First, make sure both Artifactory and Xray have been installed in the right environment. If you're setting up this demo in JFrog Cloud, you should already be all set and ready to go.
If you're setting things up in a self-hosted environment, you'll need to use a Helm installation, JFrog Advanced Scan mainly supports Helm installations. It is recommended to also set up Artifactory and Xray with helm too.
Instructions on how to install Artifactory on Helm can be found here and for Xray here. Then, please install and set up JAS so it is connected to Xray and ready to scan.
Next, it's time to set up Xray to scan packages, and Artifactory to pull Docker images. Details on how to do this for the first time are covered in this on-boarding guide.
In short, you have to set up a remote Docker repository and then pull the WebGoat image through it to cache it in Artifactory. Xray can then scan the image after its database has been loaded with vulnerability data.
If you're setting things up in a self-hosted environment, you'll need to use a Helm installation, JFrog Advanced Scan mainly supports Helm installations. It is recommended to also set up Artifactory and Xray with helm too.
Instructions on how to install Artifactory on Helm can be found here and for Xray here. Then, please install and set up JAS so it is connected to Xray and ready to scan.
Next, it's time to set up Xray to scan packages, and Artifactory to pull Docker images. Details on how to do this for the first time are covered in this on-boarding guide.
In short, you have to set up a remote Docker repository and then pull the WebGoat image through it to cache it in Artifactory. Xray can then scan the image after its database has been loaded with vulnerability data.