Advanced Xray Settings

JFrog Security Documentation

ft:sourceType
Paligo

Note

Advanced Settings apply only to Self-Hosted environments.

Xray is built on a set of microservices that perform its actions in the realm of indexing artifacts, communicating with Artifactory, managing events and notifications and so on.

To configure these settings, in the Administration module, go to Xray Security and Compliance | Advanced and click Settings.

The following advanced configurations are available:

  • Basic Settings: allows enabling Xray, configuring the behaviour when it is unavailable and for blocked artifacts.

  • System Parameters: (Self-Hosted only) provides system settings.

  • Queue Workers: (Self-Hosted only) provides several parameters for tweaking Xray performance by changing the number of workers performing the different tasks. Starting from Artifactory version 7.12 and above, the Queue Workers setting is no longer available through the UI, and is only supported through REST API.

Note: Adjusting these parameters may affect your system's performance, please contact JFrog Support for additional information.

Field

Description

Basic Settings

Xray Enabled

Indicates that Xray is enabled on the JFrog Platform and is set by default when Xray is installed.

Allow download and distribute when Xray is unavailable

Allows downloading artifacts from Artifactory and distributing Release Bundles to Edge Nodes when the Xray service is unavailable.

Allow downloads of blocked artifacts

Allows downloading all artifacts, including artifacts that have been blocked for download by Xray.

Block Unscanned Artifacts Download Timeout (Sec)

The max time a download request will be pending Xray to complete scanning the artifact.

When a repository is configured to block downloads of unscanned artifacts, this setting will make every download request connection remain open for the time configured (in seconds), allowing Xray sufficient time to scan the artifact and then return the artifact or block it based on scan results.

Note

Important: make sure the client you are using to download artifacts from Artifactory is set with a high socket timeout value to ensure the connection will remain intact while Xray is scanning the artifacts. Example clients include: build CI server, package mangers, smart remote repository, cURL, etc.

This is also relevant when using a Smart Remote Repository, where Advanced → Socket Timeout (MS) should be set to a high value.Smart Remote RepositoriesAdvanced Settings

For Advanced Users:

The time interval for Artifactory to send scan requests to Xray can be configured using the following system property.Artifactory Configuration Files

artifactory.xray.indexer.intervalSecs=60

This system property determines the interval between each artifact's events submission from Artifactory to Xray. When downloading a newly added artifact, an event is created in Artifactory, and this event is sent to Xray notifying it of a new artifact that needs to be scanned. In order for the block unscanned timeout to have enough time to get full scan results, Xray needs to be quickly notified that a new scan needs to be made, thus this system property needs to be changed to 10 seconds.

Note that an increase/tuning the Tomcat HTTP connection pool may be needed in order to support high load of connections while waiting for a scan to be completed.

System Parameters

SSL Insecure

Toggles enablement of skipping Xray's self-signed certificate validation

Mail Without SSL

Toggles usage of Transport Layer Security when connecting to the mail server

Send Anonymous Statistics

Improves the Xray optimization by sending anonymous usage statistics.

Max Disk Usage

Percentage of disk usage tolerated by Xray. When reaching the specified value, Xray will NOT download packages for indexing

Monitor Sampling Interval

Interval for executing monitoring jobs on CPU, Disk Usage, restarts, etc.

Job Interval

Interval for running node specific jobs

Queue Parameters

Index

The number of workers managing indexing of artifacts.

Persist

The number of workers managing persistent storage needed to build the artifact relationship graph.

Alert

The number of workers managing alerts.

Analysis

The number of workers involved in scanning analysis.

Impact Analysis

The number of workers involved in Impact Analysis to determine how a component with a reported issue impacts others in the system.

Notification

The number of workers managing notifications.

System Parameters

SSL Insecure

Toggles enablement of skipping Xray's self-signed certificate validation

Mail Without SSL

Toggles usage of Transport Layer Security when connecting to the mail server

Max Disk Usage

Percentage of disk usage tolerated by Xray. When reaching the specified value, Xray will NOT download packages for indexing

Monitor Sampling Interval

Interval for executing monitoring jobs on CPU, Disk Usage, restarts, etc.

Queue Message Max TTL

Number of retries to be accepted in the Message Queue system

Job Interval

Interval for running node specific jobs

Note

Starting from Xray version 3.6, Xray prioritizes the scanning of new Artifacts/Builds/Release Bundles over events originating from a history scan or a full repository scan, and provides the capability to control the number of workers for new content versus history / full repository scan. To configure the number of workers, see Configuring the Workers Count REST API.Configuring the Workers Count

This requires Artifactory version 7.6 and above.