The Artifactory Xray Scan Task

JFrog Integrations Documentation

Content Type
Integrations
ft:sourceType
Paligo

The Bamboo Artifactory Plugin is integrated with JFrog Xray through JFrog Artifactory allowing you to have build artifacts scanned for vulnerabilities and other issues. If issues or vulnerabilities are found, you may choose to fail a build job. This integration requires JFrog Artifactory v4.16 and above and JFrog Xray v1.6 and above.

For Xray to scan builds, you need to configure a WatchConfiguring Xray Watches with the right filters that specify which artifacts and vulnerabilities should trigger an alert, and set a Fail Build Job Action for that Watch. You can read more about CI/CD integration with Xray here.CI-CD Integration with Xray

Next, add the Artifactory Xray Scan task to your plan and configure it.

Note

To scan a build with Xray, the build-info must be already published to Artifactory. You should therefore make sure that one or more of the previous plan tasks is configured to collect build info and that the build-info is published to Artifactory.

image2021-11-8_15-17-4.png