Navigate to Xray Security & Compliance in JFrog Platform’s Administration section and click on it
Click on Webhooks in the General tile
Create a new webhook for pagerduty
Enter Webhook Name
Enter URL (URL is the Events API endpoint from pagerduty) e.g.,
https://events.pagerduty.com/integration/integration_id/enqueueClick Save
Navigate to Security and Compliance in JFrog Platform’s Application section and select Policies
Next, specify the policy name and select security from the dropdown list below policy name
Next, create a new rule for the policy by clicking on the New Rule to the right
Enter a rule name
In the criteria section, select the minimal severity or the cvss score. Violations in Xray are filtered based on this criteria and sent to pagerduty
In the Automatic Actions section, select Trigger Webhook checkbox and select the webhook that you created above for pagerduty
Click on Save
A policy rule is created with the rule name sepecified in Step10
Click create to create a policy with name specified in Step8
Navigate to watches in the Security and Compliance section on the left
Create a new watch or edit an existing watch
In order to create a new watch, click on the New Watch present at the top right corner of the screen
Enter the name and description of the watch
In Manage Resources section, click on Add repositories or Add Builds or Add Bundles and then include the resource that you want to watch from the available resources and click Save
In the Assigned policies section, Click on Manage policies towards the right and include the policy created in Step15 and click Save
Click Save to save the watch
You’ll see the watch in the list of watches
To manually trigger a watch, click on the play button and this will start sending any violations related to the watch to pagerduty
