Home
/
Guides
/
Scanning Coder Workspaces with JFrog Xray

Scanning Coder Workspaces with JFrog Xray

March 17, 2024

This guide will walk you through the process of adding JFrog Xray integration to Coder Kubernetes workspaces using Coder's JFrog Xray Integration.

Prerequisites

  • A self-hosted JFrog Platform instance.
  • Kubernetes workspaces running on Coder.

Deploying the Coder - JFrog Xray Integration

  1. Create a JFrog Platform Access Token with a user that has the read permission for the repositories you want to scan.
  2. Create a Coder token with a user that has the owner role.
  3. Create kubernetes secrets for the JFrog Xray and Coder tokens.
kubectl create secret generic coder-token --from-literal=coder-token='<token>'
kubectl create secret generic jfrog-token --from-literal=user='<user>' --from-literal=token='<token>'
  1. Deploy the Coder - JFrog Xray integration.
helm repo add coder-xray https://helm.coder.com/coder-xray

helm upgrade --install coder-xray coder-xray/coder-xray \
  --namespace coder-xray \
  --create-namespace \
  --set namespace="<CODER_WORKSPACES_NAMESPACE>" \ # Replace with your Coder workspaces namespace
  --set coder.url="https://<your-coder-url>" \
  --set coder.secretName="coder-token" \
  --set artifactory.url="https://<your-artifactory-url>" \
  --set artifactory.secretName="jfrog-token"

Updating the Coder template

coder-xray will scan all kubernetes workspaces in the specified namespace. It depends on the image available in Artifactory and indexed by Xray. To ensure that the images are available in Artifactory, update the Coder template to use the Artifactory registry.

image = "<ARTIFACTORY_URL>/<REPO>/<IMAGE>:<TAG>"

Note: To authenticate with the Artifactory registry, you may need to create a Docker config and use it in the imagePullSecrets field of the kubernetes pod. See this guide for more information.

JFrog Xray Integration

See an opportunity to improve our docs? Make an edit.