JFrog Xray

Muhammad Atif Ali

This guide describes the process of integrating JFrog Xray to Coder Kubernetes-backed workspaces using Coder's JFrog Xray Integration.

Prerequisites

• A self-hosted JFrog Platform instance.
• Kubernetes workspaces running on Coder.

Deploy the Coder - JFrog Xray Integration

1. Create a JFrog Platform Access Token with a user that has the read permission for the repositories you want to scan.

2. Create a Coder token with a user that has the owner role.

3. Create Kubernetes secrets for the JFrog Xray and Coder tokens.

   kubectl create secret generic coder-token \
     --from-literal=coder-token='<token>'
   

   kubectl create secret generic jfrog-token \
     --from-literal=user='<user>' \
     --from-literal=token='<token>'
   

4. Deploy the Coder - JFrog Xray integration.

   helm repo add coder-xray https://helm.coder.com/coder-xray
   

   helm upgrade --install coder-xray coder-xray/coder-xray \
     --namespace coder-xray \
     --create-namespace \
     --set namespace="<your-coder-workspaces-namespace-name>" \
     --set coder.url="https://<your-coder-url>" \
     --set coder.secretName="coder-token" \
     --set artifactory.url="https://<your-artifactory-url>" \
     --set artifactory.secretName="jfrog-token"
   

   To authenticate with the Artifactory registry, you may need to create a Docker config and use it in the imagePullSecrets field of the Kubernetes Pod. See the Defining ImagePullSecrets for Coder workspaces guide for more information.

Validate your installation

Once installed, configured workspaces will now have a banner appear on any workspace with vulnerabilities reported by JFrog Xray.