The following examples illustrate how you can use the Xray plugin in CloudBees CD/RO to:
Perform on-demand binary scans
Within pipelines, you can use the Xray plugin to perform on-demand binary scans on project binary artifacts.
You must have a plugin configuration to add for the pipeline on-demand binary scan task. |
To perform an on-demand binary scan:
-
After checking out a binary in a project pipeline step, select Add task.
-
Give the new task a name, and then select Define.
-
For the Task type, select Plugin.
-
For the Plugin, select Xray.
-
For the Procedure, select On-Demand Binary Scan.
-
Select Input parameters.
-
Fill in the required parameters:
-
In the Configuration Name field, add the Xray plugin configuration.
-
In the Path field, add the path to the binary that you want to scan.
-
-
Specify the other parameters, as required for your project.
The Success criteria field can be configured to include both positive and negative reporting. -
Select Save changes to save the task configuration.
-
Select Assign a Resource or Resource Pool.
-
Add the resource you configured for the plugin configuration, and then select Save.
-
Select Save changes to save the task.
You can now run the pipeline, and this task returns the findings of the vulnerabilities scan.
Use JFrog Xray watches in pipelines
Within pipelines, you can use JFrog Platform Xray Watches configured with basic or custom policies as scanning criteria for your artifacts.
To perform the following steps, you must have a Watch configured in JFrog. For more information, refer to JFrog’s Configuring watches and policies documentation. |
To implement your JFrog Watches within the plugin:
-
After checking out a binary in a project pipeline step, select Add task.
-
Give the new task a name, and then select Define.
-
For the Task type, select Plugin.
-
For the Plugin, select Xray.
-
For the Procedure, select the type of scan you want to perform.
-
Select Input parameters.
-
Fill in the required parameters:
-
For the Configuration Name parameter, add the Xray plugin configuration.
-
For the Path parameter, add the path to the binary you want scanned.
-
-
For the Watches parameter, enter the name of a watch configured in JFrog. This configures your JFrog Xray Watch to be used as the scanning parameter.
-
Fill in the other parameters as needed for your project.
The Success criteria field can be configured to include both positive and negative reporting. -
Select Save changes to save the task configuration.
-
Select Assign a Resource or Resource Pool.
-
Add the resource you configured for the plugin configuration, and then select Save.
-
Select Save changes to save the task.
You can now run the pipeline and this task uses your JFrog Watch as the scanning criteria.