JFrog Artifactory

JFrog Artifactory is a universal artifact repository manager. It is designed to store, manage, and distribute binaries and artifacts produced during the software development process. These artifacts can include compiled code, libraries, dependencies, Docker images, and more.

Usage of JFrog Artifactory in Delivery Shield

The following are the uses of integrating JFrog artifactory with Delivery Shield:

JFrog artifactory notifies each pipeline execution to Delivery Shield. It identifies the image for every build and connects Delivery Shield to the the artifactory repo to pull the newly built image.
Delivery Shield connects with the Artifactory repo, and pulls the images and runs the security scans on them. The scanned results are available in the Vulnerability Management page, Artifact section of the DBOM page.
JFrog artifactory helps in collecting metadata such as Artifact SHA to perform the artifact integrity checks and ensure security in the supply chain. The collected information is populated in the DBOM page for audit purposes.

To Integrate JFrog:

Navigate to Config > Integrations.
In the Artifact panel, click on JFrog.

You can use the toggle button provided below the integration tile to enable or disable it as needed.

The JFrog integration page is displayed. Click +New Account.
In the popup that appears, enter the following details:

Account Name - Enter the name of the user docker account.
Repository Url - Enter the Url of the approved artifact repository from which the images are deployed. Security issues are raised by SSD if you try to deploy images from a different repository.
Username - Enter the username to access the docker account.
Password - Enter the password to access the docker account.
Select the Teams and the corresponding Environments from the dropdown for which you want the integration to be available. The integration will be available for the selected teams and environment only.
You can select up to 5 teams for the integration to be displayed.
- An example is given below for reference:
- In the example above,
  - if Team 1, Team 2, and Team 3 are selected, only applications associated with these teams can access the integration. Any applications belonging to other teams, such as Team 4, will not have access to this account.
  - Even if the user who created this account is also an admin for Team 4, the integration account remains restricted and is not available for Team 4.
  - Access to the account is strictly limited to the specified Teams and Environments selected during account creation.
- For Organization Admins:
  - When an Organization Admin creates an account without selecting specific Teams and Environments, the account will be universally applicable, granting access to all teams and all environments by default.
- For Team Admins with Multiple Teams:
  - If a Team Admin who manages multiple teams creates an account without specifying particular Teams and Environments, the account will only be accessible to the teams for which the logged-in user holds admin privileges.

Click Save. The JFrog atrifacory account gets added.
You can edit the entered values by clicking the three dots provided at the end of each added account. Click Edit.

Enter the new values and click Update.

The new values get updated.

PreviousGoogle Artifact Registry NextIntegrating Security Scanning tools in Delivery Shield

Last updated 29 days ago

Was this helpful?