One of the main advantages that containers possess over traditional virtualization software is that they’re simpler in design and provide more operational flexibility as a result. But the same can’t necessarily be said for the workload running inside a Docker instance, which is usually some mix of application components, automation processes and various other scaffolding. JFrog Inc. wants to help developers cut through this complexity with a new analysis tool that is capable of quickly distinguishing the individual piece-parts to produce detailed a bill of materials.

Xray, as the software is called, thereby makes it possible to easily examine the dependencies of a container for issues that might make it harder to implement a configuration or code change. The tool also provides visibility into the operational consequences of making the change, as well as any risks that might arise from introducing the Docker image into the user’s production environment. For the latter function, organizations can tap the capabilities of third party analysis solutions via Xray’s built-in REST API.

A company that wants to prevent its developers from using outdated and insecure software packages, for instance, might plug the tool into the VersionEye plugin for Maven. And Xray can similarly integrate with security software like FireEye to find more subtle vulnerabilities that may also create an opening for hackers. The tool is able to perform its task directly in the repository where a company keeps its software components, which enables developers to take advantage of the increased security without having to change or slow down their workflows.

JFrog will be showcasing Xray at its swampUP user conference in Napa, California today and tomorrow. The tool is set to become generally available on June 30.

Image via StockSnap