Products/Concepts
JFrog Security products work together to secure the software supply chain across development, CI/CD, artifact management, and runtime environments. This section provides high-level overviews of each security product and the core concepts that apply consistently across the JFrog Platform.
Use this page to orient yourself and navigate to the areas most relevant to your role or use case.
| Area | Description | Learn more |
|---|---|---|
| Source Code | Secures first-party code early in the SDLC by identifying vulnerabilities and security issues during development and CI. | Source Code Security |
| Catalog | Provides visibility into packages and components used across the organization, enabling governance and policy enforcement. | Catalog |
| Curation | Controls which open-source packages can be used by enforcing security and license policies before packages are downloaded. | Curation |
| Xray | Detects vulnerabilities, license compliance issues, and malicious content in artifacts, builds, and dependencies. | Xray |
| Advanced Security | Extends security coverage beyond CVE scanning with capabilities such as secrets detection, infrastructure-as-code scanning, and contextual prioritization. | Advanced Security |
| Runtime Security | Monitors running applications to detect suspicious behavior and potential exploitation in production environments. | Runtime |
Where to go next
- If you want to get hands-on, start with a product onboarding guide such as Xray Workshop or Curation Workshop.
- If you want to understand how security decisions are made, explore the core concepts such as Policies, SBOM, and Enforcement.
- If you’re new to JFrog Security terminology, refer to the Glossary for concise definitions used throughout the documentation.
Updated 2 months ago