- 25 Mar 2025
- 1 Minute to read
- Print
- DarkLight
Jfrog Xray
- Updated on 25 Mar 2025
- 1 Minute to read
- Print
- DarkLight
Jfrog Xray software composition analysis (SCA) solution natively integrates with Artifactory, giving developers and DevSecOps teams an easy way to proactively identify vulnerabilities on open source and license compliance violations. More information can be found at Jfrog Xray.
Integration Method: API
Tables: Vulnerability Finding (2002)
This integration supports the following events.
Event | Description |
---|---|
Artifact Summary | Fetches Vulnerabilities found in artifacts scan. |
This integration supports the following versions.
Jfrog Xray Version | |
Jfrog Xray API version | v1.0 |
Prerequisites
Access to the Jfrog portal with an account that has the Global Administrator privileges. Portal URL looks like https://<hostname>.jfrog.io/.
Access to the DataBee console.
Configuration Overview
Generate a Access token with the required scope to access API.
Add the Jfrog Xray in the DataBee console with the below parameters.
DataBee Parameter
Jfrog Xray Parameter
API Base URL (<hostname>)
hostname
Token
Access Token
Jfrog Xray Configuration
Login to Jfrog portal.
Copy the instance URL as shown below. This is the hostname required by DataBee during configuration.
Once logged in, click on Administration.
From left side panel, click on User management > Access Tokens then click Generate Token on the top right.
Select Scoped Token, fill ‘Description’ field and choose User from ‘Token Scope’ dropdown.
Select the username from dropdown for which access token need to be generated.
Note:
This is least privilege scope. Users will be part of readers group by default, please ensure that user for which token is generated is part of readers groups. Please refer for detailed user management guideline.
Uncheck All checkbox and choose Xray from ‘Service’ dropdown.
Choose Never from ‘Expiration time’ dropdown and click on Generate.
Copy the token and keep it safe since it can't be retrieved later.
DataBee Configuration
Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for the Jfrog Xray and click it as shown below.
Click on the API Ingest option for collection method.
Enter feed contact information and click Next.
In the configuration page, confirm the following:
Authorization Method: Bearer Token
API Base URL: this is the base URL that DataBee will interact with. Replace <hostname> placeholder with your organization instance name.
Token: paste the Access Token generated earlier
Event Types: preselected for all the event types that integration pulls.
Click Submit.
Troubleshooting Tips
Ensure the token is pasted correctly. Since you cannot view the token after the 1st time, re-create the token by following jfrog configuration steps, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.
Ensure the scope is set as required, minimum users level scope is needed.