DevSecOps Engineer at a tech services company with 501-1,000 employees
Real User
Top 20
Sep 12, 2025
I would assess the integration of JFrog Xray with CI/CD tools as the weak point. You have two means to do that: one is using the API, or the other is using the command line from JFrog. That part is a bit of a sensitive topic because somehow you need to adapt your GitLab pipeline and turn them into JFrog pipeline, and this is something they don't really advertise at first—you're obliged to use the JFrog CLI. Apart from this integration aspect, JFrog Xray does the job, but the user experience is not very good. The documentation is really poor. It's not the design; it's not user-friendly at all. You can't find the items in the menus. I think the UI needs improvement. It's not user-friendly, but it works very effectively. Regarding the metrics and dashboards in JFrog Xray, the dashboard is fine, but it's about how you share that dashboard—you need extra permission. You can say each project can have its own dashboard and is responsible for the mistakes or the level of security they want, or you can have a person dedicated to security. At the moment, it's more a permission issue—how you set the permission properly, how do you give access to the dashboard or delegate. This needs improvement.
The UI of JFrog Xray could be improved. There is a dialogue box in the Xray section that doesn't always work properly. When we have given a very long tag, it doesn't work as expected and requires excessive scrolling.
X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL. More support during troubleshooting sessions would also be beneficial.
Deployment Coordinator at a government with 10,001+ employees
Real User
Feb 21, 2024
There is a tool called DefectDojo for reporting. Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool.
We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.
Senior Manager at a comms service provider with 5,001-10,000 employees
Real User
Mar 15, 2023
Since we have been using the solution via APIs, there are some limitations in the APIs. We've only used it for six months, so we need to explore it more before commenting on any missing features.
Lead Vulnerability Analyst/ DevSec Ops Specialist at a government with 201-500 employees
Real User
Mar 10, 2023
I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images. There should be a better user experience for customers. Also, site performance sometimes is really slow and this causes issues with automation.
DevOps Engineer Intern at University of Nebraska at Omaha
Real User
Jun 15, 2021
I'd like to see deeper reporting, they're pretty basic and there are no categories for comparing things. I'd also like to see an improvement with the documentation, there's not much available on their website.
JFrog Xray is a robust solution for managing artifacts and vulnerabilities, integrating with tools like Artifactory to streamline dependency management and ensure security compliance. Recognized for its scalability and stability, it facilitates advanced reporting and license compliance.JFrog Xray provides a comprehensive approach to artifact security and management, seamlessly integrating with CI/CD pipelines. Its deep scanning capabilities are particularly valuable for containerized...
I would assess the integration of JFrog Xray with CI/CD tools as the weak point. You have two means to do that: one is using the API, or the other is using the command line from JFrog. That part is a bit of a sensitive topic because somehow you need to adapt your GitLab pipeline and turn them into JFrog pipeline, and this is something they don't really advertise at first—you're obliged to use the JFrog CLI. Apart from this integration aspect, JFrog Xray does the job, but the user experience is not very good. The documentation is really poor. It's not the design; it's not user-friendly at all. You can't find the items in the menus. I think the UI needs improvement. It's not user-friendly, but it works very effectively. Regarding the metrics and dashboards in JFrog Xray, the dashboard is fine, but it's about how you share that dashboard—you need extra permission. You can say each project can have its own dashboard and is responsible for the mistakes or the level of security they want, or you can have a person dedicated to security. At the moment, it's more a permission issue—how you set the permission properly, how do you give access to the dashboard or delegate. This needs improvement.
The UI of JFrog Xray could be improved. There is a dialogue box in the Xray section that doesn't always work properly. When we have given a very long tag, it doesn't work as expected and requires excessive scrolling.
X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL. More support during troubleshooting sessions would also be beneficial.
There is a tool called DefectDojo for reporting. Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool.
We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.
Since we have been using the solution via APIs, there are some limitations in the APIs. We've only used it for six months, so we need to explore it more before commenting on any missing features.
I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images. There should be a better user experience for customers. Also, site performance sometimes is really slow and this causes issues with automation.
I'd like to see deeper reporting, they're pretty basic and there are no categories for comparing things. I'd also like to see an improvement with the documentation, there's not much available on their website.