Deployment Coordinator at a government with 10,001+ employees
Real User
Top 20
2024-02-21T23:09:00Z
Feb 21, 2024
There is a tool called DefectDojo for reporting. Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool.
We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.
Since we have been using the solution via APIs, there are some limitations in the APIs. We've only used it for six months, so we need to explore it more before commenting on any missing features.
Lead Vulnerability Analyst/ DevSec Ops Specialist at a non-profit with 501-1,000 employees
Real User
Top 20
2023-03-10T14:51:43Z
Mar 10, 2023
I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images. There should be a better user experience for customers. Also, site performance sometimes is really slow and this causes issues with automation.
DevOps Engineer Intern at University of Nebraska at Omaha
Real User
2021-06-15T21:20:13Z
Jun 15, 2021
I'd like to see deeper reporting, they're pretty basic and there are no categories for comparing things. I'd also like to see an improvement with the documentation, there's not much available on their website.
What is vulnerability management? Vulnerability management is the meticulous, exhaustive, systematic process implemented to discover any potential threats or vulnerabilities, stop those threats, and repair those vulnerabilities before any serious problems develop with your important operating systems. Vulnerability management also involves fixes and patches to repair those threats and vulnerabilities. It is generally accomplished in combination with additional risk assessment and...
There is a tool called DefectDojo for reporting. Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool.
We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.
Since we have been using the solution via APIs, there are some limitations in the APIs. We've only used it for six months, so we need to explore it more before commenting on any missing features.
I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images. There should be a better user experience for customers. Also, site performance sometimes is really slow and this causes issues with automation.
I'd like to see deeper reporting, they're pretty basic and there are no categories for comparing things. I'd also like to see an improvement with the documentation, there's not much available on their website.