Run the JFrog CLI Commands for On-Demand Binary Scans

JFrog Security Documentation

ft:sourceType
Paligo

This topic describes how to run the JFrog CLI commands as part of On-Demand Binary scans as described in Xray On-Demand Binary Scan.

Run the JFrog CLI Commands using one of the two methods:

  • Use the existing upload command with additional parameters that will serve as a conditional upload. A conditional upload ensures that the files are scanned prior to uploading to Artifactory, and will not be uploaded if the scan contains any security issues and does not comply with the policies you set.

  • Run an independent scan command.

Supported commands in the JFrog CLI:

Depending on the command option you use, you can view scan results for the following:

  • Vulnerabilities

  • Violations

  • Licenses

By default, the scan returns vulnerabilities data found in your dependencies. To retrieve violations data, use one of the following methods:

  • Watches - Select Watches to apply to the scan.

  • Repo Path- Provide a target destination path in Artifactory, and Watches will be determined by the path.

  • Project- Select a Project by project key, and use all Watches defined for the Project.

Take note, that if you run the scan using one of these command options, the scan results will only show violations data and not vulnerabilities data. To view vulnerabilities data, run the scan without these options.