An integration with artifactory xray would be enormously useful in running security scans against the build artifacts with these features:

Ability to specify which types of artifacts should be scanned and how to locate those artifacts (including file based artifacts and docker containers)

Ability to define rules for failing a build based on security settings

Nice to have:

Automatic promotion from a staging repo (in artifactory) to the production repo for items which have passed

Ability to specify additional checks on that promotion process (workflow steps that must pass for the promotion to succeed)

Automatic cleanup of the staging repo to help keep costs down in artifactory

We're particularly interested in scanning docker containers, jar files (scala and java), and javascript.

CCI-I-1063