When was the last time you closed off a sprint, happily marking all user stories as DONE and uploaded the build to your staging environment only to find out the build was riddled with security vulnerabilities. Hmm…there’s a point for discussion in your sprint retrospective, and now it’s time to redo your sprint planning for the next sprint.
You can’t have any vulnerabilities in your builds.
Xray’s new release can make this kind of scenario a thing of the past. From version 1.6, Xray works closely with Artifactory (from v4.16) and the Jenkins Artifactory Plugin (from v2.9.0) allowing you to automatically fail a Jenkins build job if it uploaded a build with vulnerabilities to Artifactory.
Through this integration, you can get the earliest possible warning that your build or its dependencies have vulnerabilities, and prevent it from getting through your pipeline to production systems. Now, you may not want all your developers to run a scan on every build they run. That might hinder their progress and place limitations on them too early in the game, however, including a scan by Xray on your nightly build that includes the freshly committed code of all developers in a project gives you early warning signals on a daily basis.
JFrog Xray CI/CD integration currently works with Jenkins CI, but watch this space to see when more CI servers are added.
[Update: As of Xray version 1.8 Xray CI/CD integration also works with JetBrains TeamCity]
Want to learn more about how this integration works? Check out the JFrog Xray User Guide.
Want to learn how to configure Jenkins Artifactory Plugin? Check out the plugin documentation.
Want to learn what you need to do in Artifactory? Well, nothing. Artifactory plays its part seamlessly and automatically. You don’t need to configure anything.