• Stars
    star
    149
  • Rank 248,619 (Top 5 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created about 3 years ago
  • Updated 2 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Terraform provider to manage JFrog Xray

Terraform Provider Xray

Actions Status Go Report Card

To use this provider in your Terraform module, follow the documentation here.

Xray general information

Xray API Documentation

Quick Start

Create a new Terraform file with xray resource (and artifactory resource as well):

HCL Example
# Required for Terraform 0.13 and up (https://www.terraform.io/upgrade-guides/0-13.html)
terraform {
  required_providers {
    artifactory = {
      source  = "registry.terraform.io/jfrog/artifactory"
      version = "2.9.1"
    }

    project = {
      source  = "registry.terraform.io/jfrog/project"
      version = "1.0.1"
    }

    xray = {
      source  = "registry.terraform.io/jfrog/xray"
      version = "0.0.1"
    }
  }
}
provider "artifactory" {
  // supply ARTIFACTORY_USERNAME, ARTIFACTORY_PASSWORD and ARTIFACTORY_URL as env vars
}

provider "project" {
  // supply PROJECT_URL, PROJECT_ACCESS_TOKEN as env vars
  url = "${var.project_url}"
  access_token = "${var.project_access_token}"
}

provider "xray" {
// Also user can supply the following env vars:
// JFROG_URL or XRAY_URL
// XRAY_ACCESS_TOKEN or JFROG_ACCESS_TOKEN
}

resource "random_id" "randid" {
  byte_length = 2
}

resource "artifactory_user" "user1" {
  name     = "user1"
  email    = "[email protected]"
  groups   = ["readers"]
  password = "Passw0rd!"
}

resource "artifactory_local_docker_v2_repository" "docker-local" {
  key             = "docker-local"
  description     = "hello docker-local"
  tag_retention   = 3
  max_unique_tags = 5
  xray_index = true # must be set to true to be able to assign the watch to the repo
}

resource "artifactory_local_gradle_repository" "local-gradle-repo" {
  key                             = "local-gradle-repo-basic"
  checksum_policy_type            = "client-checksums"
  snapshot_version_behavior       = "unique"
  max_unique_snapshots            = 10
  handle_releases                 = true
  handle_snapshots                = true
  suppress_pom_consistency_checks = true
  xray_index = true # must be set to true to be able to assign the watch to the repo
}

resource "project" "myproject" {
  key          = "test"
  display_name = "My Project"
  description  = "My Project"
  admin_privileges {
    manage_members   = true
    manage_resources = true
    index_resources  = true
  }
}

resource "project" "myproject1" {
  key          = "test1"
  display_name = "My Project"
  description  = "My Project"
  admin_privileges {
    manage_members   = true
    manage_resources = true
    index_resources  = true
  }
}


resource "xray_security_policy" "security1" {
  name        = "test-security-policy-severity-${random_id.randid.dec}"
  description = "Security policy description"
  type        = "security"

  rule {
    name     = "rule-name-severity"
    priority = 1

    criteria {
      min_severity = "High"
    }

    actions {
      webhooks = []
      mails    = ["[email protected]"]
      block_release_bundle_distribution  = true
      fail_build                         = true
      notify_watch_recipients            = true
      notify_deployer                    = true
      create_ticket_enabled              = false // set to true only if Jira integration is enabled
      build_failure_grace_period_in_days = 5     // use only if fail_build is enabled

      block_download {
        unscanned = true
        active    = true
      }
    }
  }
}

resource "xray_security_policy" "security2" {
  name        = "test-security-policy-cvss-${random_id.randid.dec}"
  description = "Security policy description"
  type        = "security"

  rule {
    name     = "rule-name-cvss"
    priority = 1

    criteria {

      cvss_range {
        from = 1.5
        to   = 5.3
      }
    }

    actions {
      webhooks = []
      mails    = ["[email protected]"]
      block_release_bundle_distribution  = true
      fail_build                         = true
      notify_watch_recipients            = true
      notify_deployer                    = true
      create_ticket_enabled              = false // set to true only if Jira integration is enabled
      build_failure_grace_period_in_days = 5     // use only if fail_build is enabled

      block_download {
        unscanned = true
        active    = true
      }
    }
  }
}

resource "xray_license_policy" "license1" {
  name        = "test-license-policy-allowed-${random_id.randid.dec}"
  description = "License policy, allow certain licenses"
  type        = "license"

  rule {
    name     = "License_rule"
    priority = 1

    criteria {
      allowed_licenses         = ["Apache-1.0", "Apache-2.0"]
      allow_unknown            = false
      multi_license_permissive = true
    }

    actions {
      webhooks = []
      mails    = ["[email protected]"]
      block_release_bundle_distribution  = false
      fail_build                         = true
      notify_watch_recipients            = true
      notify_deployer                    = true
      create_ticket_enabled              = false // set to true only if Jira integration is enabled
      custom_severity                    = "High"
      build_failure_grace_period_in_days = 5 // use only if fail_build is enabled

      block_download {
        unscanned = true
        active    = true
      }
    }
  }
}

resource "xray_license_policy" "license2" {
  name        = "test-license-policy-banned-${random_id.randid.dec}"
  description = "License policy, block certain licenses"
  type        = "license"

  rule {
    name     = "License_rule"
    priority = 1

    criteria {
      banned_licenses          = ["Apache-1.1", "APAFML"]
      allow_unknown            = false
      multi_license_permissive = false
    }

    actions {
      webhooks = []
      mails    = ["[email protected]"]
      block_release_bundle_distribution  = false
      fail_build                         = true
      notify_watch_recipients            = true
      notify_deployer                    = true
      create_ticket_enabled              = false // set to true only if Jira integration is enabled
      custom_severity                    = "Medium"
      build_failure_grace_period_in_days = 5 // use only if fail_build is enabled

      block_download {
        unscanned = true
        active    = true
      }
    }
  }
}

resource "xray_watch" "all-repos" {
  name        = "all-repos-watch-${random_id.randid.dec}"
  description = "Watch for all repositories, matching the filter"
  active      = true

  watch_resource {
    type = "all-repos"

    filter {
      type  = "regex"
      value = ".*"
    }
  }

  assigned_policy {
    name = xray_security_policy.security1.name
    type = "security"
  }

  assigned_policy {
    name = xray_license_policy.license1.name
    type = "license"
  }
  watch_recipients = ["[email protected]", "[email protected]"]
}

resource "xray_watch" "repository" {
  name        = "repository-watch-${random_id.randid.dec}"
  description = "Watch a single repo or a list of repositories"
  active      = true

  watch_resource {
    type       = "repository"
    bin_mgr_id = "default"
    name       = artifactory_local_docker_v2_repository.docker-local.key

    filter {
      type  = "regex"
      value = ".*"
    }
  }

  watch_resource {
    type       = "repository"
    bin_mgr_id = "default"
    name       = artifactory_local_gradle_repository.local-gradle-repo.key

    filter {
      type  = "package-type"
      value = "Docker"
    }
  }

  assigned_policy {
    name = xray_security_policy.security1.name
    type = "security"
  }

  assigned_policy {
    name = xray_license_policy.license1.name
    type = "license"
  }

  watch_recipients = ["[email protected]", "[email protected]"]
}

resource "xray_watch" "build" {
  name        = "build-watch-${random_id.randid.dec}"
  description = "Watch a single build or a list of builds"
  active      = true

  watch_resource {
    type       = "build"
    bin_mgr_id = "default"
    name       = "your-build-name"
  }

  watch_resource {
    type       = "build"
    bin_mgr_id = "default"
    name       = "your-other-build-name"
  }

  assigned_policy {
    name = xray_security_policy.security1.name
    type = "security"
  }
  assigned_policy {
    name = xray_license_policy.license1.name
    type = "license"
  }

  watch_recipients = ["[email protected]", "[email protected]"]
}

resource "xray_watch" "all-projects" {
  name        = "all-projects-watch-${random_id.randid.dec}"
  description = "Watch all the projects"
  active      = true

  watch_resource {
    type       	= "all-projects"
    bin_mgr_id  = "default"
  }

  assigned_policy {
    name = xray_security_policy.security1.name
    type = "security"
  }

  assigned_policy {
    name = xray_license_policy.license1.name
    type = "license"
  }

  watch_recipients = ["[email protected]", "[email protected]"]
}

resource "xray_watch" "project" {
  name        = "project-watch-${random_id.randid.dec}"
  description = "Watch selected projects"
  active      = true

  watch_resource {
    type       	= "project"
    name        = project.myproject.key
  }
  watch_resource {
    type       	= "project"
    name        = project.myproject1.key
  }

  assigned_policy {
    name = xray_security_policy.security1.name
    type = "security"
  }

  assigned_policy {
    name = xray_license_policy.license1.name
    type = "license"
  }

  watch_recipients = ["[email protected]", "[email protected]"]
}

License requirements:

This provider requires Xray to be added to your Artifactory installation. Xray requires minimum Pro Team license (Public Marketplace version or SaaS) or Pro X license (Self-hosted). See the details here You can determine which license you have by accessing the following Artifactory URL ${host}/artifactory/api/system/licenses/

Limitations of functionality

Currently, Xray provider is not supporting JSON objects in the Watch filter value. We are working on adding this functionality.

