Skip to content

rbuke/jfrog-gradle-image-scanning-examples

BranchesTags

Repository files navigation

JFrog Xray scanning workflows for gradle projects that use the Jib plugin to create and publish images.


Each workflow builds the image using the jib gradle plugin, scans the image using the JFrog CLI, and then publishes to Artifactory.


Java code taken from jib official examples

Workflows:

scan-and-publish

  • Builds the image using the jibDockerBuild gradle task.
  • Scans the image with Xray.
  • Uploads the image to Artifactory.
  • Publishes the build information to Artifactory.
  • Recommended method as only one build of the image is required.

local-tar

  • Initially, the image is built as a tar using the ./gradlew jibBuildTar gradle task.
  • The tar of the image is scanned using Xray.
  • The image is then published to Artifactory using the jib gradle task.
  • This method requires two builds which could signficantly affect the time the workflow takes to complete.

TO DO: Remove hardcoded values from workflows.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

Test 2 Latest
Oct 14, 2023
+ 1 release

Packages

 
 
 

Contributors

Languages