Stack Overflow
Stack Overflow

Questions tagged [jfrog-xray]

Use this tag for questions related to JFrog Xray

133 questions
3
votes
1 answer

Removing dependency on a specific vulnerable package

According to a recent JFrog Xray scan, our application (.NET 5) has a "critical" vulnerability due to a dependency on a specific version of Microsoft.NETCore.Platforms. There is a newer version of the package with the vulnerability resolved that I…
Adam
  • 71
  • 3
3
votes
1 answer

Can I create a new Jfrog Artifactory package type plugin?

I want to store RTL modules (Mostly VHDL files - .vhd) in Artifactory, and be able to trace the dependencies of those packages with Xray and the other Jfrog services. I already have a pretty clean "package" format, I just want to have Artifactory…
Jedidiah Bartlett
  • 227
  • 2
  • 8
2
votes
1 answer

How to upgrade Jfrog Artifactory pro to enterprise or enterprise+?

In our organization, we are planning to purchase jfrog artifactory pro version on an initial level, but we have some questions we listed below. Questions: Are we able to upgrade from artifactory pro to enterprise or enterprise+ later on? If Upgrade…
jayveersolanki
  • 92
  • 9
2
votes
1 answer

Why does XRay Scan for jFrog Artifacts triggered from Jenkins returns a forbidden response?

I tried triggering the Xray Scan from Jenkins through the jFrog server as specified in their documentation. The pipeline code used is as follows: node { stage('XRAY Scan') { def server = Artifactory.server('jFrogServer') …
Arghya
  • 240
  • 1
  • 16
2
votes
2 answers

jfrog-xray fails to start (fresh installation)

I'm in the process of installing jfrog-xray (version 2.8.6) on redhat. I have followed the installation instructions for installing to bare metal (compared to docker) and the install seems to have gone fine. However, when trying to start all the…
the ox
  • 197
  • 1
  • 13
2
votes
1 answer

Does JFrog Xray scan package.json dependencies for vulnerable packages?

I'm testing out JFrog Xray combined with Artifactory, and have deployed a nodejs npm project as a build to Artifactory, which then has been scanned by Xray. (Using this guide) In my package.json I've included a dependency I know have a…
objectclass
  • 154
  • 1
  • 3
  • 13
1
vote
2 answers

How to create an 'Acess token' via Artifactory REST API?

my company uses Docker Desktop and we want to use this cool JFrog extension: https://github.com/jfrog/jfrog-docker-desktop-extension We also have an JFrog XRay server, so all pre-requisites are fullfilled. In order to establish a connection, I need…
V. Pravi
  • 13
  • 4
1
vote
0 answers

Adding npm SBOM (or similar) to Artifactory (for Xray parsing)?

We are building containerized applications with Spring Boot backend and npm-based frontends. As build tool we are using Gradle with Jib. To scan our software artifacts for vulnerabilities in third-party libraries we use Jfrog's Xray. At the moment…
user3240316
  • 35
  • 5
1
vote
2 answers

How to scan Local builds using jFrog Xray

We have Artifactory and Xray for our developers and we have Azure DevOps pipelines integrated with these tools where the builds are scanned for each pipeline execution. But when developers are doing local builds from their development workstations…
Vowneee
  • 956
  • 10
  • 33
1
vote
1 answer

Configure JFROG CLI and Xray through the GitLab pipeline for dotnet project

I would like to configure build artifacts and dependencies scan for vulnerabilities and license violations for a .NET project through the pipeline. I am new to JFrog Artifactory and Xray and currently my pipeline is failing with error: [Error]…
Milica Nikolić
  • 155
  • 2
  • 10
1
vote
1 answer

How to retrieve a list of projects from Artifactory

I need to create a series of scripts which do meaningful things across both Artifactory and X-Ray. The things I need to do requires I already have the project IDs. As a platform admin, I have access to those via the UI but I need to use them on the…
Lex Woodfinger
  • 125
  • 1
  • 9
1
vote
2 answers

Jfrog Service is Going Down frequently

We can see our Jfrog Service is going down frequently and we have configured Crontab which is bring the jfrog instantly. But here the issue is it is impacting our jenkins builds, and there is not error in logs apart from router-service.log. Below…
Ramesh Thiyagarajan
  • 53
  • 8
1
vote
2 answers

JFROG unable to access showing 8046 connection refused

Recent times jfrog server got rebooted from there when we start jfrog we are getting below stating like 8046 refused. ERROR: Caused by: org.apache.http.conn.HttpHostConnectException: Connect to localhost:8046 [localhost/127.0.0.1] failed:…
kranthi kk
  • 21
  • 3
1
vote
2 answers

Can we fail build in jenkins after jfrog xray-scan?

Is there a way we can fail a build in jenkins after xray scan and getting an unapproved license violation from jfog xray (No pipeline script)?
magician1214
  • 17
  • 3
1
vote
1 answer

Shared DB or Dedicated DB?

In a production environment, is it better to have dedicated RDS instances for Artifactory and Xray? Or is it okay to have a single RDS instance for both Artifactory and Xray? It seems like Xray uses a lot of resources during the initial DB sync,…
the1
  • 47
  • 1
  • 8
1
2 3
8 9