Download to read offline
Uploaded byTsuyoshi Miyake
はじめての JFrog Xray
The document discusses JFrog Xray, a tool aimed at implementing DevSecOps practices within CI/CD pipelines. It outlines features such as software composition analysis, security policies, and monitoring capabilities across on-premises and multicloud environments. The content also emphasizes automation in build processes and integration with various tools for improved security and efficiency.
![[RHFSeoul2017]6 Steps to Transform Enterprise Applications](https://cdn.slidesharecdn.com/ss_thumbnails/trackb-46stepstotransformtheenterpriseapplications-171106194307-thumbnail.jpg?width=640&height=640&fit=bounds)
はじめての JFrog Xray
- 1. JFrog Xray Getting Startedwith JFrog Xray
- 2.
- 3. 3 § § Sr. DevOpsAcceleration Engineer @JFrog § DevOps Liquid Software § @tsuyoshi_miyake miyaket@jfrog.com
- 4.
- 5.
- 6. DevSecOps § DevSecOps =DevOps Security § DevOps § (#SecurityFirst) 6 SECURITY
- 7.
- 8. DevSecOps § CI/CD § ShiftLeft § 8
- 9.
- 10.
- 11. 24/7 Dedicated Support+ DevOps Acceleration Service Arm BUILD TEST RELEASE DEPLOY On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO JFrog Platform
- 12. Xray 12 Artifactory Software Composition Analysis (SCADocker zip VulnDB REST API CLI IDE CI SaaS (AWS Azure GCP)
- 13.
- 14.
- 15.
- 16. Xray 16 WATCHES POLICIES JFrog ARTIFACTORY Security License JFrog XRAY Fail Build Web Hooks,Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo
- 17.
- 18. 18 ARTIFACTORY XRAY NEW ARTIFACT INDEXING SCANNINGSETUP POLICY RULES CREATE AUTOMATIC ACTIONS FAIL BUILD NOTIFICATION CRITICAL VIOLATION MINOR VIOLATION
- 19. 19 XRAY SCANNING SETUP POLICY RULES CREATE AUTOMATICACTIONS FAIL BUILD NOTIFICATION CRITICAL VIOLATION MINOR VIOLATION METADATA DB UPDATE
- 20.
- 21. Policy § Policy § Rule § §Rule § § 21 Security Policy License Policy Min Severity Level Rule 1 Min Severity Level Rule 2 Allow/ Banned licenses Rule 1 Allow/ Banned licenses Rule 2
- 22. Rule § § (Low, Medium,High) § § Webhook (Slack, Splunk, JIRA etc.) § § § § Fail Build 22
- 23. Watch § § Policy § Watch § PolicyRule Policy § Policy Rule 23 Watch Watch Policy Policy Policy Policy Policy Policy
- 24.
- 25. Xray § GUI § RESTAPI § JFrog CLI § CI § IDE 25
- 26.
- 27. 27 IDE Interfaces 1 Remote Repositories 2 ARTIFACTORY 3 4 XRAY ExternalData Sources 5 CI Servers DRONE VCS 6 Build Tools/Dependency Managers MSBuild 7 8 9 10 Fail Build Provisioning Tools 11 12 DISTRIBUTION ARTIFACTORY EDGE ARTIFACTORY EDGE ARTIFACTORY EDGE
- 28.
- 29.
- 30.
- 31.
- 32.
- 34.
- 35.