QuickStart Guide: Go

Get Started with the JFrog Platform

ft:sourceType
Paligo

Overview

Start Working with the JFrog Platform

The purpose of this guide is to easily get you started with your JFrog cloud or self-hosted instance. Going through the steps below will introduce you to some of the basic functionality of the JFrog Platform and these JFrog solutions that are included with your subscription:

  1. JFrog Artifactory: Universal package management supporting all major packaging formats, build tools, and CI servers.Package Management

  2. JFrog Xray: Open source security scanning and license compliance enabling DevSecOps and ensuring application security throughout your SDLC.Software Composition Analysis

  3. JFrog CLI: Compact client, developed to enhance and simplify command line interactions with JFrog products. JFrog CLI commands will deploy, resolve and upload multiple artifacts in parallel.

This guide is customized for Go users, and will create a go webserver.

Note

Be sure to follow the guide and use the default names provided.

Before You Start

Here’s what you’ll need:

Step 1: Login to Your Environment

Login using the credentials provided to you by email, or any other administrator user created after login.

Step 2: Build and Run Your Go Project

Go is a great language for creating simple yet efficient web servers and web services. It provides a built-in HTTP package that contains utilities for quickly creating a web or file server.

  1. Fork the JFrog DevRel GitHub repository. Here you will find the JFrog Go challenge repository, containing the Go project.

  2. Move to the project directory and run the build command:

    $ go build challenge.go
  3. Run thechallengeexecutable file to start the webserver on port 9090.

    ./challenge
  4. Openhttp://localhost:9090to check the webserver.

Step 3: Add Repositories and Artifacts

This step will walk you through creating a Go repository type and uploading your go project, allowing you to use Artifactory as your artifact repository. You can then follow the instructions to create other types of repositories, such as Maven, npm, and Docker.

  1. Navigate to the Administration Module. Expand the Repositories menu and click on the Repositories menu item.

  2. Create 3 new Go package type repositories:

    1. Add a new Local Repository with the Repository Key “go-challenge-local” and keep the rest of the default settings.

    2. Click on the Remote tab and add a new Remote Repository with the Repository Key “go-challenge-remote” and keep the rest of the default settings.

    3. Click on the Virtual tab and add a new Virtual Repository with the Repository Key “go-challenge”.

      • Add the local and remote Go repositories you just created.

  3. Configure JFrog CLICLI, a smart client that provides a simple interface that automates access to JFrog products simplifying our automation scripts.

    1. Configure the Artifactory server.

      $ jfrog rt c
    2. Configure the project's Go repositories using the command:

      $ jfrog rt go-config
  4. Take the following steps to build the project with Go and resolve the project dependencies from Artifactory.

    1. CD to the root project directory

    2. Build the project with go and resolve the project dependencies from Artifactory.

      $ jfrog rt go build --build-name=go-challenge-build --build-number=1
    3. Publish version v1.0.0 of the package to the go-challenge-local repository in Artifactory.

      $ jfrog rt gp go-challenge v1.0.0 --build-name=go-challenge-build --build-number=1
    4. Collect environment variables and add them to the build info.

      $ jfrog rt bce go-challenge-build 1
    5. Publish the build info to Artifactory

      $ jfrog rt bp go-challenge-build 1
  5. Navigate to the Application Module, in the Platform UI, expand the Artifactory menu and click the Artifacts menu item. Here you’ll be able to see the details of your new artifacts.

    Go Artifact.png

Step 4: Scan for OSS Security Vulnerabilities and Compliance

This step will walk you through defining a Policy, assigning it to a Watch, selecting a repository to monitor, and running your scan!

  1. Navigate to the Administration Module.

  2. Click the Xray Security & Compliance menu and the Indexed Resources menu item.

  3. Add your “go-challenge-local”, “go-challenge-remote” repositories to your indexed resources by clicking Add a Repository.

    Indexed Resources.gif
  4. Define a security policy that you will later enforce in a watch.

    • Navigate to the Application module, expand the Security & Compliance menu and click the Policies menu item.

      Security and Compliance_Policies.png
    • Create a new policy called “go-security”, of type Security, with a rule called “go-high-severities” set with High-Severities.

  5. Define a watch that includes your new security policy. A watch provides context to a policy by assigning it to resources such as repositories.

    • Navigate to the Application module, expand the Security & Compliance menu and click the Watches menu item.

    • Create a new watch called “sample-watch”, with your 2 repositories (“go-challenge-local” and “go-challenge-remote”) and your “go-security” policy assigned to it by clicking Manage Policies.

      Note

      Watches, Policies & Rules

      Policies allow us to define security and license compliance behaviors specific to your organization. Once they are defined, they are enforced by applying them to Watches. Rules define the behaviors that we want to enforce.

  6. Run your scan by hovering over your watch and clicking Apply on Existing ContentConfiguring Xray Watches to trigger itmanually.

    Tip

    The Xray scan may take some time to complete and show the vulnerabilities results. You can return to this step later to see your vulnerabilities.

  7. View any discovered vulnerabilities by clicking on your watch.

Congratulations! You’re all set and ready to continue exploring the JFrog Platform.

Learn More

Now that you’re familiar with the basic functionality of the JFrog Platform and the solutions included in your subscription, here are some useful resources to continue learning and exploring the Platform.

Documentation Resources

Other Resources