JFrog
JFrog
DevOps Intelligence supports your use of JFrog Artifactory, JFrog Xray, and JFrog OSS. This page describes the configuration requirements for the JFrog suite.
To pull data from any JFrog tool, DevOps Intelligence, a connection to the JFrog portal is necessary. The following items are prerequisite:
Access Rights
: Your connection must have access to generate a report on the JFrog portal.DevOps Intelligence requires the following information:
- Connection Name:Local connection name. It could be any string and is used only for reference.
- HostURL:JFrog Artifactory Host URL., eg.https://testKyndryl.jfrog.io
- Token:Token ID can be produced via the JFrog portal by following these steps: Select the user'sEmail ID, selectEdit Profile, and then chooseGenerate an Identity Token.
The identity token requires the permissions highlighted in the image below. To assign these, navigate to the JFrog portal, select the
Email ID
located in the upper right corner, and proceed to Create user
.To set up a new connection, go to
Admin
, followed by IAM
, and then choose Connections
. Select the ' button and select the Add Connection
option. Configuration
As a user, you will need to select the Connection
, Repository
, and Release format
(for example: release-YYYY.MM.DD) that you want to track through DevOps Intelligence. Vulnerabilities & Artifacts data will not be pulled for Repositories that have not been configured for X-Ray scan at the JFrog server.
After successfully configuring, you can view your settings in the table on the configuration page.
Sync details
Understanding the dynamics of data pulling, how X-Ray Scan Repositories work, identifying ReleaseName, and the method of Technical Service Identification are crucial to make your system perform seamlessly. Here, you'll find the explanation divided into four sections, each outlining a different aspect:
- JFrog Artifactory: Only pullsDockertype data. This information can be viewed on both theSecuredashboard →Container Vulnerability Scan, andBuilddashboard →Image Manager.
- X-Ray Scan Repositories: Repositories enabled for X-Ray scanning will synchronize. If a service config is created for Repo1, but Repo1 is not set up for X-Ray Scan, then the entity data for that repo would not sync. This missing data would not appear on the Image Manager & Container Vulnerability Scan page.
- ReleaseName Identification: This is determined by the format chosen on the service config page. If the format does not correspond to the release name, anunknownrelease name will be labeled. Artifacts with the "latest" version will be tagged as themainrelease. Artifacts with "latest-" & "master-" versions will be tagged as the latest release.
- Technical Service Identification: This is determined using the repo sub-path. For instance, for the repo name 'ibmcb-docker-local,' the technical service would be 'ibmcb-docker-local/dash/bitbucket.' Please refer to the image below for better understanding.
During the Sync process, the DevOps Intelligence tool performs several tasks related to JFrog reports. Notably, the tool creates reports on the JFrog side and, after processing, deletes them. As a user, you must know not to delete these reports from the endpoint. When integrating JFrog data with DevOps Intelligence, utilizing it on a single tenant is recommended. This approach arises from JFrog's limitations on the number of report generation requests.
Sync may sometimes fail due to these restrictions at the JFrog endpoint, especially if the number of report generation requests exceeds the limit. If you encounter a sync failure caused by report limitation errors, the suggested resolution is to delete Old/User-created reports. Remember these tips to ensure seamless and effective use of the DevOps Intelligence tool.
Do you have two minutes for a quick survey?
Take Survey
