Build JFrog Configurations
overview before software package and vulnerability data from jfrog can be analyzed in , you must configure jfrog as a tool for the application and onboard the associated technical service this process enables to collect software package inventory and vulnerability information from jfrog repositories and artifacts the setup consists of two main tasks configure the jfrog tool for the application by adding a software package tool configuration in the build phase onboard a technical service associated with the application to define the jfrog repository and artifacts that devops intelligence should monitor once the configuration and onboarding are complete, automatically synchronizes software package and vulnerability data from jfrog setting up tool application configurations from jfrog to onboard software package data, users need to edit the tool configuration for the application and then onboard the associated technical service follow this path the edit the tool application configuration from jfrog from the main menu , go to services → platform services → toolchain & pipeline → devops intelligence → settings & utilities → application configurations select the application you want to configure and expand it to display the following sections devops phase tools configured tools having technical services click the ellipsis ( ) and select edit tool configuration on the edit configurations page, locate the build phase and click add tool configuration on the edit tool configuration page, configure the following build category software package tool engine jfrog ensure that the tool category out of the box is checked, this because software package and vulnerability data is collected from jfrog review the available mappings for release format (can be modified if required) severity critical, high, medium, and low package status allowed, denied, need approval, and uncategorized click add configuration , then select next click submit to save the configuration once saved, the software package tool is added to the application and the configured tool should appear as jfrog under the application's configured tools onboard technical service from jfrog after configuring the tool applications, users need to onboard a technical service to enable to collect software package and vulnerability data from jfrog follow these steps to onboard a technical service for a software package identify the application, click the ellipsis ( ) , and select onboard technical service on the onboard technical service page, configure the following settings devops phase build build category software package tool engine jfrog connection select the jfrog connection repository select the repository containing the artifacts to be onboarded artifacts select the artifacts for which package and vulnerability data should be collected click onboard after the onboarding request is submitted, begins synchronizing software package data from the selected jfrog repository and artifacts once synchronization is complete, package and vulnerability information becomes available in the software packages dashboard, where users can analyze package inventory, review vulnerability details and identify the applications and technical services affected by vulnerable packages