<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>CVE on Software Factory</title><link>/tags/cve/</link><description>Recent content in CVE on Software Factory</description><generator>Hugo</generator><language>en</language><atom:link href="/tags/cve/index.xml" rel="self" type="application/rss+xml"/><item><title>JFrog Xray Vulnerability Scan</title><link>/use/howto/secure/jfrog-xray-vulnerabilties/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/use/howto/secure/jfrog-xray-vulnerabilties/</guid><description>&lt;h2 id="overview"&gt;Overview&lt;a class="td-heading-self-link" href="#overview" aria-label="Heading self-link"&gt;&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;Xray detects known &lt;a href="/use/practices/secure/software-composition-analysis/vulnerability/"&gt;vulnerabilities&lt;/a&gt;
 (CVEs) in the components of your repositories, builds
and release bundles.&lt;/p&gt;
&lt;p&gt;It identifies each component, maps it to known vulnerabilities from public and proprietary sources
and lets you enforce security policies using &lt;strong&gt;policies&lt;/strong&gt; and &lt;strong&gt;watches&lt;/strong&gt; mechanism.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;For background on how Xray works, see &lt;a href="/use/tools/xray/"&gt;Xray Page&lt;/a&gt;
.&lt;/li&gt;
&lt;li&gt;For license compliance, see &lt;a href="/use/tools/xray/#license-compliance"&gt;Xray License Scanning&lt;/a&gt;
.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2 id="prerequisites"&gt;Prerequisites&lt;a class="td-heading-self-link" href="#prerequisites" aria-label="Heading self-link"&gt;&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;Before you start, make sure you have:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Access to a JFrog Platform instance with &lt;strong&gt;Xray&lt;/strong&gt; enabled&lt;/li&gt;
&lt;li&gt;A dedicated &lt;strong&gt;Project&lt;/strong&gt;.&lt;/li&gt;
&lt;li&gt;A role with &lt;strong&gt;Manage Xray Data&lt;/strong&gt;, &lt;strong&gt;Manage Watches &amp;amp; Policies&lt;/strong&gt; and &lt;strong&gt;Manage Reports&lt;/strong&gt; permission
within that project.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;JFrog CLI&lt;/strong&gt; installed and configured&lt;/li&gt;
&lt;/ul&gt;
&lt;h2 id="create-a-vulnerability-policy"&gt;Create a vulnerability policy&lt;a class="td-heading-self-link" href="#create-a-vulnerability-policy" aria-label="Heading self-link"&gt;&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;A policy defines what counts as a violation and what action Xray takes when one is found.&lt;/p&gt;</description></item></channel></rss>