Observability and Search

JFrog Xray provides a comprehensive set of tools for gaining visibility into the security posture of your software supply chain and for quickly locating affected resources when new threats emerge. Whether you need to export scan data for a single artifact, generate aggregated reports across your organization, or trace the blast radius of a newly disclosed vulnerability, the capabilities in this section help you stay informed and respond effectively.

Export Scan Results

Export detailed scan data directly from individual artifact scans. Xray supports exporting results for vulnerabilities, license compliance, policy violations, SBOM (in both SPDX and CycloneDX formats), and operational risk. Exports are available in multiple formats and can be used for auditing, compliance evidence, or integration with external tools.

Reports

Generate aggregated, organization-wide reports that span across repositories, builds, release bundles, and projects. Xray Reports cover vulnerabilities, legal compliance, policy violations, operational risk, and exposures. Reports can be scheduled on a recurring basis, shared via email, and explored through interactive dashboards with drill-down capabilities. They are accessible from both the JFrog Platform UI and the REST API.

Impact Search

Quickly identify which artifacts across your organization are affected by a specific vulnerability or contain a particular software package. Impact Search enables security and DevOps teams to assess exposure, trace dependencies, and prioritize remediation, especially during zero-day response scenarios. Results include resource details, repository locations, and last scan timestamps.