Jfrog Xray
  • 25 Mar 2025
  • 1 Minute to read
  • Dark
    Light

Jfrog Xray

  • Dark
    Light

Article summary

Jfrog Xray software composition analysis (SCA) solution natively integrates with Artifactory, giving developers and DevSecOps teams an easy way to proactively identify vulnerabilities on open source and license compliance violations. More information can be found at Jfrog Xray.

Integration Method: API

Tables: Vulnerability Finding (2002)

This integration supports the following events.

Event

Description

Artifact Summary

Fetches Vulnerabilities found in artifacts scan.

This integration supports the following versions.

Jfrog Xray Version

Cloud version 3.114.6

Jfrog Xray API version

v1.0

Prerequisites

  • Access to the Jfrog portal with an account that has the Global Administrator privileges. Portal URL looks like https://<hostname>.jfrog.io/.

  • Access to the DataBee console.

Configuration Overview

  1. Generate a Access token with the required scope to access API.

  2. Add the Jfrog Xray in the DataBee console with the below parameters.

    DataBee Parameter

    Jfrog Xray Parameter

    API Base URL (<hostname>)

    hostname

    Token

    Access Token

Jfrog Xray Configuration

  1. Login to Jfrog portal.

    1. Copy the instance URL as shown below. This is the hostname required by DataBee during configuration.
       A screenshot of a computer  AI-generated content may be incorrect.

  2. Once logged in, click on Administration.


    A screenshot of a computer  AI-generated content may be incorrect.

  3. From left side panel, click on User management > Access Tokens then click Generate Token on the top right.
     A screenshot of a computer  AI-generated content may be incorrect.

  4. Select Scoped Token, fill ‘Description’ field and choose User from ‘Token Scope’ dropdown.
     

  5. Select the username from dropdown for which access token need to be generated.
     

    Note:

    This is least privilege scope. Users will be part of readers group by default, please ensure that user for which token is generated is part of readers groups. Please refer for detailed user management guideline.

  6. Uncheck All checkbox and choose Xray from ‘Service’ dropdown.
     

  7. Choose Never from ‘Expiration time’ dropdown and click on Generate.
     

  8. Copy the token and keep it safe since it can't be retrieved later.
     A screenshot of a computer  AI-generated content may be incorrect.

DataBee Configuration

  1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
     

  2. Search for the Jfrog Xray and click it as shown below.
     A screenshot of a computer  AI-generated content may be incorrect.

  3. Click on the API Ingest option for collection method.
     

  4. Enter feed contact information and click Next.
     

  5. In the configuration page, confirm the following:

    • Authorization Method: Bearer Token

    • API Base URL: this is the base URL that DataBee will interact with. Replace <hostname> placeholder with your organization instance name.

    • Token: paste the Access Token generated earlier

    • Event Types: preselected for all the event types that integration pulls.
       

  6. Click Submit.

Troubleshooting Tips

  • Ensure the token is pasted correctly. Since you cannot view the token after the 1st time, re-create the token by following jfrog configuration steps, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.

  • Ensure the scope is set as required, minimum users level scope is needed.


Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence