JFrog CLI and JFrog Xray for code scan

Rodrigo
Feb 22, 2022
1 min read

JFrog CLI is a small and clever client that offers a simple interface for automating access to JFrog products, making your automation scripts more legible and maintainable.

Referene video from Jfrog: https://www.abstractcloud.in/learning-modules

JFrog Xray detects security vulnerabilities and licences in your software components by scanning your artefacts, builds, and Release Bundles for OSS components. The scan's results are subsequently displayed throughout the JFrog Platform.

How it works?

Download JFrog:

https://jfrog.com/getcli/

Using CMD: choco install jfrog-cli-v2-jf

1. Configure the JFrog in cmd: Open cmd as administrator, download the cli.

2. Add Jfrog configurations:

jfrog c add

3. Test Jfrog configuration:

jfrog rt ping

4. To upload or download the artifactory files from jfrog;

jfrog rt u <filename.zip> <repository_name> ----------> to upload

jfrog rt dl /<filename.zip> ------------> to download

jfrog rt del /<filename.zip> ------------> to delete in jfrog repo

5. To test the artifacts/source code repo for Security Violations and License Compliance Violations.

jf s "C:\Your-source-code/zip fie location" --watches "watch1"

JFrog CLI Cheatsheet

JFrog XRAY workflow