August 2022

JFrog Hosting Models Documentation

Content Type
User Guide





Selecting a Specific GPG Key to Sign a Release Bundle Version

When signing a Release Bundle version, you can now choose the signing key to use to sign the version through the Distribution UI (key selection was previously supported only through the APIs).

Release Bundles UI Enhancements

  • Added a new filter search and the total count for both Distributable and Received Release Bundles.

  • From this release, the checkbox Auto create missing repositories is displayed for all Release Bundle distributions, replacing the Target Repository Auto-Creation checkbox (the functionality remains the same).

Storage Trends Label Update

The % change label in Insights has been updated to % change in space in the Storage Graph when you click on the Growth tab in the Storage Trends drill down.

Security & Compliance

New Scans List

The Scans List page combines the Xray scans list into a single screen and enables you to view details for repositories, builds, release bundles, and packages. For each of these items, you can drill down further to view thePolicy Violations, software components, and security issues. We've also added REST API support for this feature

Ignore Rules Improvement

When an ignore rule expires or is deleted, in some cases, it requires a manual rescan for the violations to reappear. Xray will now automatically rescan for violations if the number of artifacts impacted by the ignore rule is less than 50. The number is limited to avoid any performance impact. A full rescan may still be required for expired ignore rules that impact a large number of artifacts.

Improved Impact Analysis Performance

Introduced the following performance improvements:

  • When a new vulnerability is published or when its data is updated, the impact on your artifacts is analyzed and the results are updated. This may cause performance issues when there are many artifacts and components. To avoid performance issues the impacts analysis process is now only applied on High Profile CVEs and will no longer be applied on all CVEs.

  • When the license for a package is updated in Xray's DB, the new information is reflected only on scanned artifacts (or rescanned) after the DB is updated.


New UI enabled by default

The Pipeline and Run views now use the new UI by default. The new look and feel were introduced in June 2022. If required, you have the option of switching to the old UI.

Native Steps Enhancements

  • All Pipelines native steps now support JFrog CLI v2.

  • DockerBuild native step now supports multiple Image and FileSpec resource inputs.

  • Pipelines now allows other step types between DockerBuild and DockerPush native steps. These steps must still be in the same affinity group.

  • Added optional namespace setting in the configuration section of HelmDeploy native step.

Logstash Integration to reqKick

Added build node and Logstash integration for Pipelines agent logs.

Branch Dropdown Wildcard Support

In the Pipeline dashboard, the branch and pipeline dropdown now supports wildcard searchs.

Test Tab Enhancements

In the Run view, the test tab has been enhanced as follows:

  • Shows the test results summary, with an aggregate count for Success, Failure, Error, and Skipped

  • Includes a tab for each of the test results section - Success, Failure, Error, and Skipped and each tab:

    • Includes a list of test suites and test cases with the test name, duration, and path details

    • Shows a summary of test statuses (Success, Failure, Error, and Skipped) at the test suite level

    • Shows error messages for error and failure tests

Re-Trigger Run Option

The Run view now includes a re-trigger button, which enables you re-trigger any run using either the run's original settings or customized settings.

YAML Validator

Pipelines introduced the YAML Validator, which enables you to validate your YAMLs before committing them to the SCM. The YAML validator can be used to validate your YAMLs for both semantic and syntactic errors.

Native Steps Enhanced to Utiliize Affinity Groups

A new get_affinity_group_step_names utility function has been introduced to find steps of a particular type in the same affinity group. In addition, NpmBuild and NpmPublish, and GoBuild and GoPublishBinary native steps will now store files locally when in the same affinity group to reduce the time required to run these steps.

Global Environment Variable in Pipelines

Pipelines now provides the ability to expose Global Environment Variables to the entire Pipelines ecosystem. The global environment variables are available for use in runs and steps.

Hello World OOTB Template

A new global template called HelloWorld is now available for use out of the box. The template showcases a few of the basic features of Pipelines:

  • Parallel steps

  • Reading and writing variables that persist across different steps in your pipeline

  • Reading from and writing to resources

  • Setting environment variables

  • Optional GitRepo resource so that users can experiment via the values.yml

Additionally, a sample pipeline that uses this template will be pre-installed for Pipelines users who have not yet created any pipeline source.

Custom Dynamic Nodes on Cloud

Cloud users can now create custom dynamic nodes (using user-defined integrations) and customize all the relevant settings. Users can select any cloud provider with no restrictions on settings, such as machine type, region, and others.

Ability to Change Resource Static Fields

Lifted restrictions on updating some tags from their original values in resource configurations.