We have the below configurations in the JFrog platform. Please note that we will be pushing the build and scan it as part of a project. For more details on the project, kindly refer to this document.
1. We have first created a project and it will look like below -
2. We have created a virtual, a remote and a local repository and we have clubbed the local and the remote repository to the virtual repository and we will use the virtual repository as an endpoint -
3. Xray configuration has to be done as below -
A. Create a watch and policy before we run the pipeline. Otherwise the XRay scan will not succeed. Please follow the below links for creating the watch and policy –
Create the policy and the rules using this link – https://www.jfrog.com/confluence/display/JFROG/Creating+Xray+Policies+and+Rules
Create the watch and add the repository, build, policies and rules using this link – https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
B. Make sure to enable the below option in the rules of the policy when it is created –
C. Need to include the build in the Indexed Resources in the JFrog platform. However, when the build is first created with the Xray scan step, it will skip the Xray scan step as the build is not included in the Indexed Resources. That’s why it is recommended to include the builds using the Include or Exclude pattern. For this example, the Include pattern is “*/**”. This means the platform will add all the builds that are pushed to the Artifactory, to the Indexed Resources –
For more details on the Index Resources, It is also recommended to go through this KB article – https://jfrog.com/knowledge-base/xray-how-to-index-and-scan-all-builds-in-xray-in-the-unified-platform/
1. We have first created a project and it will look like below -
2. We have created a virtual, a remote and a local repository and we have clubbed the local and the remote repository to the virtual repository and we will use the virtual repository as an endpoint -
3. Xray configuration has to be done as below -
A. Create a watch and policy before we run the pipeline. Otherwise the XRay scan will not succeed. Please follow the below links for creating the watch and policy –
Create the policy and the rules using this link – https://www.jfrog.com/confluence/display/JFROG/Creating+Xray+Policies+and+Rules
Create the watch and add the repository, build, policies and rules using this link – https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
B. Make sure to enable the below option in the rules of the policy when it is created –
C. Need to include the build in the Indexed Resources in the JFrog platform. However, when the build is first created with the Xray scan step, it will skip the Xray scan step as the build is not included in the Indexed Resources. That’s why it is recommended to include the builds using the Include or Exclude pattern. For this example, the Include pattern is “*/**”. This means the platform will add all the builds that are pushed to the Artifactory, to the Indexed Resources –
For more details on the Index Resources, It is also recommended to go through this KB article – https://jfrog.com/knowledge-base/xray-how-to-index-and-scan-all-builds-in-xray-in-the-unified-platform/