-3

We are having AzureCR as our container registry and our Azure Devops build pipelines having docker image build and push tasks to create various application specific custom images over the dockerhubs base images.

We need to have all these custom images and the dockerhub- base public images scanned using the Jfrog Xray before the custom images pushed to the ACR and other deployment taks.

How the Jfrog xray tool can be integrated with Azure Pipeline yaml file to scan the newly built custom images just after the maven build & docker image build tasks and before the image push to ACR .

Is there any way to integrate Azure Devops and jfrog Xray together to scan these custom images as part of Azure Pipeline build just before the push to ACR ?

Tried pipeline

parameters:
  imageName: ''
  includeLatestTag: false
  buildContext: '$(System.DefaultWorkingDirectory)/release/target/docker'
  publishDocker: ''


steps:
- task: Docker@1
  inputs:
    azureSubscriptionEndpoint: 'mysub'
    azureContainerRegistry: $(containerRegistry)
    command: build
    includeLatestTag: ${{ parameters.includeLatestTag }}
    dockerFile: '${{ parameters.buildContext }}/Dockerfile'
    useDefaultContext: false
    buildContext: ${{ parameters.buildContext }}
    imageName: ${{ parameters.imageName }}
    arguments: $(buildArgs)
  name: Build_Docker_Image
  displayName: 'Build Docker image'
  
  
- task: JFrogDocker@1
  inputs:
    command: 'Scan'
    xrayConnection: 'jfrog xray token'
    watchesSource: 'none'
    licenses: true
    allowFailBuild: true
    threads: '3'
    skipLogin: false  
  
- task: Docker@1
  inputs:
    azureSubscriptionEndpoint: 'mysub'
    azureContainerRegistry: $(containerRegistry)
    command: push
    includeLatestTag: ${{ parameters.includeLatestTag }}
    dockerFile: '${{ parameters.buildContext }}/Dockerfile'
    useDefaultContext: false
    buildContext: ${{ parameters.buildContext }}
    imageName: ${{ parameters.imageName }}
  name: Push_Docker_Image
  displayName: 'Push Docker image'

I tried to add the below task in between Dicker image build and push tasks . But not getting any option scan them . Any guidance?

Vowneee
  • 956
  • 10
  • 33
  • This question is confusing - Are you referring to the Azure container registry or the Artifactory container registry? Xray integrated only with Artifactory. – shaibz Dec 21 '22 at 13:49
  • So that means Xray cant images another registries that artifactory. ? – Vowneee Dec 22 '22 at 08:22

2 Answers2

1

The new JFrog extension, JFrog Azure DevOps Extension, has the JFrog Docker task that allows scanning local docker images (as well as pulling and pushing them from/to Artifactory).

Prostagma
  • 1,756
  • 9
  • 21
  • I tried to add the above tasks in between docker image build and push tasks respectively, however i am not sure to parameterize this taks the same way as above and passing imag name dynamically to scan – Vowneee Dec 22 '22 at 14:36
  • also the document is not suggesting about how to create the service connection for Xray for the same – Vowneee Dec 22 '22 at 14:37
  • The Extenion is not providing option "scan" for the image scanning – Vowneee Jan 01 '23 at 13:06
  • Make sure you are using the [new extension](https://marketplace.visualstudio.com/items?itemName=JFrog.jfrog-azure-devops-extension) – Prostagma Jan 02 '23 at 08:54
  • same same extension only trying and getting ebelow error. "We've encountered an error while downloading the extension. Please try again later. Permission section could not be loaded: We are using Azuredevops server and whether this version is supported? – Vowneee Jan 02 '23 at 10:57
-1

By adding the Xray scan task following the instructions here, we can have the build task wait for the Xray scan to complete. However, it is necessary for the build to publish the build information first to the Artifactory in order to have the Xray processing initiated.

So, my proposal here is to have the build promotion enabled against the target repository to push the images, when the build scan stage is completed.

Yuvarajan
  • 450
  • 2
  • 5