Application Services
JFrog Xray
Chkk coverage for JFrog Xray. We provide version recommendations, preflight/postflight checks, and Upgrade Templates—ensuring worry-free operations.
Coverage Matrix
| Chkk Curated Release Notes | v3.17.4 to latest |
| Private Registry | Supported |
| Custom Built Images | Supported |
| Safety, Health, and Readiness Checks | v3.27.3 to latest |
| Supported Packages | Helm, Kustomize, Kube |
| EOL Information | Available |
| Version Incompatibility Information | Available |
| Upgrade Templates | In-Place, Blue-Green |
| Preverification | Available |
JFrog Xray Overview
JFrog Xray is an enterprise-grade software composition analysis (SCA) tool tightly integrated with JFrog Artifactory, enabling continuous artifact and container image scanning for vulnerabilities and license compliance. Xray centralizes vulnerability data and enforces compliance policies at the artifact repository level, allowing proactive risk management across your software supply chain. Supporting various package formats, including Docker, Helm, Maven, and npm, it provides comprehensive visibility into open-source risks. By automatically identifying and mitigating threats, Xray ensures only verified components move through your CI/CD pipeline.Chkk Coverage
Curated Release Notes
Chkk continuously monitors official JFrog Xray release notes, highlighting critical updates, breaking changes, and new features relevant to your environment. Instead of manual parsing, Chkk delivers concise, context-aware summaries, such as compatibility impacts between Xray and Artifactory. This tailored information helps your team anticipate configuration changes and prioritize timely upgrades, avoiding integration disruptions.Preflight & Postflight Checks
Chkk runs comprehensive preflight checks, verifying compatibility between your current Xray and Artifactory versions, detecting deprecated configurations, and confirming resource requirements like storage, memory, and database compatibility. Post-upgrade, Chkk validates service health, confirms artifact scanning resumes correctly, and monitors integration with Artifactory. These automated checks immediately surface issues, such as database migration errors or scanning backlogs, ensuring reliable upgrade outcomes.Version Recommendations
Chkk tracks JFrog Xray’s official support timeline, alerting you proactively when your deployed version approaches end-of-life or lacks critical security updates. Based on JFrog’s guidelines and community feedback, Chkk recommends stable target versions balancing new features and operational stability. This approach helps platform teams avoid running unsupported or incompatible Xray-Artifactory pairs, maintaining compliance and security.Upgrade Templates
Chkk provides detailed Upgrade Templates for both in-place and blue-green strategies, outlining best practices for single-node (in-place) and HA (rolling upgrade) deployments. These templates include step-by-step instructions, validation checkpoints, and rollback procedures, minimizing downtime and reducing human error. Whether performing straightforward upgrades or rolling updates in high-availability clusters, these templates integrate smoothly with your existing GitOps or CI/CD pipelines.Preverification
Chkk’s Preverification runs a full rehearsal of the Xray upgrade process in an isolated environment mirroring your configuration and data. This digital-twin approach detects issues like database migration failures, configuration incompatibilities, or unexpected resource usage before production deployment. By proactively addressing these issues, your team can ensure a smooth and predictable upgrade experience.Supported Packages
Chkk supports multiple installation methods for JFrog Xray, including Helm charts, Docker containers, and native OS packages, aligning with your existing infrastructure practices. It recognizes custom setups like air-gapped deployments or internal registries, ensuring upgrade recommendations and checks respect your specific environment. This flexibility allows platform engineers to maintain consistent Xray management without significant operational changes.Common Operational Considerations
- Artifactory Integration: Ensure exact version compatibility between Xray and Artifactory to prevent scanning failures. Regularly validate connectivity, especially after upgrades or network changes, to promptly detect integration issues.
- Indexing Backlogs: Monitor RabbitMQ queues and Xray logs for indexing backlogs that stall artifact scanning. Address bottlenecks promptly by restarting affected services or scaling analysis workers.
- Storage Thresholds: Track disk usage closely; exceeding the default 80% threshold stops artifact indexing. Plan storage capacity accordingly, adjust usage thresholds, and regularly clear unused data.
- Initial Sync and Updates: Ensure sufficient resources and internet connectivity during Xray’s initial vulnerability database sync. Avoid scanning artifacts until initial sync completion to prevent resource contention and synchronization issues.
- Data Retention: Configure data retention policies to manage database size and performance effectively. Balance historical insight needs with storage costs and performance considerations.
- High Availability & Upgrades: Execute rolling upgrades carefully in HA setups, upgrading nodes individually and verifying each step to prevent conflicts or data corruption. Test upgrades in staging to estimate timing and resource impact accurately.