JFrog Artifactory is a universal artifact repository manager. It is designed to store, manage, and distribute binaries and artifacts produced during the software development process. These artifacts can include compiled code, libraries, dependencies, Docker images, and more.

Usage of JFrog Artifactory in SSD

The following are the uses of integrating JFrog artifactory with SSD:

• JFrog artifactory notifies each pipeline execution to SSD. It identifies the image for every build and connects SSD to the the artifactory repo to pull the newly built image.

• SSD connects with the Artifactory repo, and pulls the images and runs the security scans on them. The scanned results are available in the Vulnerability Management page, Artifact section of the DBOM page.

• JFrog artifactory helps in collecting metadata such as Artifact SHA to perform the artifact integrity checks and ensure security in the supply chain. The collected information is populated in the DBOM page for audit purposes.

To Integrate JFrog:

1. Navigate to Config > Integrations.

2. In the Artifact panel, click on JFrog.

The JFrog integration page is displayed.

4. Click +New Account.

4. Enter the Account Name, Approved Artifact Repo name, Host Url, Username and Password as shown below:

   • Account Name - The name of the user docker account.

   • Approved Artifact Repo name - The name of the approved artifact repository from which the images are deployed. Security issues are raised by SSD if you try to deploy images from a different repository.

   • Host Url - The host Url link.

   • Username - The username to access the docker account.

   • Password - The password to access the docker account.

6. Click Save. The JFrog atrifacory account gets added.

7. You can edit the entered values by clicking the three dots provided at the end of each added account. Click Edit.

8. Enter the new values and click Update.

The new values get updated.