime scanning of ECS workloads running on both Fargate and EC2 launch types.
Runtime now connects to AWS using dedicated IAM credentials to automatically:
- Discover ECS clusters and running tasks
- Analyze runtime workloads for vulnerabilities and security exposures
- Present centralized visibility across all Fargate-based environments
This enhancement extends runtime security coverage into fully serverless container environments while maintaining least-privilege cloud access and centralized governance.
1.9
Runtime Token Expirtion
Token expiration has been extended from 1 year to 2 years, reducing renewal frequency and improving user experience, with corresponding updates to token validation logic.
gRPC Gateway
Enable gRPC gateway by default.
Helm Charts
Helm Chart Published to the JFrog GitHub Repository.
Automatic Registration Token Updates Without Manual Restarts
Registration tokens mounted from Kubernetes secrets are now refreshed automatically across sensors and controller when the secret changes, eliminating the need for manual restarts.
1.10
Support for Custom Self-Signed Certificates in runtime-service
Added Helm support for custom self-signed CA certificates in the runtime-service. Certificates from a Kubernetes Secret are appended to the system CA bundle and SSL_CERT_FILE is set so outbound TLS trusts internal CAs.
Helm Chart Distribution Path Updated
Updated the runtime Helm chart distribution URL from https://charts.jfrog.io/runtime/ to the root https://charts.jfrog.io/ repository.
Token Expiration Alerts in Cluster Management
Added token expiration alerts to the Cluster Management page, including:
- Pre-expiration warning – displayed 3 months before a cluster token expires, giving users time to rotate credentials.
- Post-expiration alert – displayed after the token has expired, indicating that the cluster is no longer authenticated and may stop functioning correctly.
1.11
Resolved Issues
| Jira | Description |
|---|---|
| RNTM-2733 | Improved user experience and response times through enhanced fast-scaling capabilities. |
| RNTM-2681 | Integrated JFrog’s AI Assistant to enhance guidance, insights, and user productivity. |
1.12
Resolved Issues
| Jira | Decription |
|---|---|
| RNTM-2828 | Added support for remote repositories and multi-architecture images in the AppTrust application. |
1.13
UI Enhancements
Improved the self-hosted sensor installation experience by adding Self-Hosted REST installation step.
1.14
Feature Enhancements
- Added Integrity Violation analysis capabilities with actionable recommendations.
- Added Vulnerability Prioritization capability to the Runtime dashboard, providing Docker image risk prioritization, exposure trend monitoring over time, and an end-to-end investigation flow from Runtime to source code.
Resolved Issues
| Jira | Description |
|---|---|
| RNTM-2882 | Enhanced SCA and Advanced Security scanning capabilities in Runtime. |
1.15
Enhancements
- Added the ability to view all running images affected by a specific CVE. When drilling into a vulnerability, you can now see the full list of related images, not just the top result.
- Resolved an issue where Runtime did not detect vulnerabilities in npm components accessed in monitored Kubernetes containers, by adding npm package vulnerability detection and Xray correlation support.
Resolved Issues
| Jira | Description |
|---|---|
| RNTM-3059 | Resolved an issue where deployments using Azure external databases failed when the database username contained an @servername suffix, by adding separate database name configuration support in the Helm chart unified secret. |
| RNTM-2917 | Resolved an issue where the image detail view could show inconsistent cluster and namespace data compared to the Live Assessment overview, caused by different underlying data sources. |
1.16
Enhancements
- Added Kubernetes pod label support to Runtime, enabling filtering of workloads, images, and process groups by pod labels, with pod label details and autocomplete support in filter fields.
Resolved Issues
| Jira | Description |
|---|---|
| RNTM-3063 | Resolved an issue where the namespace filter was silently ignored when querying image tags, causing results to include images from all namespaces instead of only the filtered ones. |
1.17
Resolved Issues
| Jira | Description |
|---|---|
| RNTM-3165 | Resolved an issue where the Validated in Runtime count in the Vulnerability Prioritization panel on Xray Overview showed 0, despite vulnerabilities being validated in the Runtime Live Assessment page. |
Updated 16 minutes ago