NightVision

Evidence Collection as a Single Source of Truth

NightVision pushes signed DAST and API discovery evidence into JFrog Evidence Collection, binding attestations to artifacts and the Evidence Graph. The evidence travels with builds, centralizing SDLC security proof in JFrog as the single source of truth, streamlining audits, governance, and compliance.

High-Fidelity Scanning & API Discovery

NightVision runs authenticated, high-speed grey-box application vulnerability scans, detecting exploitable issues with code level insights and reproducible proofs.  It also discovers APIs from code to build inventory and OpenAPI specs, mapping the attack service including shadow, zombie, and inactive endpoints. Teams validate real risk early, reduce false positives, and align security signals to the artifacts managed by JFrog.

Policy-Driven Release Gating

With NightVision evidence in JFrog, Release Lifecycle Management can gate promotions on severity thresholds and coverage. Ship only when criteria are met; otherwise block the rollout and surface actionable findings to owners for rapid remediation and re-verification.

CI/CD Automation with JFrog CLI

A pull request triggers NightVision to generate a signed attestation and attach it to the build artifact in the  JFrog Artifactory server via the JFrog CLI. Evidence is available for audits, governance, and downstream promotion policies.