JFrog configuration
jfrog configuration enables integration with the jfrog platform to collect artifact andvulnerability data from supported repositories a connection to the jfrog portal is requiredbefore configuring the integration to pull data from any jfrog tool, , a connection to the jfrog portal is necessary pre requisites access rights your connection must have access to generate a report on the jfrog portal requires the following information connection name local connection name it could be any string and is used only for reference hosturl jfrog artifactory host url for example https //testkyndryl jfrog io token token id can be produced via the jfrog portal by following these steps select the user's email id , select edit profile and then choose generate an identity token the identity token requires the permissions highlighted in the image below to assign these, navigate to the jfrog portal , select the email id located in the upper right corner, and proceed to create user to set up a new connection, go to admin , followed by , and then choose connections select the ' button and select the add connection option configuration as a user, you will need to select the connection , repository , and release format (for example release yyyy mm dd) that you want to track through vulnerabilities & artifacts data will not be pulled for repositories that have not been configured for x ray scan at the jfrog server after successfully configuring, you can view your settings in the table on the configuration page sync details understanding the dynamics of data pulling, how x ray scan repositories work, identifying releasename, and the method of technical service identification are crucial to make your system perform seamlessly here, you'll find the explanation divided into four sections, each outlining a different aspect jfrog artifactory only pulls docker type data this information can be viewed on both the secure dashboard → container vulnerability scan and build dashboard → image manager x ray scan repositories repositories enabled for x ray scanning will synchronize if a service config is created for repo1, but repo1 is not set up for x ray scan, then the entity data for that repo would not sync this missing data would not appear on the image manager & container vulnerability scan page releasename identification this is determined by the format chosen on the service config page if the format does not correspond to the release name, an unknown release name will be labeled artifacts with the "latest" version will be tagged as the main release artifacts with "latest " & "master " versions will be tagged as the latest release technical service identification this is determined using the repo sub path for instance, for the repo name 'ibmcb docker local,' the technical service would be 'ibmcb docker local/dash/bitbucket ' please refer to the image below for better understanding during the sync process, the tool performs several tasks related to jfrog reports notably, the tool creates reports on the jfrog side and, after processing, deletes them as a user, you must know not to delete these reports from the endpoint when integrating jfrog data with , utilizing it on a single tenant is recommended this approach arises from jfrog's limitations on the number of report generation requests sync may sometimes fail due to these restrictions at the jfrog endpoint, especially if the number of report generation requests exceeds the limit if you encounter a sync failure caused by report limitation errors, the suggested resolution is to delete old/user created reports remember these tips to ensure seamless and effective use of the tool