Synchronize the Database when Working with Xray

JFrog Security Documentation
Products
JFrog Xray
Content Type
User Guide
ft:sourceType
Paligo

This topic reviews subjects related to Synchronizing the database with working with Xray.

Using a firewall?

If you are using a firewall, to allow the database sync to complete successfully, you need to add the following URLs to your firewall's whitelist:

  1. https://releases.jfrog.io/

  2. https://releases-cdn.jfrog.io

  3. https://dl.bintray.com/

  4. https://akamai.bintray.com

  5. https://jxray.jfrog.io

To test the ability to sync, run the following REST API endpoint:

https://jxray.jfrog.io/api/v1/system/ping

For Xray to scan your indexed artifacts it must ingest data on issues and vulnerabilities from the primary feed that comes from theglobal database servermaintained by JFrog. There are two ways to synchronize Xray with the global database server:

  • Online: In online mode, Xray synchronizes with the global database server automatically on a daily basis through an internet connection

  • Offline: In offline mode, you manually download files from the global database server and then upload them to Xray

Note

JFrog Advanced Scans is supported only in online mode. Starting from Xray version 3.69.x, JFrog Advanced Scans is also supported in offline mode.

To configure synchronization with the global database server, in the Administration module, select Xray | Database Sync.

Note

The Xray indexing process will only start after the initial DB sync process is completed.

Online Synchronization

To get started right away so Xray can scan your artifacts, you may invoke the initial synchronization manually by selecting Start Sync in the Status panel. From then on, Xray will synchronize issues and vulnerabilities regularly and automatically, once a day.

Offline Synchronization

DB_Sync_Offline_Mode.png

Note

For RPM installations the Updates folder is under the Data folder:

  • ${XRAY_HOME}/xray/data/updates/component

  • ${XRAY_HOME}/xray/data/updates/vulnerability

If, for any reason, you do not want to maintain a live internet connection to the global database server, select Offline in the Sync Mode panel to get detailed instructions on how to get the latest data available.

Version compatibility with JFrog CLI

An offline database synchronization requires the use of JFrog CLI.