Artifact Scanning
Artifact Scanning
Artifact Scanning extends security validation beyond container images to all other components in the software supply chain — binaries, packages, libraries, build outputs, and third-party dependencies — ensuring the entire delivery chain is trusted, not just the final image.
Modern applications depend heavily on open-source and third-party components. Any one of these can introduce known CVEs, license violations, tampered artifacts, or hidden malicious code — risks that container image scanning alone does not fully cover.
Why Artifact Scanning Is Used in OpsMx
OpsMx uses Artifact Scanning in Delivery Shield to:
Validate all build outputs and dependencies before they are consumed or promoted to the next pipeline stage
Maintain a trusted artifact repository — enforcing strict controls on which artifacts are allowed into the build and deployment process
Detect tampered or untrusted artifacts — verifying artifact integrity against expected checksums and signatures
Provide end-to-end supply chain visibility — every component from code to packaged artifact is accounted for and assessed
Key Capabilities
Dependency Vulnerability Scanning
CVE detection across all third-party libraries and packages
License Compliance
Flags license types that violate organizational policy (GPL, AGPL, etc.)
Artifact Integrity Verification
Validates artifact checksums and code signing against approved baselines
SBOM Generation
Full SBOM per artifact in CycloneDX or SPDX format
JFrog Xray Integration
Deep recursive scanning of artifacts in JFrog Artifactory repositories
Hidden Malicious Code Detection
Identifies supply chain attacks where legitimate packages have been compromised
Results in Delivery Shield
Artifact section of the DBOM page — artifact findings tied to each deployment record
Vulnerability Management page — consolidated findings across all artifact types
View Open Security Issues page — active issues prioritized by severity for immediate action
Last updated