Open mcandre opened 1 week ago
Hi @mcandre, thanks for approaching us.
Our security offerings - including Xray, CLI scans, etc - are depending on having an active JFrog subscription. As of today, all of our available subscriptions that include security capabilities also come with Artifactory. Therefore, Xray scans cannot happen without having Artifactory in your organization. Keep in mind that in order to perform security scans you are required to provide the platform URL - mostly for license verification.
Offering Xray without the JFrog Platform is not in our plans.
Please let me know if there's something else I can help with.
A significant amount of software components, including components used as dependencies in proprietary projects, are FOSS. Free tiers of more security analysis tools for FOSS projects would dramatically improve the security posture of the software industry as a whole.
Is your feature request related to a problem? Please describe.
I want to run X-Ray scans without depending on either Artifactory or GitHub Actions.
Describe the solution you'd like to see
Provide a free Artifactory URL endpoint and default jf CLI to target that.
Describe alternatives you've considered
Snyk