Versioning

In general, this project follows semver as closely as we can for tagging releases of the package. We've adopted the following versioning policy:

  • We increment the major version with any incompatible change to functionality, including changes to the exported Go API surface or behavior of the API.
  • We increment the minor version with any backwards-compatible changes to functionality.
  • We increment the patch version with any backwards-compatible bug fixes.

Contributors

See the contribution guide.

License

Copyright (c) 2021 JFrog.

Apache 2.0 licensed, see LICENSE file.

More Repositories

1

project-examples

Small projects in universal build ecosystems to configure CI and Artifactory
C#
974
star
2

jfrog-cli

JFrog CLI is a client that provides a simple interface that automates access to the JFrog products.
Go
532
star
3

artifactory-user-plugins

Sample Artifactory User Plugins
Groovy
356
star
4

artifactory-docker-examples

Examples for using Artifactory Docker distribution in various environments
Shell
330
star
5

artifactory-client-java

Artifactory REST Client Java API bindings
Java
318
star
6

frogbot

🐸 Scans your Git repository with JFrog Xray for security vulnerabilities. 🤖
Go
299
star
7

terraform-provider-artifactory

Terraform provider to manage JFrog Artifactory
Go
275
star
8

charts

JFrog official Helm Charts
Shell
255
star
9

setup-jfrog-cli

Set up JFrog CLI in your GitHub Actions workflow
TypeScript
245
star
10

jfrog-client-go

All go clients for JFrog products
Go
211
star
11

log4j-tools

Java
168
star
12

gocenter

The Github README for JFrog Go-center. Use this for reporting issues
164
star
13

jfrog-idea-plugin

JFrog IntelliJ IDEA plugin
Java
153
star
14

jfrog-vscode-extension

JFrog VS-Code Extension
TypeScript
151
star
15

terraform-provider-project

Terraform provider to manage JFrog Projects
Go
148
star
16

build-info

Artifactory's open integration layer for CI build servers
Java
146
star
17

artifactory-scripts

Scripts for Artifactory (Usually, for REST API), community driven.
Groovy
143
star
18

text4shell-tools

Python
104
star
19

jfrog-spring-tools

Python
80
star
20

JFrog-Cloud-Installers

Template to deploy Artifactory Enterprise cluster.
CSS
78
star
21

jfrog-docker-desktop-extension

🐸 Scans any of your local Docker images for security vulnerabilities. 🐋
TypeScript
74
star
22

nexus2artifactory

NexusToArtifactory - A tool designed to ease migration from Sonatype Nexus to JFrog Artifactory.
Python
67
star
23

nimbuspwn-tools

Shell
64
star
24

build-info-go

build-info-go is a Go library and a CLI, which allows generating build-info for a source code project.
Go
63
star
25

jfrog-npm-tools

Python
54
star
26

cocoapods-art

CocoaPods Plugin to work against Artifactory Repository
Ruby
53
star
27

jfrog-cli-plugins-reg

Go
52
star
28

kubenab

Kubernetes Admission Webhook to enforce pulling of Docker images from the private registry.
Go
46
star
29

froggit-go

Froggit-Go is a universal Go library, allowing to perform actions on VCS providers.
Go
45
star
30

jfrog-CVE-2023-25136-OpenSSH_Double-Free

Python
43
star
31

vault-plugin-secrets-artifactory

HashiCorp Vault Secrets Plugin for Artifactory
Go
42
star
32

teamcity-artifactory-plugin

TeamCity plugin that enables traceable build artifacts with Artifactory
Java
42
star
33

jfrog-azure-devops-extension

JavaScript
41
star
34

chartcenter

The Central Helm Repository for the Community
Dockerfile
41
star
35

bamboo-artifactory-plugin

Atlassian Bamboo plugin that enables traceable build artifacts with Artifactory
Java
40
star
36

jfrog-docker-repo-simple-example

Getting started with JFrog Docker Repos - Example
Dockerfile
39
star
37

jfrog-CVE-2022-21449

Python
38
star
38

cve-2024-3094-tools

Shell
37
star
39

artifactory-cli-go

Artifactory CLI written in Golang
Go
33
star
40

jfrog-cli-core

Go
32
star
41

gitlab-templates

Templates for CI/CD in GitLab using JFrog CLI
30
star
42

docker2artifactory

Python
29
star
43

mlflow-jfrog-plugin

Python
28
star
44

log-analytics-prometheus

JFrog Prometheus Log Analytics Integration
27
star
45

artifactory-docker-builder

Groovy
27
star
46

auto-mat

A docker container to generate heap dump reports and indexes for eclipse MAT
Java
26
star
47

