JFrog has introduced several enhancements to its Xray security and compliance product, aimed at improving software development lifecycle (SDLC) protection by helping developers fortify software, reduce risk, and streamline compliance. Among the updates are advancements in threat contextual analysis, which prioritize vulnerabilities based on context such as configuration relevancy and patch availability, allowing for faster and more effective remediation. Enhanced vulnerability data now includes enriched CVE information from JFrog’s security research team, providing a deeper understanding of risks. Xray also offers improved Git repository scanning, identifying open-source software dependencies and detecting vulnerabilities and compliance violations, with the ability to trigger automatic responses. Additionally, Xray's Software Bill of Materials (SBOM) capabilities have been strengthened by supporting SPDX and CycloneDX formats, offering comprehensive visibility into software components. The product now integrates with Atlassian's Jira, facilitating automatic ticket creation for security violations, thereby streamlining issue management within developers' existing workflows. These upgrades are part of JFrog's ongoing mission to enhance security and compliance features tailored to the needs of developers, DevOps, and security teams.