DevSecOps Engineer at a tech services company with 501-1,000 employees
Real User
2025-09-12T06:56:16Z
Sep 12, 2025
I would assess the integration of JFrog Xray with CI/CD tools as the weak point. You have two means to do that: one is using the API, or the other is using the command line from JFrog. That part is a bit of a sensitive topic because somehow you need to adapt your GitLab pipeline and turn them into JFrog pipeline, and this is something they don't really advertise at first—you're obliged to use the JFrog CLI. Apart from this integration aspect, JFrog Xray does the job, but the user experience is not very good. The documentation is really poor. It's not the design; it's not user-friendly at all. You can't find the items in the menus. I think the UI needs improvement. It's not user-friendly, but it works very effectively. Regarding the metrics and dashboards in JFrog Xray, the dashboard is fine, but it's about how you share that dashboard—you need extra permission. You can say each project can have its own dashboard and is responsible for the mistakes or the level of security they want, or you can have a person dedicated to security. At the moment, it's more a permission issue—how you set the permission properly, how do you give access to the dashboard or delegate. This needs improvement.
The UI of JFrog Xray could be improved. There is a dialogue box in the Xray section that doesn't always work properly. When we have given a very long tag, it doesn't work as expected and requires excessive scrolling.
X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL. More support during troubleshooting sessions would also be beneficial.
Deployment Coordinator at a government with 10,001+ employees
Real User
Top 20
2024-02-21T23:09:00Z
Feb 21, 2024
There is a tool called DefectDojo for reporting. Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool.
We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.
Since we have been using the solution via APIs, there are some limitations in the APIs. We've only used it for six months, so we need to explore it more before commenting on any missing features.
Lead Vulnerability Analyst/ DevSec Ops Specialist at a government with 201-500 employees
Real User
2023-03-10T14:51:43Z
Mar 10, 2023
I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images. There should be a better user experience for customers. Also, site performance sometimes is really slow and this causes issues with automation.
DevOps Engineer Intern at University of Nebraska at Omaha
Real User
2021-06-15T21:20:13Z
Jun 15, 2021
I'd like to see deeper reporting, they're pretty basic and there are no categories for comparing things. I'd also like to see an improvement with the documentation, there's not much available on their website.
JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing...
I would assess the integration of JFrog Xray with CI/CD tools as the weak point. You have two means to do that: one is using the API, or the other is using the command line from JFrog. That part is a bit of a sensitive topic because somehow you need to adapt your GitLab pipeline and turn them into JFrog pipeline, and this is something they don't really advertise at first—you're obliged to use the JFrog CLI. Apart from this integration aspect, JFrog Xray does the job, but the user experience is not very good. The documentation is really poor. It's not the design; it's not user-friendly at all. You can't find the items in the menus. I think the UI needs improvement. It's not user-friendly, but it works very effectively. Regarding the metrics and dashboards in JFrog Xray, the dashboard is fine, but it's about how you share that dashboard—you need extra permission. You can say each project can have its own dashboard and is responsible for the mistakes or the level of security they want, or you can have a person dedicated to security. At the moment, it's more a permission issue—how you set the permission properly, how do you give access to the dashboard or delegate. This needs improvement.
The UI of JFrog Xray could be improved. There is a dialogue box in the Xray section that doesn't always work properly. When we have given a very long tag, it doesn't work as expected and requires excessive scrolling.
X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL. More support during troubleshooting sessions would also be beneficial.
There is a tool called DefectDojo for reporting. Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool.
We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.
Since we have been using the solution via APIs, there are some limitations in the APIs. We've only used it for six months, so we need to explore it more before commenting on any missing features.
I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images. There should be a better user experience for customers. Also, site performance sometimes is really slow and this causes issues with automation.
I'd like to see deeper reporting, they're pretty basic and there are no categories for comparing things. I'd also like to see an improvement with the documentation, there's not much available on their website.