kubexray

JFrog KubeXray scanner on Kubernetes
Go
25
star
48

artifactory-maven-plugin

A Maven plugin to resolve artifacts from Artifactory, deploy artifacts to Artifactory, capture and publish build info.
Java
23
star
49

jfrog-registry-operator

Enhancing AWS Security: JFrog's Seamless Integration and the Power of AssumeRole
Go
22
star
50

artifactory-gradle-plugin

JFrog Gradle plugin for Build Info extraction and Artifactory publishing.
Java
21
star
51

log-analytics

JFrog Log Analytics
Shell
19
star
52

polkit-tools

Shell
18
star
53

jfrog-cli-plugins

Go
17
star
54

gofrog

A collection of go utilities
Go
16
star
55

bower-art-resolver

JavaScript
15
star
56

jfrog-openssl-tools

Python
15
star
57

DevRel

Java
12
star
58

artifactory-sbt-plugin

The SBT Plugin for Artifactory resolve and pulish
Scala
12
star
59

artifactory-user-plugins-devenv

Development Environment for writting Artifactory User Plugins
Shell
12
star
60

aws-codestar

Artifactory-Code Star integration
Shell
12
star
61

gradle-dep-tree

Gradle plugin that reads the Gradle dependencies of a given Gradle project, and generates a dependency tree.
Java
12
star
62

SwampUp2022

Shell
12
star
63

jfrog-client-js

Xray Javascript Client
TypeScript
11
star
64

maven-anno-mojo

Write Maven plugins using annotations
Java
11
star
65

jfrog-ecosystem-integration-env

A Docker image containing all the tools JFrog CLI integrates with and supports.
Dockerfile
11
star
66

bamboo-jfrog-plugin

Easy integration between Bamboo and the JFrog Platform.
Java
10
star
67

xray-client-java

Xray Java Client
Java
9
star
68

artifactory-bosh-release

Bosh release of Artifactory for the PCF
HTML
9
star
69

msbuild-artifactory-plugin

Artifactory integration with MSBuild
C#
8
star
70

documentation

Go
8
star
71

log-analytics-splunk

JFrog Splunk Log Analytics Integration
JavaScript
8
star
72

docker-compose-demos

JFrog example demos using docker compose
Shell
8
star
73

jfrog-visual-studio-extension

C#
8
star
74

log-analytics-elastic

JFrog Elastic Fluentd Kibana Log Analytics Integration
8
star
75

jfrog-ui-essentials

JavaScript
8
star
76

jfrog-ide-webview

JFrog-IDE-Webview is a React-based HTML page designed to be seamlessly embedded within JFrog VS Code Extension and the JFrog IDEA Plugin.
TypeScript
8
star
77

go-mockhttp

Go
7
star
78

ide-plugins-common

Common code used by the JFrog Idea Plugin and the JFrog Eclipse plugin
Java
7
star
79

jfrog-pipelines-task

7
star
80

nuget-deps-tree

This npm package reads the NuGet dependencies of a .NET project, and generates a dependencies tree object.
TypeScript
7
star
81

log-analytics-datadog

JFrog Datadog Log Analytics Integration
Dockerfile
7
star
82

knife-art

Knife Artifactory integration
Ruby
7
star
83

jfrog-pipelines-go-task

Makefile
7
star
84

jfrog-mission-control-2.0

Jfrog Mission Control 2.0 example scripts
Groovy
7
star
85

jfrog-cli-plugin-template

Go
6
star
86

npm_domain_check

Python
6
star
87

go-license-discovery

A go library for matching text against known OSS licenses
Go
6
star
88

sample-soleng-python-project

Python
6
star
89

jfrog-distroless

Starlark
6
star
90

maven-dep-tree

Maven plugin that reads the Maven dependencies of a given Maven project, and generates a dependency tree.
Java
6
star
91

terraform-provider-pipeline

Terraform provider to manage Artifactory Pipelines
Go
6
star
92

docker-remote-util

A groovy util library to interact with docker remote api
Groovy
6
star
93

webapp-examples

Examples of Web Application that use Artifactory as a backend
CSS
6
star
94

jfrog-pipelines-jenkins-example

Go
5
star
95

jfrog-cli-security

Go module that encompasses the security commands of JFrog CLI
Go
5
star
96

fan4idea

Java
4
star
97

live-logs

Go
4
star
98

gocmd

Go
4
star
99

jfrog-pipelines-docker-sample

Shell
4
star
100

SwampUp2023

HCL
4
star