CircleCI Ideas

Build an orb for integrating with Artifactory XRay

An integration with artifactory xray would be enormously useful in running security scans against the build artifacts with these features:

  • Ability to specify which types of artifacts should be scanned and how to locate those artifacts (including file based artifacts and docker containers)
  • Ability to define rules for failing a build based on security settings

Nice to have: 

  • Automatic promotion from a staging repo (in artifactory) to the production repo for items which have passed 
  • Ability to specify additional checks on that promotion process (workflow steps that must pass for the promotion to succeed)
  • Automatic cleanup of the staging repo to help keep costs down in artifactory

We're particularly interested in scanning docker containers, jar files (scala and java), and javascript.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jun 4 2019
  • New
  • Attach files