Xray Integration with PagerDuty

JFrog Integrations Documentation
Content Type
Integrations
ft:sourceType
Paligo

PagerDuty integration with JFrog enables you to manage security and compliance proactively across the software development and release lifecycle. This integration allows you to receive early notifications within PagerDuty on vulnerabilities and compliance violations impacting artifacts, builds and components before production release.

Important

This integration was updated on July 12 2023 with the following improvements.

  • Summarized Notifications - Instead of getting hundreds of notifications from JFrog Xray, you get a much shorter list of notifications summarized by severity.

  • Link to the Scan Results page in JFrog Xray Included in your PagerDuty event - This is where you can check details of each vulnerability, CVE etc.

Benefits

  • Proactively manage security and compliance across the software development and release lifecycle. Receive early notifications within PagerDuty on vulnerabilities and compliance violations impacting artifacts, builds and components before releasing to production.

  • Customize notifications - Configure granular policies within JFrog Xray based on type of violation, severity, and receive notifications on repositories, builds or release bundles of interest.

  • Summarized notifications for easy consumption - Receive a summary of Xray watch issues by severity as well as the link to the watch scan results as a PagerDuty event.

How it Works

  • Users will install the JFrog Xray integration application from within the PagerDuty Service Directory and receive a URL to setup the PagerDuty webhook within JFrog Xray

  • JFrog Xray will utilize the PagerDuty webhook trigger to send notifications to PagerDuty. Users will be able to configure their rules and set up watch policies for repositories, builds and release bundles within JFrog Xray and associate these rules with the PagerDuty webhook trigger.

  • Once the webhook is configured within JFrog Xray, an incident will be sent to the PagerDuty service whenever security or license violation occurs.

  • Xray performs a recheck of all watched resources and any found violations will send an event to a service in PagerDuty. Events from Xray will trigger a new incident on the corresponding PagerDuty service, or group as alerts into an existing incident.

Support

If you need help with this integration, contact support@jfrog.com.