Login
    Contents x
    JFrog Xray
    • 14 Apr 2024
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    JFrog Xray

    • Updated on 14 Apr 2024
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    JFrog Xray is a software composition analysis (SCA) tool that scans software artifacts for security vulnerabilities, open source license compliance, and software quality.

    Types of Assets Fetched

    This adapter fetches the following types of assets:

    • Devices

    Parameters

    1. Host Name or IP Address (required) - The hostname or IP address of the JFrog Xray server.

      • You can either use your JFrog URL in the following format: http://myjfrog.mycompany.org
      • Or use your Artifactory server hostname and the Artifactory router port: http://ARTIFACTORY_SERVER_HOSTNAME:8082

    2. User Name and Password (required) - The credentials for a user account that has the Required Permissions to fetch assets.

    3. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

    4. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

    5. HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

    6. HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.

    To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

    JFrog Xray

    APIs

    Axonius uses the JFrog Xray REST APIs.

    Required Permissions

    The value supplied in User Name must have read permissions in order to fetch Repos, Artifacts and Violations.

    The value supplied in User Name must have the Manage Reports role in order to fetch Vulnerabilities.

    Version Matrix

    This adapter was only tested with the versions marked as supported, but may work with other versions. Contact Axonius Support if you have a version that is not listed, which is not functioning as expected.

    VersionSupportedNotes
    API v1 Xray version 3.8 and aboveYes--

    Supported From Version

    Supported from Axonius version 6.1

    Troubleshooting

    • In order to fetch the vulnerabilities, this adapter creates an Xray vulnerabilities report. There is a limit of maximum saved reports (default: 100). If you already have the maximum amount of reports in your environment, the vulnerabilities cannot be fetched. In order to create a report, you can either delete unnecessary reports or increase the limit in the Xray System YAML.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout