View Results in JFrog

We have built and published our Docker image. Let’s view these results in JFrog Artifactory.

  1. Go to your JFrog Platform instance and switch to the Packages view in Artifactory. Go to ArtifactoryPackages.
  2. Type workshop-app and search. This will show the Docker image that was just build.
  3. Click on it to view the details. Docker Workshop App
  4. This will show a list of the versions. Click on the latest version that was built. Docker Workshop App Versions
  5. In the Xray Data tab, view the security violations. License violations are available in the JFrog Platform Pro and Enterprise tiers. Xray Data
  6. Click on any violation to see the details and impact in the Issue Details tab. Xray Detail
  7. Scroll down to the References section to access links to documentation that can help you remediate the issue. Xray Detail References

Xray supports all major package types, understands how to unpack them, and uses recursive scanning to see into all of the underlying layers and dependencies of components, even those packaged in Docker images, and zip files. The comprehensive vulnerability intelligence databases are constantly updated giving the most up-to-date understanding of the security and compliance of your binaries.

  1. Close the Issue Details tab.
  2. View the Docker configuration for the image in the Docker Layers tab.
  3. On the Builds tab, click on workshop_app_build in the list. Build List
  4. Then click on your most recent build.
  5. View your build data across the various tabs. Build Data

Our JFrog CI/CD pipeline provided an overview of a typical build, docker build and push, security scan, promotion and deploy process using JFrog Artifactory, Xray, Pipelines and Azure AKS.