I finished to setup Xray, connected it to Artifactory and deployed new build but Xray didn't scanned it, what am I doing wrong?
By default Xray does not scan every deployed build, in order for Xray to scan builds we need to configure it, here are the steps to perform this configuration:
1. Select the build that we want Xray to index:
Go to Xray UI -> Admin -> Configuration -> Artifactory -> select the relevant Artifactory instance -> select "Builds" tab and add the relevant builds:
2. Create new policy:
Policies are the action which Xray will perform in case it will find any violation in the scanned artifacts:
Policies -> New policy -> configure it as you would like, in our example we will fail the build in case we will find artifact with critical severity:
3. Create new watch:
We configuring watches in order for Xray to know what we would like to track and get informed on:
Watches -> new watch -> configure the watch according to what you would like to track, in our example we will track the build "test-maven" and will assign to it the policy create in step 2:
4. Configure the build to trigger Xray scan:
This step is related to the way deploy the build to Artifactory, please see the relevant documentation for the possible deployment:
• Trigger build scan using JFrog CLI.
• Configure build scan as part of Jenkins pipeline.
• Configure build scan as part of Bamboo build using Artifactory Bamboo plugin.
That’s all, from now on Xray will scan every new configured build that you will deploy.