Artifactory and Xray Notifications for DevSecOps Collaboration
As your mission-critical tools for DevOps, the results of many key events that occur in Artifactory and Xray reveal whether or not your software pipeline is on-track to deliver production-quality releases.
The JFrog app for Microsoft Teams brings real-time visibility and awareness of what’s happening in your JFrog-powered software pipelines to your entire team through one of the most widely used collaboration tools.
Many software development teams rely on the Teams communication platform to collaborate and promote event visibility across the organization through public and private group channels, as well as direct messaging.
JFrog Artifactory is the universal artifact repository manager powering the JFrog Platform’s binaries-driven formula for DevOps success. JFrog Xray is the universal software composition analysis (SCA) solution that enables DevSecOps teams to proactively identify open source software vulnerabilities and license compliance violations before they manifest in production, and swiftly remediate across the entire application inventory.
With the JFrog app for Teams, developers can better collaborate on delivering quality releases, responding in real-time to DevOps events as they occur.
Benefits of Integration
Enables enterprises to accomplish the following through Microsoft Teams::
- Notify teams of key Artifactory change events
- Provide real-time visibility of DevOps build events
- Alert teams of license policy violations
- Alert security teams of critical vulnerabilities
- Notify teams of release bundle and distribution events
The JFrog app for Microsoft Teams delivers notifications and actionable UI cards to one or more team channels for Artifactory repository actions you wish to make visible, such as artifact, artifact properties, Docker tag, or build events. Notifications can be paused, deleted, or invoke the JFrog Platform for more details from within the channel.
The app can send vulnerability and license compliance notifications to one or more team channels based on policies setup in JFrog Xray. The interactive notification enables recipients to take action, creating ignore rules, displaying details or invoking the JFrog Platform.
- Production Engineering – Receive notification when important packages or builds are uploaded or promoted to specific repositories.
- SRE/IT Admin Oversight – Configuring Xray policy settings can ensure robust, continuous scanning of all production releases. Notifications sent through Teams enable rapid response to all relevant security vulnerabilities that are discovered.
- Quality Assurance – QA teams can configure Xray policies and watches to monitor targeted artifact repositories used for test and staging environments, and tag team members to security violations through Teams for prompt resolution.
- Shift Left Security – Developers and Dev managers configure Xray policies and watches to continuously scan targeted artifact repositories used for milestone dev builds. Notifications sent through Teams alert the development team of security vulnerabilities and enable resolution at the earliest point in the development lifecycle.