Skip to main content

Set up the JFrog Xray connector

JFrog Xray is a security and compliance tool that scans software artifacts, containers, and dependencies for vulnerabilities and license risks. Integrated with JFrog Artifactory, it performs deep recursive scanning to detect security issues across all layers.

By integrating JFrog Xray, Veracode Risk Manager (VRM) leverages its insights to recommend the best next actions for security teams, ensuring seamless alignment with their broader tool stack and promoting a unified, strategic approach to security management.

Complete the following tasks to set up your VRM connector for JFrog Xray.

JFrog requirements

To configure the VRM connector, you must have the JFrog Platform Admin role or the Project Admin role for the project that you want to integrate with VRM.

Create a group

Create a group in JFrog Xray that has the Manage Reports role so VRM can fetch your compliance findings.

Though you can assign the token to a user, Veracode recommends using a group to avoid failures if a user is not part of the system any longer.

  1. In the JFrog Platform, select the Administration tab.

  2. From the left navigation menu, select User Management > Groups.

  3. Select New Group.

  4. Enter a name and, optionally, a description for the group.

  5. Under Roles, select Manage Reports.

    JFrog create group

    NOTE: You do not need to add users to the group in order to integrate with VRM.

  6. Select Save.

Create a token

Create a token that you must use to grant VRM access to your JFrog Xray repositories.

  1. In the JFrog Platform, from the left navigation menu, select User Management > Access Tokens.

  2. Select Generate Token.

  3. For Token Scope, select Group.

    JFrog create token

  4. For Groups, select the group that you created in Create a Group.

  5. For Service, select All.

  6. Select an expiration time. When the token expires, you will need to update the token in the VRM platform.

  7. Select Generate.

  8. Copy the token to a secure location.

Create a VRM connector

  1. In VRM, from the left navigation menu, select the Settings icon settings_icon.png.
  2. Select Add Connector.
  3. Select the JFrog Xray tile.
  4. Enter a name for the connector.
  5. For Access Token, paste the token that you generated in JFrog Xray.
  6. For URL, enter the base URL for your organization's JFrog Platform account. For example: MyOrganization.jfrog.io
  7. Select Add Connector.

Validate your data

After successfully connecting the JFrog Xray Connector within VRM, it will take some time for VRM to fetch the asset data.

After the connector has completed the fetch, validate that VRM correctly ingested the data.

  1. In VRM, select Findings Findings icon from the left navigation menu.
  2. Select the Findings Source filter and select JFrog Xray.

The Findings table lists the JFrog Xray vulnerability findings.

Last updated on