Try JFrog
Guides
Contact SupportTry JFrog
Start typing to search…
  1. Get Started
  2. JFrog Security Workshop

Xray Workshop


This workshop provides a guided, hands-on introduction to JFrog Xray and its role in a modern DevSecOps workflow.

Xray enables organizations to continuously analyze software components for security vulnerabilities, license compliance, and operational risk across the software development lifecycle. Because Xray can actively enforce policies and impact builds and downloads, it should be introduced in a structured and deliberate way.

This workshop follows a phased approach used by JFrog Customer Success teams to help organizations adopt Xray safely, build confidence, and scale enforcement over time.

What you’ll accomplish in this workshop

By the end of this workshop, you will be able to:

  • Understand where JFrog Xray fits in the DevSecOps lifecycle
  • Plan a structured rollout aligned with organizational goals
  • Configure Xray and connect it to key SDLC touchpoints
  • Run Xray in notification mode to evaluate policy impact
  • Enforce security and license policies in a controlled manner
  • Operate Xray as part of ongoing DevSecOps practices

Who this workshop is for

This workshop is intended for:

  • Security and DevSecOps teams
  • Platform and CI/CD administrators
  • Technical owners responsible for software supply chain security

It assumes familiarity with Artifactory and CI/CD pipelines, but does not require prior experience with JFrog Xray.

Before you begin

Before starting this workshop, ensure that:

  • JFrog Xray is available in your environment
  • Artifactory repositories and builds are accessible
  • You have permissions to configure security policies and watches
  • You have a non-production or limited-scope environment for evaluation

How this workshop is structured

This workshop is divided into sequential parts. Each part represents a recommended phase in a real-world Xray rollout and builds on the previous one.

Workshop flow:

  • Understand Xray and DevSecOps concepts
  • Plan your Xray rollout
  • Prepare and configure Xray
  • Run Xray in notification mode (dry run)
  • Enforce policies and monitor risk
  • Operate Xray as part of DevSecOps
  • Decide what to do next

Ready to begin?

Start with Part 1: Xray and DevSecOps Overview


Updated 3 months ago