Scan Builds with JFrog Xray - Declarative Pipeline Syntax

JFrog Integrations Documentation

Content Type

The Jenkins Artifactory Plugin is integrated with JFrog Xray through JFrog Artifactory allowing you to have build artifacts scanned for vulnerabilities and other issues. If issues or vulnerabilities are found, you may choose to fail a build. This integration requires JFrog Artifactory v4.16 and above and JFrog Xray v1.6 and above.

You may scan any build that has been published to Artifactory. It does not matter when the build was published, as long as it was published before triggering the scan by JFrog Xray.

The following instructions show you how to configure your Pipeline script to have a build scanned.

rtServer (
    id: 'Artifactory-1',
    url: 'http://my-artifactory-domain/artifactory',
    credentialsId: 'my-credentials-id'

xrayScan (
    serverId: 'Artifactory-1',
        // If the build name and build number are not set here, the current job name and number will be used:
        buildName: 'my-build-name',
        buildNumber: '17',
    // Optional - Only if this build is associated with a project in Artifactory, set the project key as follows.
    project: 'my-project-key',    
        // If the build is found vulnerable, the job will fail by default. If you do not wish it to fail:
        failBuild: false