Tip
You are in Step 2, of the JFrog Advanced Security installation. For previous and next steps, refer to Installing JFrog Advanced Security.
You can install JAS in your existing JFrog Platform installation, install a new JFrog Platform installation with JAS, or install JAS along with a new installation of Artifactory and Xray.
You can install JAS with an existing Helm installation of the JFrog Platform.
Contact JFrog Support to purchase or obtain a trial license of JFrog Advanced Security.
Add charts.jfrog.io to your Helm client.
helm repo add jfrog https://charts.jfrog.io
Run the following command to update the Helm repository.
helm repo update
You can install JAS in a new JFrog Platform installation with JAS, install JAS in your existing JFrog Platform installation, or install JAS with the installation of Artifactory and Xray.
New JFrog Platform Installation
Run the following command to install JAS in a new JFrog platform installation.
helm upgrade --install jfrog-platform --namespace jfrog-platform --create-namespace jfrog/jfrog-platform --set xray.serviceAccount.create=true --set xray.rbac.create=true --set jas.healthcheck.enabled=true
You can also install with a values YAML update
Add the following values in the
custom-values.yaml
fileserviceAccount: create: true rbac: create: true
Run the following command.
helm upgrade --install jfrog-platform --namespace jfrog-platform --create-namespace jfrog/jfrog-platform -f custom-values.yaml --create-namespace
Existing JFrog Platform Installation
Run the following command to install JAS in the current JFrog platform installation.
helm upgrade --install jfrog-platform --namespace jfrog-platform --create-namespace jfrog/jfrog-platform --set xray.serviceAccount.create=true --set xray.rbac.create=true --set jas.healthcheck.enabled=true
You can also install with a values YAML update
Add the following values in the
custom-values.yaml
file.serviceAccount: create: true rbac: create: true
Run the following command.
helm upgrade --install jfrog-platform --namespace jfrog-platform --create-namespace jfrog/jfrog-platform -f custom-values.yaml
Existing Artifactory and Xray Helm Installation
Upgrade Artifactory to version 7.49.x or later. For more information, see Upgrading Artifactory Helm Upgrade.
Upgrade Xray to version 3.67.x or later. For more information, see Xray Helm Upgrade.
Run the following command to install JAS.
helm upgrade xray jfrog/xray --set serviceAccount.create=true --set rbac.create=true --set jas.healthcheck.enabled=true
You can also install with a values YAML update
Add the following values in the
custom-values.yaml
file.serviceAccount: create: true rbac: create: true
Run the following command.
helm upgrade --install xray jfrog/xray -f custom-values.yaml
Synchronize the database. For more information, see Synchronizing the Database.
Configure a base URL. For more information, see General Settings.
Configure JAS for Self-Signed Helm Installation
Note
Starting from Xray version 3.105 and above, no additional self-signed certificate configuration is required for JAS. It will automatically inherit the settings from Xray if necessary.
Required Xray 3.83.11 or later.
Create a secret that contains the ca certificate in PEM base64 format. Update the system.yaml
file with the information.
executionService: platformCertificateSecretName: "<secret-name>" platformCertificateSecretKey: "<secret-key>"
Install JAS with Helm in an Air-gapped Environment
Ensure that JFConnect is running in the air-gapped mode.
For more information, see Configure JFrog Platform in an Air-gapped Environment.
Install JAS with Helm with the following updates to the Helm values and system YAML files.
Add Contextual Analysis and Exposures images to the internal registry for the local Artifactory.
Download the images from releases-docker.jfrog.io (with a tag of the same Xray version).
If already you set the
global.imageRegistry
(for pulling Xray images) in your values file it should work.global: imageRegistry: ...
If you want to change only the location of jas images you can set this in the system.yaml file.
executionService: pullSecret: "<pull-secret-name>" contextualAnalysis: registry: "releases-docker.jfrog.io" image: "jfrog/xray-jas-contextual-analysis" exposures: container: registry: "releases-docker.jfrog.io" image: "jfrog/xray-jas-exposures"
The tag of the images should be the same as the Xray version.
Add Contextual Analysis and Exposures images to the internal registry directly to the Kubernetes nodes.
Download images on a machine that has an Internet connection.
docker pull --platform=linux/amd64 releases-docker.jfrog.io/jfrog/xray-jas-exposures:<XRAY_VERSION> docker pull --platform=linux/amd64 releases-docker.jfrog.io/jfrog/xray-jas-contextual-analysis:<XRAY_VERSION>
Save the images as tar files.
docker save releases-docker.jfrog.io/jfrog/xray-jas-exposures:<XRAY_VERSION> > jas_exposure.tar docker save releases-docker.jfrog.io/jfrog/xray-jas-contextual-analysis:<XRAY_VERSION> > jas_contextual_analysis.tar
Copy the tar files to all k8s nodes and load with the following commands.
ctr -n=k8s.io images import jas_exposure.tar ctr -n=k8s.io images import jas_contextual_analysis.tar