Configure JFrog Xray for integration with PagerDuty

JFrog Integrations Documentation

ft:sourceType
Paligo
  1. Navigate to Xray Security & Compliance in JFrog Platform’s Administration section and click on it

    step1
  2. Click on Webhooks in the General tile

  3. Create a new webhook for pagerduty

    new webhook
  4. Enter Webhook Name

  5. Enter URL (URL is the Events API endpoint from pagerduty) e.g., https://events.pagerduty.com/integration/integration_id/enqueue

  6. Click Save

  7. Navigate to Security and Compliance in JFrog Platform’s Application section and select Policies

    step7
  8. Next, specify the policy name and select security from the dropdown list below policy name

    step8
  9. Next, create a new rule for the policy by clicking on the New Rule to the right

    new rule
  10. Enter a rule name

  11. In the criteria section, select the minimal severity or the cvss score. Violations in Xray are filtered based on this criteria and sent to pagerduty

  12. In the Automatic Actions section, select Trigger Webhook checkbox and select the webhook that you created above for pagerduty

  13. Click on Save

    step13
  14. A policy rule is created with the rule name sepecified in Step10

  15. Click create to create a policy with name specified in Step8

  16. Navigate to watches in the Security and Compliance section on the left

    step16
  17. Create a new watch or edit an existing watch

  18. In order to create a new watch, click on the New Watch present at the top right corner of the screen

  19. Enter the name and description of the watch

  20. In Manage Resources section, click on Add repositories or Add Builds or Add Bundles and then include the resource that you want to watch from the available resources and click Save

  21. In the Assigned policies section, Click on Manage policies towards the right and include the policy created in Step15 and click Save

  22. Click Save to save the watch

  23. You’ll see the watch in the list of watches

  24. To manually trigger a watch, click on the play button and this will start sending any violations related to the watch to pagerduty

    step24