DevOps should be an all-powerful omniscient being that extends its all-seeing eye into every crevice of our programming universe to control the hearts and minds of every data engineer and developer on the planet.
Okay, maybe that’s a bit much, lets start again.
JFrog thinks that omniscient DevOps is needed because developers just don’t know enough about what they build and release… and how it impacts production.
Radical DevOps transparency and deep impact analysis
JFrog is aiming to provide a view into deployed code in the Continuous Delivery (CD) pipeline with its fourth and newest product, Xray.
“JFrog Xray is the first universal impact analysis product, giving organisations an unparalleled level of understanding about all of their container images, software packages and binary artifacts, even with the huge volume and variety of components that development teams share in the software build and distribution process,” said the firm, in a press statement.
JFrog Xray includes impact analysis that indicates how production and Continuous Integration (CI) environments are impacted; a full dependencies graph on which users can zoom in to find vulnerability or compliance issues; and an open API that enables integration with all current and future types of component-scanning technology.
JFrog says that Xray is in a position to analyse the relationships between binary artifacts across an entire organisation and the impact that one component has on any other.
In addition to security vulnerabilities, JFrog Xray can also analyze the potential impact of performance issues or architectural changes.
“JFrog Xray responds to a profound pain of our users and the entire software development community with an infinitely expandable way to know everything about every component they’ve ever used in a software project – from build to production to distribution,” said Shlomi Ben Haim, CEO of JFrog.
The black hole of container technology
Ben Haim says that while container technology revolutionised the market and the way people distribute software packages, it is still a ‘black hole’ that always contains other packages and dependencies.
He asserts that the Ops world has a real need for full visibility into these containers, plus an automated way to point out changes that will impact their production environment.
“With JFrog Xray, you can not only scan your container images but also track all dependencies in order to avoid vulnerabilities and optimise your CI/CD flow,” said Ben Haim.
JFrog Xray is a fully automated platform with a REST API allowing integration and automation with an organisation’s CI/CD pipeline, and enabling other inspection and security tools to fit into the full build-to-production automated flow.