HTTPS SSH

Bitbucket Pipelines Pipe: Artifactory Xray Scan

This pipe scans a build with JFrog Xray to identify security vulnerabilities and compliance issues.

YAML Definition

Add the following snippet to the script section of your bitbucket-pipelines.yml file:

- pipe: JfrogDev/artifactory-xray-scan:0.3.2
  variables:
    ARTIFACTORY_URL: '<string>'
    ARTIFACTORY_USER: '<string>'
    ARTIFACTORY_PASSWORD: '<string>'
    # BUILD_NAME: '<string>' # Optional.
    # JFROG_CLI_TEMP_DIR: '<string>' # Optional.
    # JFROG_CLI_HOME_DIR: '<string>' # Optional.
    # EXTRA_ARGS: '<string>' # Optional.
    # DEBUG: '<boolean>' # Optional.

Variables

Variable Usage
ARTIFACTORY_URL (*) The JFrog Artifactory URL .
ARTIFACTORY_USER (*) Artifactory User with permission to access artifacts.
ARTIFACTORY_PASSWORD (*) Password for Artifactory User.
BUILD_NAME (*) Build Name. Default: $BITBUCKET_REPO_OWNER-$BITBUCKET_REPO_SLUG-$BITBUCKET_BRANCH
JFROG_CLI_TEMP_DIR Specifies the JFrog CLI temp directory. Default: .
JFROG_CLI_HOME_DIR Specifies the JFrog CLI temp directory. Default: .
EXTRA_ARGS Extra arguments to be passed to the JFrog CLI command (see JFrog CLI docs for more details). Defaults to unset.
DEBUG Set to true to output additional debug information. Default: false.

(*) = required variable.

Prerequisites

JFrog Artifactory details are necessary to use this pipe.

Examples

Basic example

Scan Build with JFrog Xray.

script:
  - pipe: JfrogDev/artifactory-xray-scan:0.3.2
    variables:
      ARTIFACTORY_URL: '<string>'
      ARTIFACTORY_USER: ${ARTIFACTORY_USER}
      ARTIFACTORY_PASSWORD: ${ARTIFACTORY_PASSWORD}

Advanced example

Complete example of downloading, uploading, scanning and promoting artifacts to Artifactory using JFrog Pipes.

    - step:
        services:
        - docker
        name: "generic-pipe-example"
        script:
        # Download artifacts from Artifactory
        - pipe: JfrogDev/artifactory-generic-download:0.2.11
          variables:
            ARTIFACTORY_URL: $ARTIFACTORY_URL
            ARTIFACTORY_USER: $ARTIFACTORY_USER
            ARTIFACTORY_PASSWORD: $ARTIFACTORY_PASSWORD
            FILE_SPEC: "false"
            SOURCE_PATH: "generic-local/*.zip"
            TARGET_PATH: "./generic/"
            BUILD_NAME: "generic-pipe-example"
            COLLECT_BUILD_INFO: "false"
            COLLECT_GIT_INFO: "false"
        # Upload artifacts to Artifactory
        - pipe: JfrogDev/artifactory-generic-upload:0.2.11
          variables:
            ARTIFACTORY_URL: $ARTIFACTORY_URL
            ARTIFACTORY_USER: $ARTIFACTORY_USER
            ARTIFACTORY_PASSWORD: $ARTIFACTORY_PASSWORD
            FILE_SPEC: "false"
            SOURCE_PATH: "generic/*.zip"
            TARGET_PATH: "generic-local/"
            BUILD_NAME: "generic-pipe-example"
        # Scan published build through Xray
        - pipe: JfrogDev/artifactory-xray-scan:0.3.2
          variables:
            ARTIFACTORY_URL: $ARTIFACTORY_URL
            ARTIFACTORY_USER: $ARTIFACTORY_USER
            ARTIFACTORY_PASSWORD: $ARTIFACTORY_PASSWORD
            BUILD_NAME: "generic-pipe-example"
        # Promote Build in Artifactory
        - pipe: JfrogDev/artifactory-build-promotion:0.2.10
          variables:
            ARTIFACTORY_URL: $ARTIFACTORY_URL
            ARTIFACTORY_USER: $ARTIFACTORY_USER
            ARTIFACTORY_PASSWORD: $ARTIFACTORY_PASSWORD
            TARGET_REPO: "generic-prod-local"
            STATUS: "Staged"
            BUILD_NAME: "generic-pipe-example"
        # Promote Build in Artifactory
        - pipe: JfrogDev/artifactory-build-promotion:0.2.10
          variables:
            ARTIFACTORY_URL: $ARTIFACTORY_URL
            ARTIFACTORY_USER: $ARTIFACTORY_USER
            ARTIFACTORY_PASSWORD: $ARTIFACTORY_PASSWORD
            TARGET_REPO: "generic-prod-local"
            STATUS: "Promoted"
            BUILD_NAME: "generic-pipe-example"

Support

If you'd like help with this pipe, or you have an issue or feature request, let us know on.

If you're reporting an issue, please include:

  • the version of the pipe
  • relevant logs and error messages
  • steps to reproduce

License

Apache 2.0 licensed, see LICENSE file.