I like how JFrog Xray and Artifactory go well together. If you have everything in Artifactory, then the entire process of onboarding a project becomes very easy with JFrog Xray. You have to start the indexing, and you're good to go. People use a lot of Artifactory storage systems, but that's not really how it should be.

If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first. It helps you prioritize things for your project.

JFrog Xray's reporting feature has a lot of options in it, including scanning. Long back, when we got a Java issue regarding remote code execution, I forgot the whole vulnerability issue. But these reports helped us to go through different dependencies. It can even go deep into the docker files and find out vulnerabilities. Other scanning tools won't go deep into this docker file or any other ZIP-related files and give us a complete account of vulnerabilities.

JFrog Xray has many policies, settings, and rules embedded.

JFrog's Artifactory contains all the dependency files. For instance, if a team is developing an application using Java, they might require certain dependency files. They can obtain all the artifacts from JFrog's Artifactory without accessing the internet, which securely stores these files. The application can retrieve the necessary files from there. Xray is a tool designed to ensure that all artifacts within JFrog's Artifactory are clean. It scans for vulnerabilities and flags them. Based on predefined rules that could potentially harbor vulnerabilities, the Accelerator tool notifies the development team, enabling them to review and fix any issues in the library.

The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy.

The features I found most valuable are the watch policies and the ability to block vulnerabilities from getting into our environment.

The quality of scanning has been good. Its reporting is good. 

It's very clear and understandable.

The solution is stable and reliable.

We find the product the be easy to set up.

It is scalable.

The pricing is reasonable. 

I would say the reporting functionalities are pretty good as are the policy watches. I like them a lot.