Can JFrog Xray be used to scan Maven artifact directly? All examples and resources I can find shows only Xray scanning Docker Images where it also scans layer with java application and its dependencies.
But can one scan Maven artifact directly even if its not part of any Docker images?
As you can se in the official JFrog Xray documentation, it supports many more technologies. NPM, NuGet, Docker and RPM just to name a few.
The artifacts are scanned regardless of what contains them, as long as they are hosted in a JFrog Artifactory repository that is configured to be scanned by Xray.
BTW, scanning is recursive, so if you have an NPM module in an RPM, it would also be scanned and reported.
Related
We have Artifactory Pro license version 7.27.10. As an Admin we don't see the Projects tab in the UI. Do we need the Enterprise or Enterprise+ license?
From Artifactory 7.17.4, Projects is enabled by default in the JFrog Platform for Enterprise and Enterprise+ subscriptions, as stated in the JFrog wiki page HERE
That said, from Artifactory 7.31.10, the JFrog Projects feature is supported on all JFrog Subscriptions, as follows:
All JFrog subscription types can create up to three projects in parallel to JFrog supporting extended usage of 30 projects for Enterprise subscriptions, and 300 projects for Enterprise+ subscriptions.
For further read please refer to HERE
I am trying to move all repositories I am using to Nexus 3. I use Apache Archiva as a Maven repository. I read that it's possible to copy repos between Archiva and Nexus 2. Is there any way to do the same with Nexus 3 ?
I have tried to do a workaround and succeeded. I created an instance of Nexus2 and migrated Archiva there. After that I have used the upgrade agent from Capabilities to migrate from Nexus2 to 3. Not a complicated way and is fast as well.
I've noticed a different repository structure for a conan repository in Artifactory.
1. Artifactory Enterprise 6.3.2
Repository Layout: conan-default
Repository strucutre: repository_name/conan_username/conan_package_name/version/channel
2. Artifactory Enterprise 5.4.6
Repository Layout: conan-default
Repository strucutre: repository_name/conan_package_name/version/conan_username/channel
Do you know why? Is it because the Artifactory version? I haven't found anything in Artifactory release notes related to the conan repository structure.
The default layout for conan packages was migrated in Artifactory 6, to match other package managers default layouts that put the user (organization) name first, as the most important classification of packages.
The migration should be automatic, and affect only the visual appearance in Artifactory web UI. If there is some other changes, or the conan client breaks (and this is the reason you are asking), then, it is a failing migration in Artifactory upgrade. It should be reported to JFrog and ask support to help recover it.
In the CodeShip Pro documentation, the recommendation for doing Continuous Deployment to Digital Ocean involves encrypting an SSH private key, and storing that in your repository. To do this, you need to install jet on your machine. Unfortunately, jet is not available on my platform (Win 10 64-bit).
In every CodeShip project, there's an SSH key generated by CodeShip, and controlled by them. The documentation doesn't describe how to use that SSH key in a CodeShip Pro setup. Is there a way to do so? Or is it only available in CodeShip Basic projects?
I'm trying to get a .NET Core 1.1 project built, copied, and deployed, with external system package dependencies. The commands involved include a big pile of apt-get work for setup, dotnet restore, dotnet build, maybe a dotnet publish, and an scp step for the deploy itself.
I have a maven project called myproject.app. I also have another project using vaadin and gwt called myproject.ui and another project, which is an Xcore-Project converted to Maven called myproject.model.
I want to aggregate them all in a war. For this I have a myproject.war with a pom declaring the dependencies.
For Vaadin and GWT everthing is working fine as these projects are pure maven projects. The Xcore project gives me headaches because I can't manage to provide the Plugin Dependencies declared in this project in the war.
I have tried to add the needed libraries in the pom but I can only get old versions (2.2.3) from Central - the XCore project uses 2.8./3.8..
How can I solve this?
The answer is to convert the eclipse dependencies (EMF, XCore ...) to maven artifacts using the Maven Tools 4 Eclipse.
http://wiki.eclipse.org/MT4E_FAQ
For professional usage it is necessary to setup a maven repository, I used Nexus with success (if you are developing locally and alone it would be enough to install the artifacts in you local repository).
http://www.sonatype.org/nexus/
You can get it working by setting up a hosted repository with the converted Eclipse artifacts (documented in the mt4e reference) and creating a repository group aggregating the preconfigured maven central proxy and the hosted repository with the eclipse artifacts.
You need to setup your local settings.xml to use the nexus and you're good to go. Eclipse's artifacts are usable via maven coordinates.
Keep the orbit artifacts in mind and design your patch files carefully.