Overview
Start Working with the JFrog Platform
The purpose of this guide is to easily get you started with your JFrog cloud or self-hosted instance. Going through the steps below will introduce you to some of the basic functionality of the JFrog Platform and these JFrog solutions that are included with your subscription:
JFrog Artifactory: Universal package management supporting all major packaging formats, build tools, and CI servers.
JFrog Xray: Open source security scanning and license compliance enabling DevSecOps and ensuring application security throughout your SDLC.
JFrog CLI: Compact client, developed to enhance and simplify command line interactions with JFrog products. JFrog CLI commands will deploy, resolve and upload multiple artifacts in parallel.
This guide is customized for Go users, and will create a go webserver.
Note
Be sure to follow the guide and use the default names provided.
Before You Start
Here’s what you’ll need:
Step 1: Login to Your Environment
Login using the credentials provided to you by email, or any other administrator user created after login.
Step 2: Build and Run Your Go Project
Go is a great language for creating simple yet efficient web servers and web services. It provides a built-in HTTP package that contains utilities for quickly creating a web or file server.
Fork the JFrog DevRel GitHub repository. Here you will find the JFrog Go challenge repository, containing the Go project.
Move to the project directory and run the build command:
$ go build challenge.go
Run thechallengeexecutable file to start the webserver on port 9090.
./challenge
Openhttp://localhost:9090to check the webserver.
Step 3: Add Repositories and Artifacts
This step will walk you through creating a Go repository type and uploading your go project, allowing you to use Artifactory as your artifact repository. You can then follow the instructions to create other types of repositories, such as Maven, npm, and Docker.
Navigate to the Administration Module. Expand the Repositories menu and click on the Repositories menu item.
Create 3 new Go package type repositories:
Add a new Local Repository with the Repository Key “go-challenge-local” and keep the rest of the default settings.
Click on the Remote tab and add a new Remote Repository with the Repository Key “go-challenge-remote” and keep the rest of the default settings.
Click on the Virtual tab and add a new Virtual Repository with the Repository Key “go-challenge”.
Add the local and remote Go repositories you just created.
Configure JFrog CLICLI, a smart client that provides a simple interface that automates access to JFrog products simplifying our automation scripts.
Configure the Artifactory server.
$ jfrog rt c
Configure the project's Go repositories using the command:
$ jfrog rt go-config
Take the following steps to build the project with Go and resolve the project dependencies from Artifactory.
CD to the root project directory
Build the project with go and resolve the project dependencies from Artifactory.
$ jfrog rt go build --build-name=go-challenge-build --build-number=1
Publish version v1.0.0 of the package to the go-challenge-local repository in Artifactory.
$ jfrog rt gp go-challenge v1.0.0 --build-name=go-challenge-build --build-number=1
Collect environment variables and add them to the build info.
$ jfrog rt bce go-challenge-build 1
Publish the build info to Artifactory
$ jfrog rt bp go-challenge-build 1
Navigate to the Application Module, in the Platform UI, expand the Artifactory menu and click the Artifacts menu item. Here you’ll be able to see the details of your new artifacts.
Step 4: Scan for OSS Security Vulnerabilities and Compliance
This step will walk you through defining a Policy, assigning it to a Watch, selecting a repository to monitor, and running your scan!
Navigate to the Administration Module.
Click the Xray Security & Compliance menu and the Indexed Resources menu item.
Add your “go-challenge-local”, “go-challenge-remote” repositories to your indexed resources by clicking Add a Repository.
Define a security policy that you will later enforce in a watch.
Navigate to the Application module, expand the Security & Compliance menu and click the Policies menu item.
Create a new policy called “go-security”, of type Security, with a rule called “go-high-severities” set with High-Severities.
Define a watch that includes your new security policy. A watch provides context to a policy by assigning it to resources such as repositories.
Navigate to the Application module, expand the Security & Compliance menu and click the Watches menu item.
Create a new watch called “sample-watch”, with your 2 repositories (“go-challenge-local” and “go-challenge-remote”) and your “go-security” policy assigned to it by clicking Manage Policies.
Note
Watches, Policies & Rules
Policies allow us to define security and license compliance behaviors specific to your organization. Once they are defined, they are enforced by applying them to Watches. Rules define the behaviors that we want to enforce.
Run your scan by hovering over your watch and clicking Apply on Existing Content
to trigger itmanually.Tip
The Xray scan may take some time to complete and show the vulnerabilities results. You can return to this step later to see your vulnerabilities.
View any discovered vulnerabilities by clicking on your watch.
Congratulations! You’re all set and ready to continue exploring the JFrog Platform.
Learn More
Now that you’re familiar with the basic functionality of the JFrog Platform and the solutions included in your subscription, here are some useful resources to continue learning and exploring the Platform.
Documentation Resources
JFrog Platform: JFrog Platform Overview, Application Module, Administration Module, REST API
JFrog Artifactory: Package Management, Browsing Artifacts, Go Registry
JFrog Xray: Indexing Resources, Creating Xray Policies and Rules, Configuring Xray Watches
Administration: Identity and Access
Tools & Integrations: CLI for JFrog Artifactory, JFrog CLI, IDE Integration
Other Resources
Free, self-paced training for JFrog solutions at the JFrog Academy
Get introduced to the JFrog Platform capabilities