JFrog Xray scan native step
next fiscal quarter
G
Gray Guanaco
We would like to see JForg Xray security tests step in Harness as out of the box capabilities for docker and file type artifact scan.
Log In
Pritesh Chandaliya
Step 1. Orchestrate the JFrog Xray CLI via a custom run step.
JFrog publishes their own docker images for the CLI, or you can create your own. (Customer will also have to write authentication scripts required to auth and use jf scan) https://jfrog.com/getcli/. But the scan command will look like this...
jf docker scan --format json IMAGE_NAME > scan-results.json
Step 2. Ingest the .json results file into STO as described here- https://developer.harness.io/docs/security-testing-orchestration/sto-techref-category/xray-scanner-reference/
Can you please give this a try using the custom ingestion, in case you are not aware. We are still working on adding it as a native step as mentioned before.
Pritesh Chandaliya
next fiscal quarter
We have prioritized the efforts for Q3 Aug-Oct 2024. Thanks!