...
Table of Contents |
---|
Overview
Info |
---|
Proxy settings are relevant for requests for Mend servers only. Proxy for remote repository requests is not supported. |
This topic describes how the JFrog Artifactory plugin integrates with Mend. The plugin adds additional information to the Artifactory artifacts and updates Mend. Once invoked, all the artifacts' metadata on the Artifactory will be uploaded to the Mend inventory. The Artifactory plugin supports two use cases, our SCA and Supply Chain Defender (SCD).
...
Attribute | Type | Description | Required | Additional Information | ||
---|---|---|---|---|---|---|
wssUrl | String | URL for sending the request. Use the ‘Mend Server URL' which can be retrieved from your Profile page on the 'Server URLs' panel. Then, add the '/agent’ path to it. For example: "https://saas.whitesourcesoftware.com/agent". | No. | |||
apiKey | String | Unique identifier of the organization. This can be retrieved from the Integration page in your Mend account. | Yes | |||
userKey | String | Unique identifier of the user. This can be generated from the Profile page in your Mend account. | Yes | Supported since version 18.5.1 | ||
productName | String | Represents the Artifactory instance and product in Mend. Comment this field to map the repository to the product in Mend (project will also represent the repository). | No | |||
checkPolicies | Boolean | Whether or not to send the check policies request to Mend. | No | |||
forceCheckAllDependencies | Boolean | Used only if
| No | Supported since version 1.0.3 | ||
updateWss | Boolean | Whether or not to send an update to Mend. | Yes | Supported since version 1.0.6 | ||
forceUpdate | Boolean | Whether or not to update the organization inventory regardless of policy violations. | No. The default value is false. | Supported since version 1.0.3 | ||
repoKeys | Array | The list of the repositories to scan. | Yes | |||
useProxy | boolean | Whether or not to use proxy settings. | Yes | |||
proxyHost | String | Proxy host URL. | No | |||
proxyPort | Integer | Proxy port. | No | |||
proxyUser | String | Proxy user name if it exists. | No | |||
proxyPass | String | Proxy password if it exists. | No | |||
archiveIncludes | String | Comma separated list specifying the types of files that will be extracted. | No. | Supported since version 1.0.3 | ||
archiveExtractionDepth | String | Drill down hierarchy level in archive files. | No, the default value is 2. | Supported since version 19.4.2 | ||
includesRepositoryContent | String | Comma separated list specifying which files to include in the scan once the archive is extracted according to the parameters in:
| No | Required since version 1.0.3 | ||
triggerBeforeDownload | Boolean | Whether or not to enforce a Mend policy check on downloaded artifacts from local repositories. When enabled, only Mend policy-approved artifacts will be downloaded. | No, the default value is true. | Supported since version 18.10.3 | ||
triggerBeforeRemoteDownload | Boolean | Whether or not to enforce a Mend policy check on downloaded artifacts from remote repositories. When enabled, only Mend policy-approved artifacts will be downloaded. | No, the default value is true. | Supported since version 21.12.1 | ||
triggerAfterCreate | Boolean | Whether or not to trigger the When a new artifact is uploaded to Artifactory, Mend policies are triggered and additional data is added to the property tab of the artifact. | No, the default value is true. | Supported since version 18.10.3 |
Info |
---|
The extraction depth of the Artifactory Plugin for archived files is currently set to the first level. The Unified Agent has an extraction depth of up to seven levels. |
Cron Scheduling Example
This example demonstrates how to configure a schedule for scanning the Artifactory repositories.
...
Within JFrog, navigate to the Administration tab > Repositories → Add Repository → Remote Repository:
Choose the desired repository package type:
In the newly opened window, enter the desired repository key
Press “Create Remote Repository”
...