Create Xray plugin procedures

Plugin procedures can be used in procedure steps, process steps, and pipeline tasks, allowing you to orchestrate third-party tools at the appropriate time in your component, application process, or pipeline.

Depending on your plugin configuration and how you run procedures, the Input parameters Configuration name field may behave differently in the CloudBees CD/RO UI. For more information, refer to Differences in plugin UI behavior.

Dependencies Scan

Provides the capability to scan your sources dependencies using the JFrog CLI for vulnerabilities.

Input parameters

Table 1. Dependencies Scan input parameters
Parameter	Description
Configuration name	Required. The previously defined configuration for the plugin.
Working directory	Required. The target directory that contains the source files.
Project type	The target project type.
Use Gradle wrapper?	If selected, the Gradle wrapper is used.
JFrog project	JFrog project key that enables Xray to determine security violations.
Repo path	Artifactory repository path in the form of `<repository>/<path in the repository>`, to enable Xray to determine violations.
Watches	A comma-separated list of Xray watches, to enable Xray to determine violations.
Additional options	Specify additional options to be provided to the `jf audit` command. Use spaces or newlines to separate options.
Success criteria	Desired status of the scan. The procedure fails if the criteria cannot be met. If ANY is selected, the procedure completes successfully, even if issues are found.

On-Demand Binary Scan

On-demand binary scanning that enables you to point to a binary in your local file system and receive a report that contains a list of vulnerabilities, licenses, and policy violations for that binary, prior to uploading the binary or build to Artifactory.

Input parameters

Table 2. On-Demand Binary Scan input parameters
Parameter	Description
Configuration name	Required. The previously defined configuration for the plugin.
Path	Required. Specifies the local file system path to artifacts to be scanned. You can specify multiple files by using wildcards. For example: `/path/to/files/` `path/to/files/` to use a relative path in the working directory. `path/to/files/.zip` to scan all the .zip files located in the `path/to/files/` file system directory. `.tgz` to scan all the .tgz files located in the working directory.
Recursive	If selected, artifacts are collected in subdirectories to be scanned by Xray.
JFrog project	JFrog project key, to enable Xray to determine security violations. This parameter is used if the Repo path and Watches parameters are not specified. If none of the parameters are specified, the scan shows all known vulnerabilities.
Repo path	Artifactory repository path in the form of `<repository>/<path in the repository>`, to enable Xray to determine violations. The procedure accepts this parameter only if the JFrog project and Watches parameters are not specified. If none of the parameters are specified, the scan shows all known vulnerabilities.
Watches	A comma-separated list of Xray watches, to enable Xray to determine violations. The procedure accepts this parameter only if the JFrog project and Repo path parameters are not specified. If none of the parameters are specified, the command shows all known vulnerabilities.
Success criteria	Desired status of the scan. The procedure fails if the criteria cannot be met. If ANY is selected, the procedure completes successfully, even if issues are found.
Table output	Enables the table output format.
Extended table output	Adds extended fields, such as CVSS and Xray issue ID, to the table output.

On-Demand Docker Image Scan

Scans Docker containers located on the local file system using the Docker client. The containers do not have to be deployed to Artifactory or any other container registry before it can be scanned.

Input parameters

Table 3. On-Demand Docker Image Scan input parameters
Parameter	Description
Configuration name	Required. The previously defined configuration for the plugin.
Docker image	Required. Specifies the local Docker image with a tag to be scanned. For example, `electricflow/efagent:latest`.
JFrog project	JFrog project key, to enable Xray to determine security violations. This parameter is used if the Repo path and Watches parameters are not specified. If none of the parameters are specified, the scan shows all known vulnerabilities.
Repo path	Artifactory repository path in the form of `<repository>/<path in the repository>`, to enable Xray to determine violations. The procedure accepts this parameter only if the JFrog project and Watches parameters are not specified. If none of the parameters are specified, the scan shows all known vulnerabilities.
Watches	A comma-separated list of Xray watches, to enable Xray to determine violations. The procedure accepts this parameter only if the JFrog project and Repo path parameters are not specified. If none of the parameters are specified, the command shows all known vulnerabilities.
Success criteria	Desired status of the scan. The procedure fails if the criteria cannot be met. If ANY is selected, the procedure completes successfully, even if issues are found.
Timeout	Time, in seconds, to wait for the scan to complete.