Try JFrog
Guides
Contact SupportTry JFrog
Start typing to search…
  1. xray
  2. Supported Technologies

Java / Kotlin

Introduction

JFrog Xray provides security and compliance analysis for Java / Kotlin applications throughout the software development lifecycle. This page describes the supported scan contexts, package managers, capabilities, and dependency analysis available for Java.

Capabilities

CapabilitySource Code ScanningBinary Scanning
Vulnerability Matching (CVEs)
License Detection
Malicious Package Detection
Operational Risk
Smart Remediation🔜🔜

Source code scanning analyzes your project's dependency manifest files to identify components and their vulnerabilities. This is used by JFrog CLI (jf audit), Frogbot, IDE integrations, and CI pipelines.

Supported Files

Package ManagerSupported Files
Mavenpom.xml
Gradle❌ Not supported
Ivy❌ Not supported

Dependency Graph

Package ManagerDependency Graph
Maven✅ Full (parent-child relationships)

Updated 14 days ago