Scanning Coder Workspaces with JFrog Xray
March 17, 2024
This guide will walk you through the process of adding JFrog Xray integration to Coder Kubernetes workspaces using Coder's JFrog Xray Integration.
Prerequisites
- A self-hosted JFrog Platform instance.
- Kubernetes workspaces running on Coder.
Deploying the Coder - JFrog Xray Integration
- Create a JFrog Platform Access Token with a user that has the read permission for the repositories you want to scan.
- Create a Coder
token with a user
that has the
owner
role. - Create kubernetes secrets for the JFrog Xray and Coder tokens.
kubectl create secret generic coder-token --from-literal=coder-token='<token>'
kubectl create secret generic jfrog-token --from-literal=user='<user>' --from-literal=token='<token>'
- Deploy the Coder - JFrog Xray integration.
helm repo add coder-xray https://helm.coder.com/coder-xray
helm upgrade --install coder-xray coder-xray/coder-xray \
--namespace coder-xray \
--create-namespace \
--set namespace="<CODER_WORKSPACES_NAMESPACE>" \ # Replace with your Coder workspaces namespace
--set coder.url="https://<your-coder-url>" \
--set coder.secretName="coder-token" \
--set artifactory.url="https://<your-artifactory-url>" \
--set artifactory.secretName="jfrog-token"
Updating the Coder template
coder-xray
will scan all kubernetes
workspaces in the specified namespace. It depends on the image
available in
Artifactory and indexed by Xray. To ensure that the images are available in
Artifactory, update the Coder template to use the Artifactory registry.
image = "<ARTIFACTORY_URL>/<REPO>/<IMAGE>:<TAG>"
Note: To authenticate with the Artifactory registry, you may need to create a Docker config and use it in the
imagePullSecrets
field of the kubernetes pod. See this guide for more information.
See an opportunity to improve our docs? Make an edit.
On this page