JFrog Xray Incident Reports With PagerDuty

Stay Alert to Xray Security Vulnerabilities

When it comes to securing your software development against open source vulnerabilities, the earlier action occurs — by the right person — the safer you and your enterprise will be.

Many IT departments rely on the PagerDuty incident response platform to improve visibility and agility across the organization. The enterprise-quality incident management system provides reliable notifications, automatic escalations, on-call scheduling, and other functionality to help teams detect and fix infrastructure problems quickly.

JFrog Xray is the universal software composition analysis (SCA) solution that natively integrates with Artifactory as part of the JFrog DevOps Platform, giving DevSecOps teams an easy way to proactively identify open source vulnerabilities and license compliance violations, before they manifest in production.

We’ve made it easy to combine these two solutions. With the PagerDuty integration for Xray, key personnel can receive PagerDuty notifications for security violations detected by JFrog Xray’s deep recursive scanning of artifacts.

Benefits of Integration

  • Proactively manage security and compliance across the software development and release lifecycle. 
  • Receive early notifications within PagerDuty on vulnerabilities and compliance violations.
  • Customize notifications and policies based on type of violation and severity.
  • Granular visibility on impacted components and dependencies.

 

Get the PagerDuty Integration

 

Integration Features

In the JFrog Platform, DevOps administrators can define granular watch policies based on type of violation and severity, and configure Xray to regularly scan repositories, builds, and release bundles against those policies. Administrators can associate these rules with an outbound event webhook, and any violations found will trigger sending the webhook. 

The PagerDuty integration for Xray can be associated with a PagerDuty service that will receive the webhook from Xray. Once received, PagerDuty can direct an incident report to an individual or group to let them know of the security or license violation detected by Xray.

Use Cases

  • SRE/IT Admin Oversight – Configuring Xray policy settings can ensure robust, continuous scanning of all production releases. Incident reports sent through PagerDuty enable rapid response to all relevant security vulnerabilities that are discovered.
  • Quality Assurance – QA teams can configure Xray policies and watches to monitor targeted artifact repositories used for test and staging environments, and report security violations through PagerDuty incident services for prompt resolution.
  • Shift Left Security – Developers and Dev managers configure Xray policies and watches to continuously scan targeted artifact repositories used for milestone dev builds. Incident reports sent through PagerDuty alert the development team of any security vulnerabilities and enable resolution at the earliest point in the development lifecycle.

 

Release Fast Or Die