Ability to upload nuget package with build info to the JFrog artifactory
complete
P
Purple Lungfish
We are building various nuget packages using the Microsoft .Net 6.0,7.0 and 8.0. The package is pushed via JFrog connector that doesn't contain the nuget build info. This is a critical requirement for the Jfrog Xray SCA scan.
Here are the build info details that provided by the JFrog. We need to pass along the build info while running and uploading to Artifactory. Build info is JFrog source to identify dependencies. Xray will request for the build-info, which contains the list of artifacts and dependencies to scan. Using this information, whatever the build info is able to pick up during the build process, Xray can attempt to match "transitive dependencies" and include it in the analysis. You can find more information on it below:
And an npm/donet example of build passing the build info:
Log In
ompragash
marked this post as
complete
ompragash
Hi there, Thanks for raising this request. The Upload Artifacts to JFrog Artifactory step supports uploading NuGet packages (.nupkg) along with build info. You can configure the following fields in the step:
- source: path to your NuGet package (e.g., dist/*.nupkg)
- target: your JFrog Artifactory repository path
- build_name: name of the build (e.g., <+pipeline.name>)
- build_number: build identifier (e.g., <+pipeline.executionId>)
- publish_build_info: set to true to publish build metadata to Artifactory
This will upload your NuGet packages and associate them with build info for SCA scans and traceability.
For more details on the step configuration, please refer to: https://developer.harness.io/docs/continuous-integration/use-ci/build-and-upload-artifacts/upload-artifacts/upload-artifacts-to-jfrog
Closing this as the functionality is available today. Please feel free to reopen if you run into any issues.
N
Nofar Bluestein
marked this post as
pending feedback
N
Nofar Bluestein
Hey,
we have support for publishing build info such as build_name, build_number and targetProps. is this what you are looking for?
Please see documentation :
Regards,
Nofar Bluestein
CI product team