Set Filters on Repositories

JFrog Security Documentation

ft:sourceType
Paligo

The filters you define for a watch determine which artifacts in the repositories specified will generate violations and under what conditions. You can define any number of filters on each of the repositories specified for the watch, and it will only trigger a violation if an artifact meets the conditions of all of the filters defined for that resource.

Pass through ALL filters

You can define any number of filters for a resource, and only artifacts that pass through all of them will trigger a violation.

  1. To specify filters on repositories, select the Filters tab.

  2. Select the repository. The repository will be displayed in the right column with a list of predefined filters.

  3. Select a filter from the Filter list to apply to the repository.

    In the following example, you set a filter to trigger a violation for application/JSONs if their performance value is set to false in the docker-local repo.

setting filters on repo_xray.png

The following content filters are available:

Name

Description

Example

Name

A Name filter uses a regular expression to specify the name of an artifact. The watch will only trigger a violation if an artifact's name matches the expression.

For example, the filter specifies that the watch should only trigger a violation for rpm files.

NameFilter.png

Path

A Path filter uses a regular expression to specify the path of an artifact in the repository. The watch will only trigger a violation if an artifact's name matches the expression. Note that the filter does not consider the repository name to be a part of the path.

For example, the filter specifies that the watch should only trigger a violation for artifacts that have the expression "jfrog" in their path

PathFilter.png

Package Type

A Package Type filter specifies an artifact's package type. The watch will only trigger a violation if an artifact has the specified package type.

PackageTypeFilter.png

Mime Type

A Mime Type filter specifies an artifact's mime type. The watch will only trigger a violation if an artifact has the specified mime type.

For example, the filter specifies that the watch should trigger a violation for any artifact with an "application/json" mime type.

MimeTypeFilter.png

Property

A Property filter specifies a property annotating an artifact and its value. The watch will only trigger a violation if the property has the specified value.

For example, the filter above specifies that the watch should trigger a violation if an artifact with a property named "performance" has the value "false".

PropertyFilter.png